Third-Party Risk Management for Financial Institutions: Reassessing Risk in Light of COVID-19

Debra Taylor Lewis
Balch & Bingham LLP
Contact
LinkedIn
Facebook
X
Send
Embed

As part of an effective third-party risk management program, financial institutions should perform ongoing monitoring of the third-party relationship, including review of audited financial statements and risk assessments, performance of audits of IT controls, and monitoring of the third-party provider’s performance and compliance with service levels.

The COVID-19 pandemic has created unique risk pressures on financial institutions related to their third-party vendor relationships.

During this time, there are certain risk assessments that financial institutions should consider. Financial institutions should review all critical third-party contracts and service level agreements to re-assess the risk potential with the following in mind:  

  • Financial institutions should reassess data security risks, with particular attention to the added risk of many third-party providers’ employees working remotely. Institutions should understand the risk and make sure the third-party protects data against the additional risks of an overly stressed security platform.  Reassessment of appropriate cyber security insurance coverage is also recommended.
  • Financial institutions should evaluate the control environment and financial conditions of its third-party contractors, particularly those that provide the institutions with critical IT and other core services.
  • In light of the worldwide effect of the COVID-19 pandemic, financial institutions should also consider additional oversight or controls over third-party providers that operate in foreign locations and continue to have litigation strategies related to these entities.
  • All business continuity/business plans should be reviewed to ensure that the third-party provider can provide continued performance or support during the pandemic. Also, while force majeure clauses are in the spotlight and many institutions would like to include a pandemic in their force majeure definitions, financial institutions should be mindful that a pandemic should not be allowed to be considered a force majeure opportunity for a third-party core service provider to delay or terminate performance.
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Balch & Bingham LLP | Attorney Advertising

Written by:

Balch & Bingham LLP
Balch & Bingham LLP
Contact
more
less

Balch & Bingham LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide