Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

THIRD PARTY RISK MANAGEMENT TOWARDS A PRAGMATIC APPROACH

SIMON LLOYD HORTON, Head Of Third Party Risk Management , Strategy & Frame work , HSBC

Simon, can you please tell the Center for Financial Professionals’ readers about yourself and your professional background?

Simon Lloyd Horton
Simon Lloyd Horton

I joined Operational Risk in HSBC as Head of Third Party Risk Management, Strategy and Frameworks in June 2015.  Previously I was based in Singapore as the Head of Supplier Risk, Policy and Governance responsible for delivering strategic direction and leadership for Supplier Risk for the Barclays Group and designing and operating the associated control framework.  In the 15 years prior to joining Barclays I held a number of regional leadership roles in Citigroup in corporate services operations and private banking based in the UK, Switzerland, South Africa and Singapore.

Prior to moving into financial services, I was a commissioned officer in the UK Royal Navy undertaking front line operations roles at sea as a warfare officer specialising in gunnery and airborne weapons systems and project work at the UK Ministry of Defence.  I have a degree in medieval and modern history from King’s College, University of London, and investment management and administration qualifications.

We are looking forward to you presenting at the Vendor & Third Party Risk Europe Summit where you will be discussing a pragmatic approach towards intragroup entities. What are the considerations institutions should look into when deciding to outsource via a third party or an intra-group entity?

Institutions should consider the specific underlying risks of the service.  The service, and the manner in which it will be delivered, varies from engagement to engagement.  If a ‘one size fits all’ approach is taken the result can be unidentified risk exposures and inefficiency.  Conversely there will be opportunities to realise efficiencies if risk management activities are tailored.

Without giving too much away, what are the key differences in managing intra-group entities/ affiliates in comparison to other third parties?

Although regulators clearly expect the risks posed by services delivered both by third parties outside the group and those provided by entities within the group to be identified and managed, institutions should consider whether exactly the same risk management processes and treatment are required.  This remains a developing area for the industry and one that would benefit from consideration by practitioners.

You will also be joining a panel discussion at the Summit where you will be effectively categorising vendors and third parties to understand the level of risk and monitoring requirements. How does outsourcing fit the 3LoD model that is currently in vogue?

The Three Lines of Defence concept is useful for defining risk management activities clearly and identifying who is responsible for performing them.  However, transferring the performance of a process to a service provider does not transfer accountability and the Three Lines of Defence model should be applied to the activity / process end-to-end and not focus simply on who is performing each element.

How do you see the role of the third party risk professional changing over the next 6-12 months?

I don’t think that it will change fundamentally over this time frame.  Risk management is an endurance sport and not a sprint!  Longer term, I see the business placing greater emphasis on third party risk management and consequently risk professionals must develop the capabilities to engage, inform and influence management successfully.