Blog

Five Third Party Risks The Regulators are Focusing On

It’s the billion-dollar question – what is on a regulator’s mind when they walk through the door of a firm? What kinds of things are they looking for – and is the firm prepared?

The focus on third party risk management by regulators has increased significantly over the past few years.  The regulators themselves are providing some clear and coherent guidance on their expectations, such as: OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance; FFIEC Appendix J: Strengthening the Resilience of Outsourced Technology Services. And, if you’re looking for a ‘crib-sheet’ of what the examiners are likely to be looking at, there’s also OCC Bulletin 2017-7: The OCC's Supplemental Examinations Procedures for Third Party Relationships.

In February 2018, Aravo brought together a panel of experts, two of whom were former US regulators, to talk about how supervisors are thinking about third party risk management. You can listen to the broadcast here – but we’ve also distilled it down into five key take-aways.

Read More

Topics: third party risk management, tprm, supplier risk, vendor risk, occ compliance, FFIEC, third party risk regulators, regulatory frameworks, risk and compliance, third party risk, third party compliance, third party vendor, concentration risk, fourth party risk, geopolitical risk, cyber risk, information security, compliance risk

Expert Interview: Tom Garrubba on Six Ways Collaboration Can Enhance Your TPRM Program

Collaboration is a term that makes people either cheer or wince. However, today collaboration is essential to be a successful third party risk manager – the discipline has moved well beyond administrative box-ticking. Now, a strong culture of collaboration can help create the right environment to foster TPRM program excellence, and drive real value for organizations.

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, risk assessment, third party supplier, supplier risk, vendor risk, risk appetite, shared assessments, occ compliance, GDPR, third party risk assessment, standardization programs, gdpr processor, FFIEC, third party risk regulators, regulatory frameworks, internal audit, risk and compliance, third party risk, third party compliance, third party vendor