The issue of vendor risk assessment by banks has gained more attention in recent years as the U.S. federal government tightens the rules around what a bank must due to ensure critical vendors don't pose a serious risk to their operations.
In 2013, the Office of the Comptroller of the Currency issued updated rules about how banks must vet and monitor third party vendors they contract with. The new rules put an especially heavy emphasis on so-called "critical" vendors, and laid out strict instructions for how banks should vet and monitor vendors "throughout the life cycle of the relationship."
According to the OCC, these third-party relationships include:
- Activities that involve outsourced products and services
- Use of outside consultants and networking arrangements
- Merchant payment processing services
- Services provided by affiliates and subsidiaries
- Joint ventures
- Any other business arrangements in which a bank has an ongoing third-party relationship or may have responsibility for the associated records
Thousands of Relationships
For banks, monitoring vendors is no small task, due to the sheer number of vendors banks work with. Felipe Prestamo, former senior vice president at TD Bank, told American Banker at the time of the new rule's publication that it had 22,000 active relationships with vendors.
And since 2013, the challenge has only become more acute. Financial technology, or fintech, has led to a sharp rise in the number of third party vendors banks are working with, and regulators have responded by tightening requirements to control risks.
As one Forrester analyst put it in November: "The third-party ecosystem continues to flummox [bank] risk managers. Regulators keep pushing for stronger oversight, but they fail to offer real standards or tools to make this possible."
Contracts Form the Foundation
There's no silver bullet for managing the risk and compliance issues associated with third party vendors in the financial services industry. But a good place to start is for banks to gain full visibility into the contracts that form the foundation of every vendor relationship.
many large organizations, including those in the quickly changing financial services industry, continue to manually manage contracts. This means that vital business information is stored in silos – either by geography, business function or contract type. As a result, contracting at many organizations holds back performance and limits visibility – just when the increased speed of global business demands greater velocity and agility, and the regulatory environment demands unprecedented compliance.
The solution to this problem is enterprise contract management software.
Properly managed, contracts can allow banks to run high level reports on vendor relationship across the entire organization so they know exactly who they are doing business with, and where in the lifecycle of the contracts various vendors are. This provides banks greater agility to respond to new regulations, since they can quickly sort and identify vendor relationships that could prove problematic as regulations change—or otherwise need attention.
More importantly, strong contract management software can ensure that new vendor contracts don't run afoul of regulations. Through rules-based workflow and clause and template libraries, all contracts are made to adhere to contracting standards and approved language.
The Icertis Solution
The Icertis Contract Management (ICM) platform offers enterprise contract management in an easy-to-use interface that ensures fast onboarding by your organization.
Additionally, ICM offers seamless integration with Dun & Bradstreet and Thomson Reuters, which allows organizations to automate supplier background checks, providing even more integrity to a company's vendor contracting process.
To learn more about how ICM can help your organization achieve its risk management goals, including with vendor relationships, download this InsideCounsel report: "Risk Compliance and the Bottom Line – Why Contract Management Matters."