Vendor risk management is a lot like counting inventory at a mom-and-pop store: It’s a continuous process. That’s one of the insights from a new article posted on the American Bankers Association (ABA) Banking Journal this week.
- Security consultant Eric Holmquist says smaller banks often focus on two or three core vendors that post the most risk, but that smaller vendors and second-tier vendors also pose a major risk.
- Michele Sullivan, a partner at Crowe Horwath, says that third party risk needs to be a continuous process, not just an assessment that occurs at the beginning of an engagement.
- The expectation from regulators on third parties is that banks need to monitor their activities as if they were conducting those activities themselves.
- There’s a shortage of talent in the market when it comes to risk management. “As the laws and regulations become more complex, and vendor risk management is a piece of that, it’s taken a toll on how many experts are available, ” says Ryan Rasske, SVP of risk and compliance at ABA.