KY3P® - How are vendor relationship managers staying on top of third-party risk
Learn how the Regional Banks focus on several different avenues to continuously monitor their vendor relationships through the entire lifecycle.
How are vendor relationship managers staying on top of risks associated with their third-party engagement across the lifecycle of the relationship?
Brendan Murphy - Risk & Compliance Manager | US Bank - Within our policy at US Bank, we have it baked into the process that our relationship managers are going through annual risk assessments to stay on top of those risks, as well as conducting quarterly and semiannual ongoing management meetings with our third parties. We also have a team dedicated to continuous monitoring where they're monitoring significant events that may impact our products and services.
Kathryn Hardman - Director of Third-Party Management Office | BBVA - So the way that our vendor relationships owners are staying on top of the risk from their different engagements with vendors, has been through our ongoing monitoring. So, we have that currently right now in two different avenues. One is through monitoring performance SLAs, and then the other is the different cadences that are set by the different risk domain owners for them to review based on tearing and criticality.
Robert Koszkalda - Director of Third-Party Risk Management & Senior Vice President | Key Bank - Third Party engagement managers have to manage a third-party relationship from before contract is executed through the entire lifecycle of that contract and at termination and even after termination. Sometimes a third party will have a bank status even after the contract is terminated. And we want to make sure that that data is destroyed appropriately. And so, the engagement managers have to go from stem to stern from the beginning of that process till that data is destroyed.
Matt McKillop - Head of Third-Party Risk Management | Citizens Bank - I think one of the things that we're doing within my bank is really focusing on providing business intelligence back to the vendor manager, the vendor risk manager to understand the 15 different dimensions of risk that we're looking at in their service and understand where we need them focused on a regular basis. Some services may have information security risk greater than other services where AML or anti-bribery may be a greater risk. So, getting that view a holistic view to the vendor manager - understanding where we want them focused is a big key of what we're trying to do in third party risk.
Get in touch to learn more: KY3P@ihsmarkit.comor visit our KY3P homepage.