Customer Logins

Obtain the data you need to make the most informed decisions by accessing our extensive portfolio of information, analytics, and expertise. Sign in to the product or service center of your choice.

Customer Logins

Key Themes from CeFPro 3rd Party Risk Conference, London

09 July 2019

The fourth annual CeFPro Vendor & Third Party Risk (Europe) conference was held in London in mid-June. Over 150 attendees were present, representing a wide range of financial institutions and industry exhibitors, including IHS Markit, featuring our KY3P® solution. Below are some of the key themes from the event:

  • The growth in outsourcing, and an increasingly robust regulatory environment across Europe are both significant drivers towards a growing focus on stronger third party risk management (TPRM). The European Banking Authority's recent Guidelines on Outsourcing which apply from 30 September 2019, require sound governance of third party risk. TPRM is also a key component of Operational Resilience.

  • With thousands of vendors in many cases, firms must be selective, focussing their efforts proportionately. Vital here is the proper assessment of inherent risk, as well as due diligence and monitoring. In scoping their activity, firms should look beyond vendors and include other third parties such as exchanges, clearing houses, alliances and charities.

  • Cyber breaches are ever growing and firms are focussing significant resources on monitoring and due diligence, looking at both third and fourth parties. In a presentation, one cyber ratings provider described the deeply interwoven dependencies across third, fourth and fifth parties as a forest with a shared root system.

  • Growing dependencies, and concentration risk in particular were major topics at the conference, with speakers and delegates underlining the importance of effective information gathering, necessary contractual provisions and contingency planning. The EBA Guidelines focus on this area, defining what is expected of firms, including maintaining a register of their outsourcing arrangements. This will enable the regulators to monitor concentration risk in the region.

  • In response to the TPRM due diligence challenge, firms have turned to technology and to communities of peers collaborating in their common interest, creating due diligence tools and standards including questionnaires and shared assessments.

  • On the topic of questionnaires (both internal and external), the conference heard separately from two speakers recommending that these are developed with great care, to avoid the danger of poor quality answers. These can be caused by misunderstanding the level of audience expertise, or by fatigue or confusion stemming from jargon-loaded, ambiguous or poorly structured questions.

  • Several conversations highlighted the importance of working closely with vendors, establishing that they have appropriately strong and aligned business continuity arrangements. Specifically referring to Fintech companies, several participants emphasised the mutual value in close collaboration and offering support and mentoring. Unlike a large financial institution, a small Fintech start-up may well lack in-house expertise to enable them to demonstrate the necessary strong risk management practices.

Posted 10 July 2019 by Will Kendal, Product Manager - KY3P®, IHS Markit

KY3P® is the first centralized data hub that simplifies and standardizes third-party risk management processes. Third-party relationships are under growing scrutiny by global regulators, including the European Banking Authority (EBA), US Office of the Comptroller of the Currency (OCC), FINRA, the UK Financial Conduct Authority, and the Monetary Authority of Singapore. As firms increase reliance on third parties to deliver business-critical processes and services, oversight complexity also increases. The lack of standardization around collecting due diligence data can lead to duplicate efforts, creating inefficient processes that might result in delays in response times, revenue recognition, increased costs and overall inconsistency of information. KY3P®, developed in partnership with global banks, asset managers, and Big 4 consulting firms, is designed to help you simplify third-party risk management processes. By standardizing due diligence questionnaires and storing third-party information centrally, the service minimizes efforts around information requests and responses.

IHS Markit provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.

Follow Financial Services


Follow Us

Filter Sort