I’m sure a lot of people just hoped it would go away. That the idea of holding the world’s financial institutions responsible for the risk management of their third party vendors, would stay just that – an idea. But when the OCC issued its directive declaring, “The board of directors and senior management are ultimately responsible for managing activities that control risk in third party relationships*”, things got personal. And very serious, fast. The fact is, that describing, monitoring and reporting third party vendor risk is a moving target in an ever-connecting world, and its challenging banks.
The latest guidance from the FDIC on the topic states, “A bank’s use of third parties does not relinquish responsibility… but holds it to the same extent as if the activity were handled within the institution*. “ Now that’s scrutiny. This directive has meant an extensive overhaul of process for most banks, and increased transparency demanded by the most senior level of financial services organizations.