What Business Leaders and Regulators Want: Managing Third-Party Risk in Financial Services
1 like•97 views
The webinar discusses the importance of managing third-party risks in financial services, highlighting expectations from regulators and the technology's role in enhancing risk management practices. It covers the current state of third-party risk management, emphasizing the complexities faced by financial institutions, and the potential penalties for non-compliance. The session also suggests leveraging technology to improve supplier performance monitoring and contract governance.
What Business Leaders and Regulators Want: Managing Third-Party Risk in Financial Services
- 1. © 2012-17 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. WHAT BUSINESS LEADERS AND REGULATORS WANT Managing Third-Party Risk in Financial Services A Webinar by IACCM and SirionLabs featuring Promontory 27th August 2019
- 2. 2 © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Before we get started THE HOUSEKEEPING ITEMS: • Webinar slides and recording will be emailed • Enter questions in chat on webinar panel
- 3. 3 © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. About the organizers The International Association for Contract & Commercial Management enables organizations and professionals to achieve world-class standards in their contracting and relationship management process and skills. For more information, visit www.iaccm.com SirionLabs is transforming the contracting engagement between enterprises by bringing contracting parties closer together across the full lifecycle of the contract – from authoring to performance to closure – enabling improved savings, business outcomes and effective risk management. For more information, visit www.sirionlabs.com Promontory (a global unit of IBM) provides advisory and implementation services grounded in the highest levels of regulatory and domain expertise. They focus on the intersection of regulation, risk management, compliance, and technology, delivering practical and innovative solutions to address business strategy, risk management, and compliance challenges. For more information, visit www.promontory.com
- 4. 4 © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Why it is critical for organizations to get third-party risk management right How regulators expect financial institutions to manage third-party supplier engagements The role of technology in effective third-party risk management 1 2 3 What will be covered today
- 5. 5 © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary. AJAY AGRAWAL Co-founder and CEO SirionLabs TIM CUMMINS President IACCM Meet the speakers ROBIN SHAHANI Managing Director Promontory
- 6. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Third party risk management: current state Economic & Operating environment 62% need to reduce costs, lack required talent Investment A piecemeal approach means only 21% cover all or most risks Leadership Responsibility with the Board, but stakeholder coordination problematic Operating model ‘Federated’ (69%) replacing centralized; centers of excellence >65% Technology A three-tiered approach with ‘smartly coordinated investments’ Source: Deloitte EERM Survey 2018
- 7. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. From 4% to 10% of Revenue Increase in compliance spend by by 2022 Duff & Phelps $ 321 billion Fines paid by banks globally since the financial crisis as regulators stepped up scrutiny Boston Consulting Group (BCG) $1.1 billion Penalty for a global bank for breach of money- laundering laws and economic sanctions What are we missing here? $100 billion Global spending among banks on compliance The Trade
- 8. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Financial institutions manage a high complexity supplier eco-system 18% 20% 20% 24% 25% 29% 44% 46% 52% 58% 63% 65% 72% 74% 75% 79% 85% 95% 98% Consumer Products Industrial Products Construction and Engineering Primary Production Chemicals Pharmaceuticals Oil & Gas Utilities High-tech Products All Industries Transportation and Logistics Government Media, Entertainment, Leisure Retail (excluding COGS) Healthcare Telecommunications Professional Services Financial Services Insurance Source: Forrester and US Bureau of Economic Analysis
- 9. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. What’s at stake for financial institutions? $530 million Settlement by three leading financial services companies for deceptive selling and predatory behavior by third- party suppliers • Stringent penalties • Reputation, financial viability, customers • Innovation and competition
- 10. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. How regulators view third-party relationships “Third-party relationships may increase a bank’s exposure to operational risk because the bank may not have direct control of the activity performed by the third party. Operational risk can increase significantly when third–party relationships result in concentrations.” OCC Bulletin 2013-29, Third-Party Relationships: Risk Management Guidance Organizations can outsource the work, but they cannot outsource the responsibility
- 11. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Managing risk and opportunity through uncertainty analysis Source: IACCM Research Forum, July 2019
- 12. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. The role of technology By 2020 RegTech is expected to make up 34% of all regulatory spending KPMG • Combining GRC tools with specialized point solutions to enhance risk management effectiveness • Going beyond the front-end due diligence for critical suppliers • Leveraging technology to automate ongoing performance monitoring • Minimizing reliance on self-reporting and self- certification by suppliers
- 13. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Extending the scope of risk management through technology • For strategic suppliers, a deeper risk management approach is needed to address specific types of risks not adequately addressed by GRC: • Contractual risk • Performance risk • Financial risk • A granular, obligation level contract and supplier governance is needed • Ongoing monitoring of supplier performance against contractual obligations is critical: • Service level performance • Non-service level obligations (Reporting on internal controls, incident management protocols, network and physical security, etc.) • Business continuity and disaster recovery planning and testing • Results from supplier audits • Regulatory compliance risk • Policy compliance risk • Comprehensive change management is needed as strategic contracts undergo frequent changes
- 14. © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. Financial Risk Sirion - Supplier & Contract Governance Technology Performance Management Contract Management Financial Management Relationship Management In-Life Management Termination & Closure Supplier Risk & Compliance Contractual and Performance Risk Lifecycle of a Third Party Engagement How Sirion and GRC interoperate GRC Tech Supplier Diligence/ Onboarding Third Party Risk Financial Risk Entity Risk Continuity Risk Reputation Risk UNIFIED VIEW OF THIRD PARTY RISK Regulatory risks/periodic audits
- 16. 16 © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. What’s next? • Please complete a brief survey at the end of this webinar to give us your feedback • Look out for a follow-up email with a copy of these slides and a recording of the webinar • Join us for more such events
- 17. 17 © 2012-19 SirionLabs Pte. Ltd. The contents of this presentation are proprietary and confidential. [email protected] THANK YOU @SirionLabs