SlideShare a Scribd company logo

'Virtual Vendors' (Managing Fourth Party Risk)

Download as PPTX, PDF
Leland Beachy
Leland Beachy

A discussion of the changing dynamics and challenges of third-party risk management in a virtualized, cloud-driven solution space…

Business
1 of 22
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Virtual Vendors; Cloudy Compliance A discussion of the changing dynamics and challenges of third-party risk management in a virtualized, cloud-driven solution space… Lee Beachy SVP, Risk Management Team Bank of New Hampshire © 2014 L. Beachy5/30/2014 1
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 The man asks a troubling question. “Are we changing as fast as the world around us?” 5/30/2014 © 2014 L. Beachy 2
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 5/30/2014 © 2014 L. Beachy 3
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Regulatory Perspectives on TPR 5/30/2014 4  ‘Guidance’ vs regulation  Material ‘TPR’ in strategic plan  Awareness of ‘criticality’  Standards for TPR / contracts  Clear ‘onboarding’ by risk or compliance function  Scope of contractual provisions  Compliance across TP boundaries FDIC ‘Us Too!’  Explicit TP contract authority?  Deeper CMS assessments? (for complaints, BSA, KYC, etc.)  BSA focus on TP payment services  More focus on exit strategies?  Document, document, document!
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 5/30/2014 © 2014 L. Beachy 5
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Key Drivers  Virtualization = Abstraction  It works for you, and it also works for them.  The ‘cloud economy’  Drift / expansion in the solutions market  Broader maturity spectrums  From ‘newbies’ to ‘proven providers’  New Frontiers (for malicious actors)  (from perimeter to procurement) 5/30/2014 © 2014 L. Beachy 6
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Amalgamation can hide risk Contract (‘Your Solution’) Sales Admin Production Management Risk Audit Operations Daily QC 5/30/2014 © 2014 L. Beachy 7
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Risk (across organizational lines) Contract (‘Your Solution’) Production Operations 5/30/2014 © 2014 L. Beachy 8
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 What has changed? Solution Provider (Highly integrated) 5/30/2014 © 2014 L. Beachy 9 Provider IaaS Support We have been used to: We should be expecting: Example only: reality may present far more parties than three!
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Dancing with Elephants… 5/30/2014 © 2014 L. Beachy 10
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Two Approaches  A cascade model  An integration model 5/30/2014 © 2014 L. Beachy 11 Vendor Sub A Sub-Sub E Sub-Sub G Sub B Sub-Sub J •Prime
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 What else gets outsourced?  Audit?  Enterprise risk management?  Compliance?  Other management skill sets?  Supply chain knowledge  Business workflow analytics 5/30/2014 © 2014 L. Beachy 12
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Concentration in Supply Chains 5/30/2014 © 2014 L. Beachy 13 “This surprising cause and effect taught multinational organizations some hard lessons about supply chain sensitivity, and caused some to rethink their procurement interdependencies from risk perspective as well as a cost calculation.”
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Lessons? *  Visibility being able to track and monitor supply chain events and patterns as (or before) they happen. Catch supply chain issues before they develop into problems.  Flexibility being able to promptly adapt to problems without significantly increasing operational costs.  Collaboration being able to work effectively with supply chain partners (through symbiotic, trust-based relationships) in order to avoid disruptions and achieve common goals.  Control having clear policies, monitoring and control mechanisms to help ensure that proper procedures and processes are actually followed. 5/30/2014 © 2014 L. Beachy 14 * Kelly Marchese, Siva Paramasivam and Michael Held, Deloitte Consulting in Industry Week; Mar 9, 2012.
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 The Transparency Spectrum For the really essential stuff — make sure that it is an independent third-party who is producing the control review and compliance documents. Audit Make the proof of performance‡ a part of their deliverables! SLAs and service metrics belong on a providers side of the deal. Attestation Think carefully, realistically, and theoretically about the recursive third-party factors before you sign!! Agreement Language Take great notes during the sales or renewal cycle. If they said it or promised it then it needs to get into their contract! Assertion 5/30/2014 © 2014 L. Beachy 15 ‡ including trans-organizational performance!
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Understanding Roles 5/30/2014 © 2014 L. Beachy 16 What is essential to your success? What must you control and document? What KPIs do you have to have? OK. Now WHO exactly does this stuff?
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 The alternative?  It is funny — unless it happens to you!  Example: Who uses OpenSSL? 5/30/2014 © 2014 L. Beachy 17
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Questions & Assessments  Set the stage: “Cloud solutions are changing the structure of both technology and business relationships. This tool is designed to collect information regarding the total service solution that the bank is considering – including any strategic partnerships that are material to your service operations and the bank’s risk considerations. If your organization does not attest to and assume responsibility for these partnerships (for example, co-location services, IaaS vendors, or third- party security teams), the bank may seek to obtain due diligence documentation from them directly in order to fully evaluate the suitability of the proposed solution.” 5/30/2014 © 2014 L. Beachy 18
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Questions & Assessments  Ask for specifics: 5/30/2014 © 2014 L. Beachy 19
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Questions & Assessments  Drill into the details:  Describe your risk management program as it may apply to third-party organizations (supply-chain / procurement risks). Please address both initial assessments as well as on-going risk monitoring by your organization’s management team.  Do the representations and statements in this document address only your organization or are you also attesting to the operations and service obligations of the third-parties (above) with which you have contracted services?  Does the solution provided include functions involving consumer or account information that would support the detection of identity theft? If so, please include a summary of your ‘Red Flags’ identity theft program.  If the solution involves direct BNH customer interaction (such as ‘customer comments or feedback’), please describe the procedure and policy for handling same. How will these communications be passed along to BNH?  How does your organizational policy for data retention integrate to that of your customers? How is this implemented and communicated as a part of a customer implementation project? 5/30/2014 © 2014 L. Beachy 20
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Don’t Ignore In-House Risks  Managing operating function versus service provider management.  What risks increase? What ones decrease?  Keep critical functions from becoming assumed ‘utility’ functions!  Indirect management may decompose management decision-making. 5/30/2014 © 2014 L. Beachy 21
Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 5/30/2014 © 2014 L. Beachy 22 Lee Beachy SVP, Risk Management Group  Bank of New Hampshire beachy@banknh.com  www.linkedin.com/in/lelandbeachy  @_ljb_

Recommended

Ranger's Apprentice Case Study - Presentation
Ranger's Apprentice Case Study - PresentationRanger's Apprentice Case Study - Presentation
Ranger's Apprentice Case Study - Presentation
Fiona McLennan
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
Charles Steve
 
Finextra and AdviceRobo Survey June 2016_v4max
Finextra and AdviceRobo Survey June 2016_v4maxFinextra and AdviceRobo Survey June 2016_v4max
Finextra and AdviceRobo Survey June 2016_v4max
Jonathan Withers
 
Re-shaping Assurance
Re-shaping AssuranceRe-shaping Assurance
Re-shaping Assurance
Paul Wenman
 
Retail banks and big data
Retail banks and big dataRetail banks and big data
Retail banks and big data
The Economist Media Businesses
 
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...
Dana Gardner
 
Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?
Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?
Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?
Experian
 
How Can You Drive Opportunity If You Cannot Manage Risk?
How Can You Drive Opportunity If You Cannot Manage Risk?How Can You Drive Opportunity If You Cannot Manage Risk?
How Can You Drive Opportunity If You Cannot Manage Risk?
Lora Cecere
 

Recommended

Ranger's Apprentice Case Study - Presentation
Ranger's Apprentice Case Study - PresentationRanger's Apprentice Case Study - Presentation
Ranger's Apprentice Case Study - Presentation
Fiona McLennan
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
Charles Steve
 
Finextra and AdviceRobo Survey June 2016_v4max
Finextra and AdviceRobo Survey June 2016_v4maxFinextra and AdviceRobo Survey June 2016_v4max
Finextra and AdviceRobo Survey June 2016_v4max
Jonathan Withers
 
Re-shaping Assurance
Re-shaping AssuranceRe-shaping Assurance
Re-shaping Assurance
Paul Wenman
 
Retail banks and big data
Retail banks and big dataRetail banks and big data
Retail banks and big data
The Economist Media Businesses
 
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...
Financial Stability, a Critical Factor For Choosing a Business Partner, Is E...
Dana Gardner
 
Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?
Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?
Consumers, Regulators and You — Are You Meeting Your FCRA Responsibilities?
Experian
 
How Can You Drive Opportunity If You Cannot Manage Risk?
How Can You Drive Opportunity If You Cannot Manage Risk?How Can You Drive Opportunity If You Cannot Manage Risk?
How Can You Drive Opportunity If You Cannot Manage Risk?
Lora Cecere
 
Social Media & Financial Services
Social Media & Financial ServicesSocial Media & Financial Services
Social Media & Financial Services
Brandwatch
 
Αθανάσιος Ναυρόζογλου
Αθανάσιος ΝαυρόζογλουΑθανάσιος Ναυρόζογλου
Αθανάσιος Ναυρόζογλου
Starttech Ventures
 
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
Dr. Amarjeet Singh
 
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
Dana Gardner
 
Why true digital transformation must take place across the entire banking ent...
Why true digital transformation must take place across the entire banking ent...Why true digital transformation must take place across the entire banking ent...
Why true digital transformation must take place across the entire banking ent...
Epsilon Marketing
 
Introduction to service marketing
Introduction to service marketingIntroduction to service marketing
Introduction to service marketing
Rolling Plans Pvt. Ltd.
 
Omnichannel Engagement
Omnichannel EngagementOmnichannel Engagement
Omnichannel Engagement
Bankingdotcom
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
Frederic Girardeau-Montaut
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues
PwC
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay Fraud
FraudBusters
 
Insurance producers and agent enablement
Insurance producers and agent enablementInsurance producers and agent enablement
Insurance producers and agent enablement
edynamic
 
Effective Assessment of Vendors Risk Management
Effective Assessment of Vendors Risk Management Effective Assessment of Vendors Risk Management
Effective Assessment of Vendors Risk Management
Amit Bhargava
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance Recommendations
Meg Weber
 
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
Steven Callahan
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third Parties
Dun & Bradstreet
 
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
NAFCU Services Corporation
 
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t MeasureIPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC - Institute for Political and Sociological Consulting
 
Advertising's Transparency Crisis
Advertising's Transparency CrisisAdvertising's Transparency Crisis
Advertising's Transparency Crisis
Digiday
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.
Saurabh Giratkar
 
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
Brent Siegel
 
The Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac SignThe Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac Sign
my Pandit
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 

More Related Content

Similar to 'Virtual Vendors' (Managing Fourth Party Risk)

Social Media & Financial Services
Social Media & Financial ServicesSocial Media & Financial Services
Social Media & Financial Services
Brandwatch
 
Αθανάσιος Ναυρόζογλου
Αθανάσιος ΝαυρόζογλουΑθανάσιος Ναυρόζογλου
Αθανάσιος Ναυρόζογλου
Starttech Ventures
 
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
Dr. Amarjeet Singh
 
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
Dana Gardner
 
Why true digital transformation must take place across the entire banking ent...
Why true digital transformation must take place across the entire banking ent...Why true digital transformation must take place across the entire banking ent...
Why true digital transformation must take place across the entire banking ent...
Epsilon Marketing
 
Introduction to service marketing
Introduction to service marketingIntroduction to service marketing
Introduction to service marketing
Rolling Plans Pvt. Ltd.
 
Omnichannel Engagement
Omnichannel EngagementOmnichannel Engagement
Omnichannel Engagement
Bankingdotcom
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
Frederic Girardeau-Montaut
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues
PwC
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay Fraud
FraudBusters
 
Insurance producers and agent enablement
Insurance producers and agent enablementInsurance producers and agent enablement
Insurance producers and agent enablement
edynamic
 
Effective Assessment of Vendors Risk Management
Effective Assessment of Vendors Risk Management Effective Assessment of Vendors Risk Management
Effective Assessment of Vendors Risk Management
Amit Bhargava
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance Recommendations
Meg Weber
 
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
Steven Callahan
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third Parties
Dun & Bradstreet
 
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
NAFCU Services Corporation
 
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t MeasureIPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC - Institute for Political and Sociological Consulting
 
Advertising's Transparency Crisis
Advertising's Transparency CrisisAdvertising's Transparency Crisis
Advertising's Transparency Crisis
Digiday
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.
Saurabh Giratkar
 
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
Brent Siegel
 

Similar to 'Virtual Vendors' (Managing Fourth Party Risk) (20)

Social Media & Financial Services
Social Media & Financial ServicesSocial Media & Financial Services
Social Media & Financial Services
 
Αθανάσιος Ναυρόζογλου
Αθανάσιος ΝαυρόζογλουΑθανάσιος Ναυρόζογλου
Αθανάσιος Ναυρόζογλου
 
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
An Analysis of Factors Influencing Customer Creditworthiness in the Banking S...
 
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
How Financial Firms Blaze a Trail To New, More Predictive Operational Resilie...
 
Why true digital transformation must take place across the entire banking ent...
Why true digital transformation must take place across the entire banking ent...Why true digital transformation must take place across the entire banking ent...
Why true digital transformation must take place across the entire banking ent...
 
Introduction to service marketing
Introduction to service marketingIntroduction to service marketing
Introduction to service marketing
 
Omnichannel Engagement
Omnichannel EngagementOmnichannel Engagement
Omnichannel Engagement
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
MRM: PwC Top Issues
MRM: PwC Top Issues MRM: PwC Top Issues
MRM: PwC Top Issues
 
Using Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay FraudUsing Data Analytics to Find and Deter Procure to Pay Fraud
Using Data Analytics to Find and Deter Procure to Pay Fraud
 
Insurance producers and agent enablement
Insurance producers and agent enablementInsurance producers and agent enablement
Insurance producers and agent enablement
 
Effective Assessment of Vendors Risk Management
Effective Assessment of Vendors Risk Management Effective Assessment of Vendors Risk Management
Effective Assessment of Vendors Risk Management
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance Recommendations
 
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
20140408 LOMA Life Insurance Conference: STP More Than Just A Tweak To Your O...
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third Parties
 
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
Quantivate Vendor Management Solution Improves Efficiency and Reduces Risk (C...
 
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t MeasureIPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
IPSC at PR Summit: Research Challenge. You Can’t Manage What you Don’t Measure
 
Advertising's Transparency Crisis
Advertising's Transparency CrisisAdvertising's Transparency Crisis
Advertising's Transparency Crisis
 
To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.To Understand the Eco-System in Digital Media Marketing.
To Understand the Eco-System in Digital Media Marketing.
 
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
2015 EastPay Info Exchange - Best Supporting Actor is Vendor Management
 

Recently uploaded

The Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac SignThe Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac Sign
my Pandit
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
timesbpobusiness
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
sssourabhsharma
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
MJ Global
 
Call8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessingCall8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessing
➑➌➋➑➒➎➑➑➊➍
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
Lacey Max
 
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
APCO
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
Alexandra Fulford
 
DearbornMusic-KatherineJasperFullSailUni
DearbornMusic-KatherineJasperFullSailUniDearbornMusic-KatherineJasperFullSailUni
DearbornMusic-KatherineJasperFullSailUni
katiejasper96
 
Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...
Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...
Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 

Recently uploaded (20)

The Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac SignThe Steadfast and Reliable Bull: Taurus Zodiac Sign
The Steadfast and Reliable Bull: Taurus Zodiac Sign
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
 
How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
 
Call8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessingCall8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessing
 
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
 
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
 
DearbornMusic-KatherineJasperFullSailUni
DearbornMusic-KatherineJasperFullSailUniDearbornMusic-KatherineJasperFullSailUni
DearbornMusic-KatherineJasperFullSailUni
 
Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...
Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...
Dpboss Matka Guessing Satta Matta Matka Kalyan panel Chart Indian Matka Dpbos...
 

'Virtual Vendors' (Managing Fourth Party Risk)

  • 1. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Virtual Vendors; Cloudy Compliance A discussion of the changing dynamics and challenges of third-party risk management in a virtualized, cloud-driven solution space… Lee Beachy SVP, Risk Management Team Bank of New Hampshire © 2014 L. Beachy5/30/2014 1
  • 2. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 The man asks a troubling question. “Are we changing as fast as the world around us?” 5/30/2014 © 2014 L. Beachy 2
  • 3. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 5/30/2014 © 2014 L. Beachy 3
  • 4. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Regulatory Perspectives on TPR 5/30/2014 4  ‘Guidance’ vs regulation  Material ‘TPR’ in strategic plan  Awareness of ‘criticality’  Standards for TPR / contracts  Clear ‘onboarding’ by risk or compliance function  Scope of contractual provisions  Compliance across TP boundaries FDIC ‘Us Too!’  Explicit TP contract authority?  Deeper CMS assessments? (for complaints, BSA, KYC, etc.)  BSA focus on TP payment services  More focus on exit strategies?  Document, document, document!
  • 5. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 5/30/2014 © 2014 L. Beachy 5
  • 6. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Key Drivers  Virtualization = Abstraction  It works for you, and it also works for them.  The ‘cloud economy’  Drift / expansion in the solutions market  Broader maturity spectrums  From ‘newbies’ to ‘proven providers’  New Frontiers (for malicious actors)  (from perimeter to procurement) 5/30/2014 © 2014 L. Beachy 6
  • 7. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Amalgamation can hide risk Contract (‘Your Solution’) Sales Admin Production Management Risk Audit Operations Daily QC 5/30/2014 © 2014 L. Beachy 7
  • 8. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Risk (across organizational lines) Contract (‘Your Solution’) Production Operations 5/30/2014 © 2014 L. Beachy 8
  • 9. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 What has changed? Solution Provider (Highly integrated) 5/30/2014 © 2014 L. Beachy 9 Provider IaaS Support We have been used to: We should be expecting: Example only: reality may present far more parties than three!
  • 10. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Dancing with Elephants… 5/30/2014 © 2014 L. Beachy 10
  • 11. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Two Approaches  A cascade model  An integration model 5/30/2014 © 2014 L. Beachy 11 Vendor Sub A Sub-Sub E Sub-Sub G Sub B Sub-Sub J •Prime
  • 12. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 What else gets outsourced?  Audit?  Enterprise risk management?  Compliance?  Other management skill sets?  Supply chain knowledge  Business workflow analytics 5/30/2014 © 2014 L. Beachy 12
  • 13. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Concentration in Supply Chains 5/30/2014 © 2014 L. Beachy 13 “This surprising cause and effect taught multinational organizations some hard lessons about supply chain sensitivity, and caused some to rethink their procurement interdependencies from risk perspective as well as a cost calculation.”
  • 14. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Lessons? *  Visibility being able to track and monitor supply chain events and patterns as (or before) they happen. Catch supply chain issues before they develop into problems.  Flexibility being able to promptly adapt to problems without significantly increasing operational costs.  Collaboration being able to work effectively with supply chain partners (through symbiotic, trust-based relationships) in order to avoid disruptions and achieve common goals.  Control having clear policies, monitoring and control mechanisms to help ensure that proper procedures and processes are actually followed. 5/30/2014 © 2014 L. Beachy 14 * Kelly Marchese, Siva Paramasivam and Michael Held, Deloitte Consulting in Industry Week; Mar 9, 2012.
  • 15. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 The Transparency Spectrum For the really essential stuff — make sure that it is an independent third-party who is producing the control review and compliance documents. Audit Make the proof of performance‡ a part of their deliverables! SLAs and service metrics belong on a providers side of the deal. Attestation Think carefully, realistically, and theoretically about the recursive third-party factors before you sign!! Agreement Language Take great notes during the sales or renewal cycle. If they said it or promised it then it needs to get into their contract! Assertion 5/30/2014 © 2014 L. Beachy 15 ‡ including trans-organizational performance!
  • 16. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Understanding Roles 5/30/2014 © 2014 L. Beachy 16 What is essential to your success? What must you control and document? What KPIs do you have to have? OK. Now WHO exactly does this stuff?
  • 17. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 The alternative?  It is funny — unless it happens to you!  Example: Who uses OpenSSL? 5/30/2014 © 2014 L. Beachy 17
  • 18. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Questions & Assessments  Set the stage: “Cloud solutions are changing the structure of both technology and business relationships. This tool is designed to collect information regarding the total service solution that the bank is considering – including any strategic partnerships that are material to your service operations and the bank’s risk considerations. If your organization does not attest to and assume responsibility for these partnerships (for example, co-location services, IaaS vendors, or third- party security teams), the bank may seek to obtain due diligence documentation from them directly in order to fully evaluate the suitability of the proposed solution.” 5/30/2014 © 2014 L. Beachy 18
  • 19. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Questions & Assessments  Ask for specifics: 5/30/2014 © 2014 L. Beachy 19
  • 20. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Questions & Assessments  Drill into the details:  Describe your risk management program as it may apply to third-party organizations (supply-chain / procurement risks). Please address both initial assessments as well as on-going risk monitoring by your organization’s management team.  Do the representations and statements in this document address only your organization or are you also attesting to the operations and service obligations of the third-parties (above) with which you have contracted services?  Does the solution provided include functions involving consumer or account information that would support the detection of identity theft? If so, please include a summary of your ‘Red Flags’ identity theft program.  If the solution involves direct BNH customer interaction (such as ‘customer comments or feedback’), please describe the procedure and policy for handling same. How will these communications be passed along to BNH?  How does your organizational policy for data retention integrate to that of your customers? How is this implemented and communicated as a part of a customer implementation project? 5/30/2014 © 2014 L. Beachy 20
  • 21. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 Don’t Ignore In-House Risks  Managing operating function versus service provider management.  What risks increase? What ones decrease?  Keep critical functions from becoming assumed ‘utility’ functions!  Indirect management may decompose management decision-making. 5/30/2014 © 2014 L. Beachy 21
  • 22. Third Party Risk Management for Banks  New York City, NY  May 13-14, 2014 5/30/2014 © 2014 L. Beachy 22 Lee Beachy SVP, Risk Management Group  Bank of New Hampshire beachy@banknh.com  www.linkedin.com/in/lelandbeachy  @_ljb_