KY3P® - Getting behind a standard approach to third-party risk management
Regional Banks discuss how entity uniqueness can be challenging in the world of third-party risk management, but there are foundational concepts that can be applied to create a single practice.
Why has it been so hard for the industry to get behind a standard approach to third-party risk management?
Brendan Murphy - Risk & Compliance Manager | US Bank - So I think it's been difficult for the industry to get behind a standard approach for third party risk management for several reasons. We have unique footprints, unique products and services. We're not all dealing with the same regulatory bodies. But with that said, third party risk management does have foundational concepts that can apply to each of our businesses. And so, with products such as the KY3P platform, we're really hoping to, to leverage that to be able to achieve some efficiencies.
Kathryn Hardman - Director of Third-Party Management Office | BBVA - I think the reason the industry has had a hard time getting behind the single approach or standardized approach to third party risk management has to do with the evolution and maturity. I think that the regulatory guidance that's provided is not very scripted. And so, each institution has come up with their interpretation of the different risk domains and how to do the assessments. And low and behold, as it's matured, have realized that it's the same type of questions or assessments that are being done. And that we're really not all that different.
Robert Koszkalda - Director of Third-Party Risk Management & Senior Vice President | Key Bank - It's been hard for the industry to get behind the standard approach for third party risk management, even though they've been trying it for a long time, is because each bank has to own their own risk. They have their own risk appetite, their own risk tolerance, their own risk process and procedures. And just because they have to own their own risk doesn't mean that they have to do all the mechanics to own that risk. And so, I think a lot of times banks get confused between owning the risk and doing the activity to assess the risk.
Matt McKillop - Head of Third-Party Risk Management | Citizens Bank - So I think the biggest reasons why it's been so hard for the industry to get to a standard practice and third-party risk has been a lot of reaction at each individual bank with each individual bank’s risk appetite. How do we staff and fund and build a program around this? And the focus has been primarily internal to each institution to manage its risk. Now there's a good understanding of, hey, we're not doing anything secret or separate from anybody else. Why don't we get together and build a common practice together and share in that practice together, rather than trying to keep doing our own way, our own model. And I think we're at that place now.
Get in touch to learn more KY3P@ihsmarkit.com or visit KY3P homepage.