Third-Party Risk Management for Financial Services Organizations

Published by Sabrina Pagnotta on April 23, 2020

Engaging with third-parties in the financial services industry

According to the Federal Deposit Insurance Corporation (FDIC), financial institutions generally enter into third-party relationships by outsourcing certain operational functions or the production of certain offerings. This can assist management in attaining strategic objectives by increasing revenues or reducing costs.

It’s important to note that the term “third-party” includes all entities that have entered into a business relationship with the financial institution, whether it’s a bank or a nonbank, affiliated or not affiliated, regulated or non-regulated, or domestic or foreign.

What kind of third-party risks does the financial services industry face?

The following are some of the risks that may arise from a financial institution’s use of third-parties, according to the FDIC.

Strategic risk. It arises from adverse business decisions, such as the use of a third-party to perform banking functions that does not help the financial institution achieve corporate strategic goals.
Reputation risk. It arises from negative public opinion, caused by dissatisfied customers that were affected by the third-party service offering.
Operational risk. It results from inadequate or failed integration of processes, people, or systems, which can increase the overall operational complexity.
Transaction risk. It arises from problems with service or product delivery due to a third-party’s failure to perform as expected.
Credit risk. It arises when the third-party is unable to meet the terms of the contractual arrangements with the financial institution or to otherwise financially perform as agreed.
Compliance risk. It arises when the products or activities of a third-party are not consistent with governing laws, rules, regulations, policies, or ethical standards.

The regulatory landscape

In response to increasingly complex cyber attacks, legislators have imposed greater regulatory pressure on the financial services industry through measures such as the NYDFS regulations and the California Consumer Privacy Act (CCPA).

We believe bills and resolutions related to cyber security that deal with third-party risk management will continue to be passed in the United States and globally, which will increase the liability of financial services organizations everywhere.

However, cyber attackers are constantly adapting to new security measures, so bare minimum compliance is not enough to mitigate risks. The financial services industry should strive to improve TPRM strategies as much as possible, rather than waiting for new regulations to force changes.

How can ThirdPartyTrust help the financial services industry?

With an easy to setup application and robust feature set, our ThirdPartyTrust platform simplifies assessing and working with third-parties, identifying gaps in their cyber security programs, and putting remediation plans into place. Its network-based approach allows to streamline the information gathering and communication process while conducting security assessments.

These are some of the benefits of ThirdPartyTrust for financial institutions:

Custom assessments to ensure both internal policy and government regulation compliance
Automation to streamline information gathering and risk monitoring
Integration with other managed services platforms via API
Access to additional intelligence on the third-party’s digital footprint, breach information and financial risk
Reviewing and mapping results of certifications, such as NYFDS, ISO, NIST, GDPR, PCI, SOC 2, SIG, etc.
Leveraging industry expertise on over 17,000 third-parties already assessed

By firmly embedding TPRM functions into the extended business and its operating structure, financial services organizations can benefit from reducing risk and increasing agility and resilience.

To learn more about how ThirdPartyTrust can help you manage third-party risk, request your free trial now:

Trial Account Sign-Up

Sabrina Pagnotta

Sr. Content Strategist

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.