How to Become a Trusted Partner of a Bank, Part 2: A Proactive Approach by Third Parties to Risk Management
The risk of doing business with a third party is real; the consequences of a risk event are not only disruptive, but often result in long-term reputational damage that can seriously affect the bottom lines of both the bank and the third party. Suppliers that can make third party risk management (TPRM) easier for banks by being proactive, transparent, and helpful will distinguish themselves in an ever-more competitive environment.
NEW YORK -- Celent has released a new report titled How to Become a Trusted Partner of a Bank. The report was written by Joan McGowan, a Senior Analyst in Celent's Banking practice.
It is no longer sufficient for a third party to rely on its reputation. To become a trusted partner of a bank, third parties must demonstrate that they are compliant with the bank’s TPRM throughout the RFP, due diligence, onboarding processes, and lifecycle of the engagement. When a risk event does occur, third parties must be willing to share responsibility.
With finite resources and budget, banks will focus time and effort on third parties that carry the greatest inherent risk to the bank. Providing the bank with a clear picture of those risks will also aid the bank in plugging any gaps in its risk practices.
The RFP process is important in providing insight into how well a third party will perform in light of a risk event. A good RFP will clearly communicate risk control requirements so that the third party can respond in a way that shows alignment with the bank’s risk rankings and control procedures.
Negotiating a contract can be contentious. As a bank’s TPRM practices mature, they will enforce a new level of discipline and quantification. They will begin to incorporate metrics and KPIs in their operational risk dashboards and Risk Appetite statements. With this knowledge, banks will be able to determine third party indemnification provisions and allocation of liabilities at the contract stage. Third parties will be at a disadvantage if they do not have a way to measure and verify the scope of a potential risk event.
“The risk of doing business with a third party is real; the consequences of a risk event are not only disruptive, but often result in long-term reputational damage that can seriously affect the bottom lines of both the bank and the third party,” McGowan said.
“When it comes time to choose a partner, banks will favor those who help them execute their TPRM responsibilities over those who begrudgingly comply,” she added.