Effective Third Party Risk Management (TPRM) can be implemented and maintained with stepping stones. Lay them out. Consider each one carefully. Use caution to not be distracted by competing priorities (or external industry noise) that causes your organization to stumble or completely skip over critical steps. Stumble in a significant area — and you may not recover.
Efficiency has increased in importance for business, regardless of industry. But when we add time, and resource turnover, effective practices can be lost when basic fundamental steps are skipped. Eventual complacency can erode foundational strength and open the door for risk, stale redundancies, and incorrect assumptions to creep into the accepted process and organizational mindset.
Consider this about staff transitions:
- Is corporate knowledge often lost?
- Are practices tightened up with each new assignment of responsibility, or have they deteriorated over time?
- Is a lack of commitment from management causing apathy across the enterprise?
There are times when chasing bright, shiny, new things is appropriate. It can be innovative, fun, exciting, and perhaps even considered a winning strategy. However, the cost can be substantial if the basic, somewhat laborious deep work, attention to quality, and appropriate monitoring fades into the shadow of obscurity. Are new product/service offerings in the industry distracting your attention away from a vendor that is slipping in its Service Level Agreement (SLA) metrics?
We have all read the guidance provided by the regulatory agencies. At this point, some of us can nearly recite it from memory. But is it being effectively executed across the industry? In your institution? In your Business Unit?
Take a fresh look. Consider the guidance from all angles. Is your management team aware of the reality of implementation at your organization? Have some fundamental requirements slipped into autopilot? Missed the mark of excellence? Lost effectiveness over time?
Sure, the TPRM policy is neatly in place. It is even reviewed and approved by the Board of Directors annually. Fantastic! But is there transparency across the enterprise and at the top? Has the Board’s review process become a rubber stamp? If so, consider this: Letter to Executives
Even if your prior regulatory examinations have not targeted your TPRM practices, OR the existing TPRM guidance has not been consistently enforced by your examiner, at the end of the day, it is your responsibility to ensure:
- the safety and soundness of your institution
- the integrity of your TPRM program
- that trust is warranted from your clients
Pause. Check your footing and the direction that your organization is headed.
Part Two will discuss specifics:
- what do you need to check,
- what do you look for when you are checking, and
- what steps you can take to address the issues.
Fortrex is ready to help you check your footing, check your direction, and move towards success! Contact us to discuss the best solution(s) for your situation – to ease the stress of TPRM and keep your institution compliant.