Although the way firms and individuals are being prosecuted for bribery and corruption continues to evolve, the overall direction of travel is towards increased responsibility for the prevention of these activities. Most FCPA actions (83%) of 2017 involved bribery schemes that relied on third-party intermediaries such as agents, consultants, or contractors. And yet according to a recent survey, organizations are not responding fast enough by implementing the right policies and risk assessments.
March 12, 2018 posted by Aravo
March 02, 2018 posted by Aravo
It’s the billion-dollar question – what is on a regulator’s mind when they walk through the door of a firm? What kinds of things are they looking for – and is the firm prepared?
The focus on third party risk management by regulators has increased significantly over the past few years. The regulators themselves are providing some clear and coherent guidance on their expectations, such as: OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance; FFIEC Appendix J: Strengthening the Resilience of Outsourced Technology Services. And, if you’re looking for a ‘crib-sheet’ of what the examiners are likely to be looking at, there’s also OCC Bulletin 2017-7: The OCC's Supplemental Examinations Procedures for Third Party Relationships.
In February 2018, Aravo brought together a panel of experts, two of whom were former US regulators, to talk about how supervisors are thinking about third party risk management. You can listen to the broadcast here – but we’ve also distilled it down into five key take-aways.
Topics: risk and compliance, third party risk management, information security, compliance risk, tprm, third party risk, cyber risk, supplier risk, vendor risk, occ compliance, third party risk regulators, regulatory frameworks, third party compliance, third party vendor, FFIEC, concentration risk, fourth party risk, geopolitical risk
February 05, 2018 posted by Aravo
Collaboration is a term that makes people either cheer or wince. However, today collaboration is essential to be a successful third party risk manager – the discipline has moved well beyond administrative box-ticking. Now, a strong culture of collaboration can help create the right environment to foster TPRM program excellence, and drive real value for organizations.
Topics: risk and compliance, third party risk management, GDPR, board of directors, governance, tprm, third party risk, risk appetite, board accountability, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, occ compliance, risk assessment, shared assessments, third party risk assessment, standardization programs, gdpr processor, third party risk regulators, regulatory frameworks, internal audit, third party compliance, third party vendor, FFIEC
January 23, 2018 posted by Aravo
Third party risk management (TPRM) could be set to evolve at lightning speed over the next five years, according to Victoria Munoz-Titos, former EMEA, Risk and Control Services at AIG in London. The changes won’t just be accelerated by regulatory demands either. Rather, they will be propelled by a transformation to the way organizations work together, as financial services firms incorporate outsourcing and other types of third party relationships even deeper into their business strategies. Below are the top seven trends that Munoz-Titos sees changing the way firms engage with TPRM and their third-party relationships:
Topics: third party risk management, board of directors, governance, tprm, risk appetite, board accountability, risk reporting, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, risk assessment
January 15, 2018 posted by Aravo
Third party risk management (TPRM) is a relatively new discipline for many financial services firms and so it’s no surprise that organizations are still navigating their way. As firms establish their third party risk programs, there’s many common pitfalls that they can fall into. Knowing about these helps you avoid them, so Aravo recently spent some time with third party management expert, John Bree, to expose some of the more common missteps that he has seen organizations make when it comes to setting up, or enhancing, a TPRM program.
Topics: Financial Services, third party risk management, board of directors, governance, tprm, board accountability, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, risk assessment
November 29, 2017 posted by Aravo
Third party risk management is on a journey. A journey that is being accelerated and guided by increased regulatory attention.
Topics: risk and compliance, third party relationships, Financial Services, reputational risk, regulatory risk, risk-scoring, third party risk, performance scoring, regulatory compliance, operational risk, supplier risk, third party supplier, Risk Management Framework, vendor risk, performance management program, enterprise risk, occ compliance
November 22, 2017 posted by Aravo
In a speech last week at the Cyber Security Summit and Expo 2017, Nausicaa Delfas, Chief Operating Officer at the FCA, called out cyber risk as one of the FCA’s top priorities and noted its close intersection with supplier risk, and third, fourth and fifth party risk.