
Securing the Banks' Biggest Data Problem: Third Party Risk Mitigation


David DiCristofaro, Global Lead Partner, IT Advisory in Risk Consulting, KPMG LLP
Banks everywhere are under pressure. It is hard for them to grow organically in the post-crisis period, while increased regulation imposes costs and limits capital available for external growth. With turnover stagnant, banks have to concentrate on driving out costs and finding new ways to drive growth.
This is where service providers and other intermediaries play an important role—and where external risk factors come in. And it is why any bank relying on third parties needs to make sure that the controls and compliance bar is set as high at its service providers as it is within the bank’s own systems and procedures.
This is not an option—regulators are increasingly expecting ever more oversight of third parties. Rationalizing relationships by cutting numbers and consolidating external suppliers can help (although there is a fine balance between having a manageable number of suppliers while not being dependent on too small a number). Banks should also focus on the underlying contracts related to their supplier relationships, and on monitoring their suppliers’ organizational control reports or exercising the other kinds of validation procedures over their controls and compliance.
“The resulting exposure from lapses in data security and privacy at third-party providers poses a serious threat to individual banks”
The resulting exposure from lapses in data security and privacy at third-party providers poses a serious threat to individual banks. This risk extends down throughout the banking supply chain, where a security or privacy incident at a bank as a result of a third-party error in one of their suppliers can signal the end of the service provider. And in a worst case scenario, if a major provider whose services were to have a problem, then the domino effect would cascade throughout the world.
I believe that these risks will also impact smaller banking institutions, possibly disproportionately. These institutions may rely more on third parties for their core banking capabilities than a larger bank does, plus they might not have the resources to be as proactive over validation of third-party controls and compliance.
What will banks do in response to these risks? I believe that the industry is forward-looking enough to draw risk out of the service provider community. The major service providers are certainly motivated to step up to the challenge. As their business becomes more complicated, it will be in their best interests to be on the cutting edge of how they mitigate the risk for fear of being shut out of the market. They will find ways to innovate, such as through security analytics, to seek out and prevent risk events occurring.
I think that the right roles already exist within most large banks to mitigate this risk. The challenge will be around governance and communication between the people on the business, technology and compliance sides, and the constantly changing nature of the banking supply chain. The focus will be to own supplier relationships and risk across the supplier life-cycle and across the enterprise—quite a challenge given that often several different functions have a relationship with one supplier over each one of the many aspects of the business. Banks are looking at ways to improve this, and certainly the regulators are expecting it. Many of our clients are on this journey, and I believe that this will be an enduring trend in the management of their technology risk.
ON THE DECK
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
COVID-19 Creates a Myriad of Compliance Challenges for Employers
Challenges that Compliance Officers face Today
Risk Exposures and How to Tackle them
Creativity Overcomes Scarcity
Putting The Customer At The Centre Of The Energy Transition
The Rise of Algorithmic Trading In The Power Sector
