KY3P® - Discover where organizations are in their third party risk management maturity
Where is your organization in terms of maturity with regards to oversite and due diligence across the lifecycle?
Brendan Murphy - Risk & Compliance Manager | US Bank - Our organization in terms of maturity with regard to the lifecycle is fairly strong. We're over five years into our program now. We've received solid regulatory reviews from our regulators and we're dealing with relatively few issues from our internal auditors, as well as our regulators. We've promoted a strong culture within our business lines where they proactively self-identify issues and concerns and come to us with those. And we've also were using better technology and becoming overall more efficient, doing more with less, which I think is a good hallmark of maturity.
Kathryn Hardman - Director of Third-Party Management Office | BBVA - Our organization is fairly mature. We've been doing this now for three or four years, I think. We have an established program. It's been adapted. I think it's now very much more about efficiency cycle times, improving that and then taking our risk assessments to the next level.
Robert Koszkalda - Director of Third-Party Risk Management & Senior Vice President | Key Bank - We get involved at the very beginning before a contract is signed, we understand the risks. We understand the controls for those risks. We manage it from the contract, actually, before the contract is signed through termination process. I think what maturity means is that we know the risk of our third parties. We know when the third party gives us more risk, and maybe we can accept and then we have to make conscious decisions on what to do with that. We know the activities the third parties do. We escalate when there's a third party that is outside of our risk appetite. And more importantly, I think be really mature, we want to focus on the risk versus the mechanics of assessing the risk.
Matt McKillop - Head of Third-Party Risk Management | Citizens Bank - We're constantly challenging how we're doing, how we're running the program, how we're executing the program. Getting involved in a product, like KY3P brings a new dimension to how we manage our program. So I think we're continuing to look at whether it's rebuild some of our internal process, partner with KY3P or other providers, in terms of how we're executing, to continually challenge "are we doing the right thing the right way, the most effective way", to really get to the right answer.
Get in touch to learn more: KY3P@ihsmarkit.com or visit our KY3P homepage.