What You Need to Know Now About Third Party Vendor Relationships

Imagine you are the Chief Risk Officer of a 200+ asset bank with anticipated future growth through global expansion, new business ventures, and vast investment opportunity. Despite competition falling victim to identity theft scandals and confidentiality breaches, you have managed to steer clear of any widespread conflict. When confronted with the release of OCC Bulletin 2013-29 and CFPB Bulletin 2012-3 and their implications surrounding third-party suppliers, you are confident in your internal procedures since they have always been sufficient.

Being cognizant of budgeting has always allowed for strong bottom line figures, and it seems fairly wasteful to institute a supplier relationship management program when contracts serve to prevent discrepancy. The preceding thought process is not rare. Many banks believed their existing programs to be fail proof, and although this may prove true internally, it is increasingly difficult to effectively manage third party vendor relationships without a management system. In the case of the hypothetical bank, deviation from these guidelines could lead to financial penalties, legal battles and a tarnished reputation. In other words, the benefits perceived from not having a program in place would quickly be reversed by the consequences of violation.

Although an organization’s internal compliance may be immaculate, according to the OCC Bulletin 2013-29 and CFPB Bulletin 2012-3, that does not extend to independently operated third party associations. With an industry as tied to the public welfare as banking, these bulletins serve to protect consumers from an economically damaging occurrence by a third party vendor. Since these parties are clearly their own entity, supplier relationship management programs reduce supplier risk through an in-depth awareness of supplier operations pertaining to the core business. Adequate supplier risk management practices can prevent consequences for violation of any compliance-related responsibilities.

With the SRM benefit potential in mind, Source One has released two webpages further discussing the bulletins, their implications for banks, and the solutions we provide to tackle third-party risk. The CFPB Bulletin 2012-3 and OCC Bulletin 2013-29 guidelines can significantly impact banks, and attention to their terms and instruction can allow a bank to lead the market.

Photo courtesy of: insidecounsel.com