ABA Banking Journal - July/August 2015 - (Page 33)

FEATURE > RISK MANAGEMENT Vendor risk management When done right, it's never done. BY NICK FoRTUNA S MALL banks seeking to manage risk from vendors and other third parties share something in common with a momand-pop retail store: They've got to continually take inventory. Eric Holmquist, president of Holmquist Advisory, an enterprise risk management consulting firm, says the key for small banks seeking to better manage risk from vendors is to rank those third parties according to their level of risk and continue to perform due diligence throughout the life of the relationship. "It's important to maintain a comprehensive and current inventory of all third parties where you're risk-ranking them based on the criticality of the service they provide along with the level of information that you're exposing to them and developing an appropriate duediligence process commensurate with the level of risk of each of the vendors," Holmquist says. He adds that many community banks historically have failed to stay on top of their third-party relationships, often because of a lack of manpower and resources. Small banks typically focus on two or three core vendors that pose the most risk due to the important services they provide and the personally identifiable information they have access to, he explains. But those core vendors typically aren't the ones that pose the biggest problems for banks, Holmquist says, because they usually are large enough to have fairly significant control infrastructures and risk management programs. The problems typically stem from second-tier vendors that are still critical to the bank but may not be big enough to have adequate risk management infrastructure in place, which creates exposure for the bank. "I often say that if you don't have a complete inventory of every third party that has your data, you don't have a vendor management program," Holmquist says. "That's the toughlove answer. These inventory pieces sometimes are where we see the biggest problems. If you don't have a good inventory, you're done. The rest is meaningless. aba.com/BankingJournal | ABA BANKING JOURNAL 33 http://bankingjournal.aba.com/

Table of Contents for the Digital Edition of ABA Banking Journal - July/August 2015

CHAIRMAN'S VIEW
UPFRONT
OPERATIONS
ECONOMIC OUTLOOK
PICTURE THIS
BANKING’S APPALLING REGULATORY STRUCTURE
HOW BANK CULTURE DRIVES SUCCESS
KEY CONSIDERATIONS FOR CREATING SUCCESSFUL BOARDS
VENDOR RISK MANAGEMENT
FIVE RISKS THAT WILL SHAPE BANKING’S FUTURE
CEO SYMPOSIUM
MOBILE BANKING
PAYMENTS
ABA COMPLIANCE CENTER INBOX
INVESTOR PERSPECTIVE
COMMUNICATIONS
REAL ESTATE LENDING
LEGAL BRIEFS
FROM THE STATES
BANKER RECOMMENDED READING
INNOVATIONS IN SOCIAL RESPONSIBILITY
INDEX OF ADVERTISERS

ABA Banking Journal - July/August 2015

https://www.nxtbook.com/naylor/BAKS/BAKS0318
https://www.nxtbook.com/naylor/BAKS/BAKS0218
https://www.nxtbook.com/naylor/BAKS/BAKS0118
https://www.nxtbook.com/naylor/BAKS/BAKS0617
https://www.nxtbook.com/naylor/BAKS/BAKS0517
https://www.nxtbook.com/naylor/BAKS/BAKS0417
https://www.nxtbook.com/naylor/BAKS/BAKS0317
https://www.nxtbook.com/naylor/BAKS/BAKS0217
https://www.nxtbook.com/naylor/BAKS/BAKS0117
https://www.nxtbook.com/naylor/BAKS/BAKS0616
https://www.nxtbook.com/naylor/BAKS/BAKS0516
https://www.nxtbook.com/naylor/BAKS/BAKS0416
https://www.nxtbook.com/naylor/BAKS/BAKS0316
https://www.nxtbook.com/naylor/BAKS/BAKS0216
https://www.nxtbook.com/naylor/BAKS/BAKS0116
https://www.nxtbook.com/naylor/BAKS/BAKS0615
https://www.nxtbook.com/naylor/BAKS/BAKS0515
https://www.nxtbook.com/naylor/BAKS/BAKS0415
https://www.nxtbook.com/naylor/BAKS/BAKS0315
https://www.nxtbookmedia.com