Blog

Five Third Party Risks The Regulators are Focusing On

It’s the billion-dollar question – what is on a regulator’s mind when they walk through the door of a firm? What kinds of things are they looking for – and is the firm prepared?

The focus on third party risk management by regulators has increased significantly over the past few years.  The regulators themselves are providing some clear and coherent guidance on their expectations, such as: OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance; FFIEC Appendix J: Strengthening the Resilience of Outsourced Technology Services. And, if you’re looking for a ‘crib-sheet’ of what the examiners are likely to be looking at, there’s also OCC Bulletin 2017-7: The OCC's Supplemental Examinations Procedures for Third Party Relationships.

In February 2018, Aravo brought together a panel of experts, two of whom were former US regulators, to talk about how supervisors are thinking about third party risk management. You can listen to the broadcast here – but we’ve also distilled it down into five key take-aways.

Read More

Topics: third party risk management, tprm, supplier risk, vendor risk, occ compliance, FFIEC, third party risk regulators, regulatory frameworks, risk and compliance, third party risk, third party compliance, third party vendor, concentration risk, fourth party risk, geopolitical risk, cyber risk, information security, compliance risk

Expert Interview: Tom Garrubba on Six Ways Collaboration Can Enhance Your TPRM Program

Collaboration is a term that makes people either cheer or wince. However, today collaboration is essential to be a successful third party risk manager – the discipline has moved well beyond administrative box-ticking. Now, a strong culture of collaboration can help create the right environment to foster TPRM program excellence, and drive real value for organizations.

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, risk assessment, third party supplier, supplier risk, vendor risk, risk appetite, shared assessments, occ compliance, GDPR, third party risk assessment, standardization programs, gdpr processor, FFIEC, third party risk regulators, regulatory frameworks, internal audit, risk and compliance, third party risk, third party compliance, third party vendor

Expert Interview: Victoria Munoz-Titos on Seven Changes we can Expect to See in TPRM by 2021

Third party risk management (TPRM) could be set to evolve at lightning speed over the next five years, according to Victoria Munoz-Titos, former EMEA, Risk and Control Services at AIG in London. The changes won’t just be accelerated by regulatory demands either. Rather, they will be propelled by a transformation to the way organizations work together, as financial services firms incorporate outsourcing and other types of third party relationships even deeper into their business strategies. Below are the top seven trends that Munoz-Titos sees changing the way firms engage with TPRM and their third-party relationships:

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, risk assessment, third party supplier, supplier risk, vendor risk, risk reporting, risk appetite

Expert Interview: John Bree on the Top Five TPRM Program Mistakes Firms Often Make

Third party risk management (TPRM) is a relatively new discipline for many financial services firms and so it’s no surprise that organizations are still navigating their way. As firms establish their third party risk programs, there’s many common pitfalls that they can fall into. Knowing about these helps you avoid them, so Aravo recently spent some time with third party management expert, John Bree, to expose some of the more common missteps that he has seen organizations make when it comes to setting up, or enhancing, a TPRM program. 

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, Financial Services, risk assessment, third party supplier, supplier risk, vendor risk

Third Party Risk - A Unique Kind of Operational Risk

Third party risk management is on a journey. A journey that is being accelerated and guided by increased regulatory attention.

Read More

Topics: operational risk, third party risk, risk-scoring, enterprise risk, performance scoring, third party relationships, reputational risk, regulatory risk, regulatory compliance, risk and compliance, supplier risk, Financial Services, vendor risk, occ compliance, Risk Management Framework, performance management program, third party supplier

Cyber resilience and supplier risk: moving beyond compliance

In a speech last week at the Cyber Security Summit and Expo 2017, Nausicaa Delfas, Chief Operating Officer at the FCA, called out cyber risk as one of the FCA’s top priorities and noted its close intersection with supplier risk, and third, fourth and fifth party risk.

Read More

Topics: third party risk management, board of directors, board accountability, governance, third party governance, FCA, supplier risk, cyber risk, cyber resiliance

Shared Compliance Communities – Aravo’s Perspective and Experience

Shared Compliance Communities gather supplier/third-party responses to standardized assessments with the promise of increased efficiencies and improved data quality.  This concept isn’t necessarily new – at least not outside the U.S. - but there has been some recent development in terms of interest in the model.

Read More

Topics: third party risk management, compliance programs, Hellios, communities, Financial Services, defense

Third Party Risk Management - Meeting the Expectations of the Board

With the strategic importance of engaging third parties in today's business landscape, coupled with the level of risk that they can bring to the enterprise, it should not be surprising that third party risk management is attracting greater focus from the C-suite and the Board of Directors.

According to the Institute of Collaborative Working, up to 80% of direct and indirect operating costs of a business can come from third parties, while up to 100% of revenue can come from alliance partners, franchisees and sales agents.

Download e-Book

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance

Bribery & Corruption - “societal action v. unenforced regulation”

At the moment, the international approach to enforcement around bribery and corruption can seem uneven, at best and perhaps lax, at worst.

Read More

Topics: Anti-Bribery and Anti-Corruption, Bribery, Corruption, Corruption Enforcement, Fraud, third party risk management, compliance programs, FCPA, uk bribery, uk sfo, reputational risk

Three ways the Internet of Things and the GDPR will impact Third Party Risk

As the Internet of Things (IoT) evolves, it will offer organizations the opportunity to create an unprecedented range of potential products and services. By embedding the internet into computer systems inside of cars, appliances, and other physical things, manufacturers will be able to offer new functionality as well as additional services. Smart homes and intelligent cars are already on the consumer market in many countries. Applications for this technology in a business-to-business environment are equally promising.

Read More

Topics: cybersecurity, Data Security & Privacy, information security, cyber-security, GDPR, cyber risk, third party risk management, cyber regulation, cybersecurity regulation, internet of things, IoT