Published by Gbaf News
Posted on February 19, 2016
The survey report provides exclusive insights into how financial institutions are managing “vendor” and “nonvendor” third-party risks
The 2015 Risk Management Association (RMA) Third-Party/ Vendor Risk Management Survey, sponsored by MetricStream, provides exclusive insights into the third-party risk management programs of leading financial services organizations of various asset sizes across the U.S., Canada, and Europe. The survey, featuring the perspectives of 80 financial services institutions, provides detailed information on the current challenges and best practices in third-party risk management. All the participating institutions are regulated by one or more of the following regulators – OCC, FRB, FDIC, State, FINRA, and OSFI (Canada).
The survey is an update to, and extension of, the 2014 Third-Party/ Vendor Risk Management Survey conducted by the RMA in association with MetricStream, and is designed to track the progress and evolution of third-party risk management practices at financial services companies.
The following areas and topics are addressed in the 2015 survey report: third-party risk management program scope, design, and maturity; key stakeholder roles and responsibilities; technology and workload management; regulatory criticism; and insights and advice. The survey also differentiates between “vendor” and “nonvendor” third parties. This distinction is important due to differences in how institutions identify in-scope relationships, and manage risks across various types of third parties.
“Going into 2016, the message from regulators is loud and clear―activities can be outsourced to third parties, but responsibility cannot,” said Edward J. DeMarco Jr., RMA General Counsel and Director of Operational Risk. “The impetus is therefore on financial institutions to ensure that they have the right people, processes, and technology in place to protect stakeholders against a growing range of potentially harmful vendor and nonvendor risks such as fraud, data breaches, and corruption.”
Some key findings from the 2015 RMA survey include:
Commenting on the survey results, Susan Palm, Senior Vice President of Industry Solutions at MetricStream said, “The findings from this survey validate what many of our customers in the financial industry are telling us―that as their third-party networks grow larger, more global, and more complex, the associated risks can simply not be managed as a siloed or one-time activity. Rather, organizations are building an integrated and streamlined risk management program spanning all the three lines of defense. Timely risk visibility is key―and to that end, technology plays an important role in delivering real-time risk data, actionable reports, and advanced analytics that are needed by business leaders in financial institutions to successfully anticipate and manage third-party risks.”
Highlights of the RMA survey will be featured in an upcoming edition of The RMA Journal which will be published in April 2016.
Explore more articles in the Business category
