Unprecedented dimensions in vendor risk management
This is just one of the areas Jay and Adrian Rodriguez, VP, Internal Controls Manager at Amerant Bancorp and Hector Jimenez, Director, Operational and Vendor Risk Management at Sterling National Bank will touch on during their Interact 2020 session, Vendor Risk Management: The Moment is NOW.
As Jay points out, “People expected this to be temporary; what if we’re still operating this way months from now, or next year?” The session will focus, in part, on how HR and compliance teams can focus on that possibility, and the steps they can take today to manage the issue.
Among the other challenges at hand? People become more complacent when working from home, and can relax into bad habits and casual behaviors. Zoom, which has become such so prevalent, might expose organizations to the presence of videochat lurkers who are waiting to eavesdrop on confidential conversations. Policies and safeguards have to address these, especially when it comes to third-party vendors: Who are they inviting to Zoom chats pertaining to your business?
Our best intentions can’t keep up
As Jay explains, everyone’s best intentions can lag reality at a time like this. Executives and employees need to remember there are new problems cropping up they didn’t need to previously address, like how to secure no-contact deliveries of confidential documents. In financial services, there’s been an immediate focus on the liquidity of the client base, not on operational matters, so shortcuts have been taken in the interim that can have dire consequences.
Business continuity is, he reminds us, “like changing the tire on a moving vehicle.” Multiple measures have to be taken at the organizational level to instill best practices in the hear-and-now. Meanwhile, there’s the question of how to get back to doing the work that’s been set aside: Audits and reviews, operational and technology updates, and much more. “How long can you delay the delayed?”
In light of all that, what are a few of the questions an organization needs to ask itself about its vendor risk management efforts, according to Jay?
- Have you seen impacts to the support required from your directly contracted third-party vendors?
- Has the evaluation of supporting fourth parties to your critical and material third-party vendors escalated as result of the pandemic?
- Do you have needed due diligence on fouth parties supporting critical and material processes or products?
- Is a two-deep vendor review enough? If not, s there a practical reason or rule to go beyond two-deep review?
- How comfortable are you in your evaluation of the financial viability of your key suppliers, given the financial impacts of the last 3-4 months?