Obtain the data you need to make the most informed decisions by accessing our extensive portfolio of information, analytics, and expertise. Sign in to the product or service center of your choice.
The Coronavirus (COVID-19) outbreak continues to develop, with
impacts felt globally, affecting daily life and the financial
markets.
Firms of all sizes and sectors have been taking urgent steps to
prepare and respond, with business continuity and incident
management teams heavily engaged. Their work includes a large
amount of information sharing, refreshing business continuity plans
and refamiliarizing staff. Plans are being tested or invoked,
including "work from home" arrangements.
Business Continuity: Assessing Resilience of Third
Parties
Banks, other types of financial services firms and, indeed, most
major non-financial companies have significant networks of third
parties, which include vendors, outsourcing partners, and others.
In the financial industry, some of these relationships represent
critical dependencies for regulated functions.
In "business as usual" times, procurement and third party risk
management teams carry out due diligence and ongoing monitoring on
these third parties across a range of risk domains, including
information security, and business continuity.
With events such as COVID-19, firms move swiftly to review the
vendor population and determine which are critical, operate in
affected regions or are likely to be impacted. Those vendors
representing the most material operational risk are targets for
outreach. This outreach is usually supported by a
questionnaire enabling the vendor firm to share
details of whether and how they are affected, and the steps they
have taken to prepare, mitigate and manage their response.
COVID-19: A Coordinated, Cross-Industry
Response
In previous events which challenged business continuity, such as
Superstorm Sandy, SARS, and Hurricane Katrina, financial services
firms conducted their vendor outreach independent of one another.
Vendors were deluged with due diligence requests. In part because
each company was asking for different information, the quality of
vendor response was uneven and the outreach process inefficient and
subject to delays.
Fortunately, things are different in the case of COVID-19,
thanks to the Significant Event Notification and Tracking
(SENT) system. The SENT Committee comprised of global and
regional financial services organizations, decided on March 10 to
issue a new event with an agreed set of standard questions to help
coordinate a cross-industry response.
This SENT event went live on March 11th and is being used to
carry out COVID-19 due diligence across hundreds of vendors.
In contrast to the decentralized approach to assessing vendor
resilience in the past, all communications are secure and audited
on the platform and vendors can share their questionnaire answers
efficiently with any number of customers requesting the
information, including attaching any corporate statement they have
on the subject.
SENT is part of the KY3P® (Know Your Third
Party) third party risk management solution from IHS
Markit.
KY3P customers can also efficiently monitor and receive alerts
for a range of third party operational health and news sources
about their vendors, including negative news, financial stability,
sanctions and screening, and cyber health.
Specific Areas of Focus for COVID-19
Multiple factors were considered by the SENT Committee in
developing the standardized questionnaire. These included:
Economic Shock: The pressure of cancelled
contracts or high levels of unfinished goods and exposure to high
risk countries may present a financial stability risk which
requires careful monitoring.
Access to Critical Services: Vendors may face
impacts due to restricted movement or higher than normal absence
levels. Key person risk may be a factor, should employees with
specialist expertise become unavailable. Previously shared SLAs may
no longer be achievable based on the circumstances of locations
where the service is supplied. Fourth parties (suppliers to your
suppliers) may be a factor and should be identified and
considered.
Access to Critical Goods: Limited availability
of parts for critical infrastructure could be a factor. For
Financial Services firms, examples of relevant critical goods could
include replacement parts for IT infrastructure. Firms will
typically be confirming their internal and vendor stock levels and
will continue to monitor the situation through the rest of the
year.
Risks & Controls: Moving operations to
alternative locations carries risks. One example is working from
home, which could carry information security risks which need
careful management. Compensating controls may need to be
re-examined. Any location-specific dependencies such as clean rooms
must be understood and continuity plans for these functions
examined.
Centralizing the assessment of vendor resilience during periods
of disruption and heightened risk represents a major operational
advance for the financial industry. It also enables vendors to
provide higher quality responses to questionnaires and more
fruitfully engage with financial institutions on BCP issues.
Beyond vendor assessments, monitoring and
analyzing news and economic developments also plays a vital part in
business continuity. This includes sourcing reliable data relating
to the outbreak and its economic, political and logistical impacts
across the world. It is also important to monitor vendors' current
financial stability and company-related news.
IHS Markit's Economics and Country Risk (ECR) team, comprised of
80 full time country risk analysts and 110 economists, provides
quantifiable forecasts and analysis on emerging political,
economic, operational, and security risks in 211 countries around
the world. With global risk monitoring and coverage, ECR is helping
clients to quantify and assess the current impacts of COVID-19 to
their operations, to forecast how their risk profiles may change in
the coming months, and to develop more resilient and profitable
strategies for the future.
Posted 12 March 2020 by Will Kendal, Director - Product Management for KY3P, IHS Markit
IHS Markit provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.
