Securing the Banks Biggest Data Problem: Third Party Risk Mitigation

Securing the Banks Biggest Data Problem: Third Party Risk Mitigation

By David DiCristofaro, Global Lead Partner, IT Advisory in Risk Consulting, KPMG LLP

David DiCristofaro, Global Lead Partner, IT Advisory in Risk Consulting, KPMG LLP

Banks everywhere are under pressure. It is hard for them to grow organically in the post-crisis period, while increased regulation imposes costs and limits capital available for external growth. With turnover stagnant, banks have to concentrate on driving out costs and finding new ways to drive growth.

This is where service providers and other intermediaries play an important role and where external risk factors come in. And it is why any bank relying on third parties needs to make sure that the controls and compliance bar is set as high at its service providers as it is within the bank’s own systems and procedures.

This is not an option regulators are increasingly expecting ever more oversight of third parties. Rationalizing relationships by cutting numbers and consolidating external suppliers can help (although there is a fine balance between having a manageable number of suppliers while not being dependent on too small a number). Banks should also focus on the underlying contracts related to their supplier relationships, and on monitoring their suppliers’ organizational control reports or exercising the other kinds of validation procedures over their controls and compliance.

The resulting exposure from lapses in data security and privacy at third-party providers poses a serious threat to individual banks. This risk extends down throughout the banking supply chain, where a security or privacy incident at a bank as a result of a third-party error in one of their suppliers can signal the end of the service provider. And in a worst case scenario, if a major provider whose services were to have a problem, then the domino effect would cascade throughout the world.

I believe that these risks will also impact smaller banking institutions, possibly disproportionately. These institutions may rely more on third parties for their core banking capabilities than a larger bank does, plus they might not have the resources to be as proactive over validation of third-party controls and compliance.

What will banks do in response to these risks? I believe that the industry is forward-looking enough to draw risk out of the service provider community. The major service providers are certainly motivated to step up to the challenge. As their business becomes more complicated, it will be in their best interests to be on the cutting edge of how they mitigate the risk for fear of being shut out of the market. They will find ways to innovate, such as through security analytics, to seek out and prevent risk events occurring.

I think that the right roles already exist within most large banks to mitigate this risk. The challenge will be around governance and communication between the people on the business, technology and compliance sides, and the constantly changing nature of the banking supply chain. The focus will be to own supplier relationships and risk across the supplier life-cycle and across the enterprise quite a challenge given that often several different functions have a relationship with one supplier over each one of the many aspects of the business. Banks are looking at ways to improve this, and certainly the regulators are expecting it. Many of our clients are on this journey, and I believe that this will be an enduring trend in the management of their technology risk.

Check out: Top Revenue Cycle Management Service Companies

Weekly Brief

Top 10 Travel Expense Management Solution Companies - 2018
Top 10 Travel Expense Management Consulting/Services Companies - 2018

Read Also

Tech, Trust And Teamwork: How Innovations in Banking are Changing Financial Services

Tech, Trust And Teamwork: How Innovations in Banking are Changing Financial Services

Chris Fletcher, Global Head of Digital & Channel Partnerships, Western Union Business Solutions (NYSE: WU)
Riding the Waves of Digital Transformation in Banking

Riding the Waves of Digital Transformation in Banking

Maurice Lisi, Head of Multichannel & Customer Experience S/D, Intesa Sanpaolo [BIT: ISP]
Friend or Foe? Intelligent Partnering between Banks and FinTechs

Friend or Foe? Intelligent Partnering between Banks and FinTechs

Alessandro Hatami, Managing Partner, Pacemakers.io
'Fintech' - Evolution or Revolution

'Fintech' - Evolution or Revolution

Valli Ardalan, Vice President of Marketing & Business Development, Earthport
Recent Trends in the FinTech Space

Recent Trends in the FinTech Space

Samarth Shekhar, Regional Manager EMEA, SixThirty Global FinTech Fund
TSTC's Future on Technology Cloud Nine

TSTC's Future on Technology Cloud Nine

Andy Kroll, Statewide Department Chair, Cloud Computing, Texas State Technical College (tstc.edu)