It is critical for financial institutions to understand regulators’ requirements for assessing and managing third-party risk from suppliers, says Cyndi Joiner, a Managing Director with Alvarez & Marsal in Atlanta, in a LinkedIn post. Banks are headed in the right direction, but few have achieved the regulators’ ideal of having a “single source of truth.”
With multiple systems for supplier spending, contracts and performance data —most of which do not share information, Joiner said it is easy to see how compliance is elusive.
“To be clear, it’s not enough for a bank to merely perform the required monitoring; they also need to provide evidence of what they have done and that they have a continuous management and monitoring process operating,” Joiner said. It is essential to create processes that manage and report on all risk, throughout the third-party relationship, including:
- Critical activities
- Key risks
- The alert system for possible exposure
- The mitigation plan for closing that exposure