Third-Party Risk Management: Driving Enterprise Value. Linda Tuck Chapman
|
|
|
- Brianne Sullivan
- 5 years ago
- Views:
Transcription
1 Third-Party Risk Management: Driving Enterprise Value Linda Tuck Chapman
2 Linda Tuck Chapman Career highlights: President, Ontala Performance Solutions Ltd. Chief Procurement Officer, BMO Financial Group President & CEO Education Collaborative Marketplace Chief Procurement Officer, Fifth Third Bank Chief Procurement Officer, Exec Offices Shared Services, Scotiabank Leadership profile: Advisor. Author. Expert. Linda Tuck Chapman President, ONTALA Author: Third-Party Risk Management Driving Enterprise Value -- available on Amazon --Wharton Executive Education: Industry expert RMA: Third Party Management Subject matter expert, Facilitator APICS-ISACA Research: Subject matter expert Sourcing Industry Group: Chair, SRC Thought Leaders Council Shared Assessments Group: Advisory Board Author: RMA Journal, Wall Street Risk Journal, industry publications
3 Regulatory criticism was the initial catalyst Regulatory Criticism is declining Community Mid-Tier Large Completeness full lifecycle 25% 0% 26.3% Completeness all third parties 25% 12.5% 21.1% Consistency across all lines of business 12.5% 12.5% 47.4% Due Diligence quality, completeness, docs 37.5% 12.5% 21.1% Business Continuity Management 37.5% 0% 10.5% Governance and Oversight 12.5% 0% 36.8% Effective Challenge 0% 0% 15.8% Monitoring 25% 0% 21.1% Reporting 0% 12.5% 15.8% Other 25% 62.5% 42.1% Source: RMA 2017 Third Party Risk Management Survey Driving enterprise value is the next frontier for third party management
4 What s the value proposition for the business? Controls for a very complex ecosystem Informed decisions Achieve negotiated terms Prevent Value for money Improve predictability Create an early warning system Detect Visibility and control Insight-based action Quickly respond to threats Innovate, safely Risk-centric, risk-adjusted work effort Respond Protect your reputation Protect customers from harm Protect shareholders from losses
5 What s the value proposition for senior leadership? Senior leadership needs to have a mindset of being strong through every cycle. Strong in good times, and strong under adverse economic conditions. Greg Carmichael President & CEO, Fifth Third Bank C o - d e p e n d e n t Their tone at the top is supported by strategic initiatives that strengthen competitiveness while derisking the bank. Embedded in every initiative is a strong regulatory core. This ensures decisions are aligned with tone at the top and the bank s risk appetite. Source: Linda Tuck Chapman, Third Party Risk Management: Driving Enterprise Value, published by RMA
6 What s the value proposition for the enterprise? Engaged Employees Corporate Strategy Internal Operations Tone at the Top Risk Appetite Third Parties Happy Customers All-Star Brand Happy Shareholders
7 The road to value
8 Address all third parties supporting critical activities All business relationships, excluding your customers Vendors Typically sourced through a center-led sourcing/procurement process. Paid by Accounts Payable. Non- Vendors Typically acquired by a business line/segment directly. Financial remuneration, if any, is outside of Accounts Payable processes. Source: RMA Third Party Risk Management Roundtable Steering Committee Most firms adapt their vendor program to address all third parties qone policy q Risk identification, assessments, management, and controls q Risk or Compliance is responsible for oversight
9 Build co-dependent frameworks and integrated controls Lifecycle Management Standardized, repeatable processes C o - D e p e n d e n t Governance and Oversight
10 Build co-dependent frameworks and integrated controls Governance and Oversight Controls, metrics, decisions Lifecycle Management C o - D e p e n d e n t Source: Linda Tuck Chapman (2017)
11 Identify, assess, mitigate, manage, and control risk Many possible sources of inherent risk AML/BSA Business Continuity* Consumer Protection Cloud Computing Corporate Stability Contracted Terms Financial Health Foreign Delivery Location Insider Threat Incentive Compensation Information/Cyber Security Insurance Model OFAC and Sanctions Performance Privacy Physical Security Records Reputation SOX Sub-Contractors Technology Purpose-built regs, laws and controls BCM: FFIEC Appendix J Foreign: FFIEC Appendix C Cyber: FFIEC Cyber Assessment Tool Privacy: GLBA
12 Engaging senior leaders and the board
13 What is presented to the board today? Primary focus: Community Banks - results of ongoing monitoring - audit findings Mid-Tier Banks Large Banks Source: RMA 2017 Third Party Risk Management Survey
14 What is presented to the board today? Community Banks Source: RMA 2017 Third Party Risk Management Survey
15 What is presented to the board today? Mid-Tier Banks Source: RMA 2017 Third Party Risk Management Survey
16 What is presented to the board today? Large Banks Source: RMA 2017 Third Party Risk Management Survey
17 What should senior management and boards know? Methodologies, Controls and Results Corporate Strategy Internal Operations Tone at the Top Risk Appetite Third Parties Impact on Customers Impact on Brand Impact on Shareholders
18 Management is doing things right; Leadership is doing the right things. Peter F. Drucker, The Essential Drucker The best run companies have great managers and strong leaders
19 Third-Party Risk Management: Driving Enterprise Value Thank you for your insight, expertise and contributions Krystelle Bilodeau, Office of the COO, Bank of Canada Greg Carmichael, President and CEO, Fifth Third Bank Stuart Davis, Chief Anti-Money Laundering Officer, BMO Financial Group John Eckert, Office of the Comptroller of the Currency (OCC), Retired Ashish Gupta, Vice President Model Risk, E*Trade Financial Corp Peter Hill, Chief Risk Officer, Black Knight Inc. Mark Holladay, Executive Vice President and CRO, Synovus Financial John Klapmust, SVP Third Party Risk Management, Bank of the West Deborah Manos-McHenry, SVP Chief Sourcing Officer, Huntington Bank published by RMA Available on Amazon Allison Sagraves, SVP Chief Data Officer, large US bank Mark Silver, Vice President Third Party Risk, Hancock Whitney Bank
20 Thank You Continue the conversation on #GRCSummit