3 Party Risk Management Approach & Lifecycle Managing the ...… · Energica’ Risk Management approach & framework rdfor managing the 3 Party Relationships across the sourcing lifecycle
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Managing the 3rd Party Risks & Regulatory Impact in Banking & Financial Services Buyers
Regulation has challenged the business strategies, operational frameworks and functional business processes of every organization operating across the banking and financial services industry.
Managing the 3rd Party Suppliers, IT Service Providers, Extended Partner’s, GICs and CSPs is becoming very critical considering the emerging risks in today’s multi geography, multi sourcing, multivendor environments for the buyer organization.
The purpose of this Thought Paper (Ring Fencing – A Perspective View on managing the 3rd Party Risks and the Regulatory Impact in Banking & Financial Services Industry ) is to share our view on Regulatory Impact and information regarding the strategic nature of the compliance and operational risks.
What are the various Regulatory Requirements and Control Issues in BFSI industry? Managing the Operational and Compliance Risks with your service provider | GICs | Captives |
Shared Services through Ring Fencing. Overview on the Impact of Regulatory components on Business & IT services standpoint. Energica’ Risk Management approach & framework for managing the 3rd Party Relationships
across the sourcing lifecycle to minimize and mitigate the operational and compliance risks.
This will help our clients (buyer organizations) to effectively manage the 3rd Party Risks more effectively by leveraging a comprehensive risk management frameworks (Ring Fencing) & tools in a continual manner throughout the sourcing lifecycle and more specifically to minimize the Risk from Operational Standpoint.
Please contact Ramesh Somasundaram (Energica) with any questions or for specific consultative expertise | Advise in 3rd Party Supplier Relationship Risk Assessment.
Background: Ring Fencing - Compliance Matters Managing the 3rd Party Risks in Banking & Financial Services Buyers
The following are the major business drivers for the 3rd Party Vendor Risk Management in Banking and Financial service industry due to complex risks.
Structural Reforms in USA, UK and European Banking & Financial Industries
Resolution Requirements
Extra Territoriality
Cross Border Trade across geographies and implications
Impact on IT Systems & Services
Fragmented Systems
The IT infrastructure of most financial firms is fragmented and inconsistent. Data resides across multiple systems. This fragmentation drives up operating costs, slows the development of new products and hinders managers making decisions that require them to understand the contributions of customers, products and lines of business to the firm’s overall performance.
Operational Risks
Data & Regulatory Reporting
Risk Management:
Meeting the Regulatory Changes & Implications
Solvency II Implications for Insurance Companies
Dependency Constraints & Compliance on Multi Geography Financial Regulatory Requirements (market structures in different countries)
Business Levers: Ring Fencing - Compliance Matters Managing the 3rd Party Risks in Banking & Financial Services Buyers
The New Regulatory Environment will create opportunities, challenges for Banking, Financial Institution Companies (Buyers). Before looking at ways of managing complex risks better, it is useful to understand the sources of complexity, regulatory impact and complex parameters revolving around Banking & Financial institutions.
New Regulatory Scrutiny and Compliance Requirements across Banking, Capital Markets, Insurance and Investment Management Sectors
Expanding Geographical foot-print
Customer Demands
New Product Offerings
Distribution Innovation - Multi Channel Customer Interactions (Cross Border, ATM, Internet, Bank, Mobile, Call Centers, market places)
Structural Impedimental Issues & Fragmented Systems
Technology Management
Product Proliferation: The number of products offered by financial firms has increased dramatically in the past 20+ years.
Fragmented Systems: The IT infrastructure of most financial firms is fragmented and inconsistent. Lead to Modernization and development of new systems.
Data & Regulatory Reporting: Regulatory compliance now requires much more from banks and insurers: more data collection, more risk analysis, and more monitoring and reporting
Regulatory Impact Index: The table depicted on the next page indicates on overview of the Regions and the Regulatory Components impacting the BFSI industry segment.
Market Trends: Ring Fencing - Compliance Matters Managing the 3rd Party Risks in Banking & Financial Services Buyers
Dodd-Frank Wall Street Reform and Consumer Protection Act
Network and Information Security Directive (NISD) P**
Banking | Financial Services | Securities
Bank Levy Act
Bank Recovery and Resolution Directive (BRRD)
BCBS 239 - Risk data aggregation and risk reporting
Benchmark Regulation D*
Central Securities Depositary Regulation (CSDR)
EU Banking Structural Reforms
European Commission Communication on Shadow Banking D*
The Financial Services (Banking Reform) Act 2013 D*
Mortgage Credit Directive (MCD)
Payment Accounts Directive (HM Treasury)
FCA review of client assets regime for investment business
International Financial Reporting Standards (IFRS 9)
Payment Service Directive
Insurance
CASS 5A P**
ComFrame D* - The Common Framework for the Supervision of
Internationally Active Insurance Groups (ComFrame)
Insurance Distribution Directive (IDD) D*
Solvency II
Investment Management
Alternative Investment Fund Managers Directive (AIFMD)
European Long-Term Investment Funds Regulation (ELTIF)
Client Assets Review
Regulation on Key Information Documents for PRIIPs - D*
UCITS V Directive - V & VI - D*
EuSEF and EuVECA Regulation
Money Market Funds Regulation (MMF) - D*
UCITS V Directive - VI P**
UK EUROPEUSA GLOBAL
BFSI Regulatory Components : Ring Fencing - Compliance Matters Regulatory Impact Index: The table depicted below indicates an overview of the Regions and the Regulatory Components impacting the BFSI industry segments.
IT Compliance is very critical due to New Regulatory components like BASEL III, Dodd Frank Act, SEPA , FATCA
Consolidated GRC Systems Regulatory Impact on IT Systems
Distribution Innovation Improved Products & Services on Customer Excellence Privacy Intrusion
Operational Risk Management
Monitoring Supply base Risks are very critical from Operational and Strategic aspects. Auditing Outsourced Operations | Business Processes covering supply base, 3rd Party vendors,
Captives/GICs/SSC across onsite/off-site/near-shore/offshore locations. Disaster Recovery/Business Continuity Planning Audits IT Security Audits Carry out Compliance audits across the 3rd Party Relationships on a periodical basis Continual Supply base monitoring and Improvement programs Build/Enhance appropriate GRC systems to aggregate and report accurate risk data to ensure
compliance Risk Management:
Meeting the Regulatory Changes & Implications- Enhanced GRC Systems Solvency II Implications for Insurance Companies Dependency Constraints & Compliance on Multi Geography Financial Regulatory
Requirements (market structures in different countries
Takeaways: Ring Fencing - Compliance Matters Managing the 3rd Party Risks in Banking & Financial Services Buyers
Emerging risks should be addressed as an unavoidable part of the business growth and expansion.
Technology and the shifting geopolitical landscape are creating ever more complex and interrelated risks.
Change Management is a Key to Risk Management considering the regulatory Impact across BFSI industry segments covering Region /Country of operations and the underlying Business Units.
Risk managers should develop and maintain a ‘risk radar’ database of all risks including emerging risks, based on active investigation and detailed information about each threat.
Oversight that precedes a third-party relationship covering strategic planning, diligence, and contracting is essential to defining expectations, enabling effective risk management, and ensuring that outsourcing can satisfy both business and regulatory objectives.
Enhancing and Leveraging the Cross functional relationship to manage the risks between IT and Business (technology risks), with Procurement/Sourcing teams (supply chain risks), by establishing/refining the standard procedures and processes (regulatory and compliance).
Conducting periodical 3rd Party Vendor Risk Assessments as a part of the Risk Management Programs (Supplier Governance) to enhance your risk appetite and minimize the business Impact.
Takeaways: Ring Fencing - Compliance Matters Managing the 3rd Party Risks in Banking & Financial Services Buyers
In Closing… Way Forward. How Energica Can help the Buyer Organization on 3rd Party Vendor Risk Assessments across
the Sourcing and Vendor Management (SVM) Value Chain? Energica’ Approach and Methodology* on 3rd Party Relationship Risk Assessment will be
refined based on the client’ actual scope, requirements, sourcing and vendor landscape etc..
Enegica’s 3rd Party Relationship Risk Assessments (Ring Fencing) methodology varies depending on the size and actual scope of the client’s outsourcing contract(s).
Energica considers several environmental factors when evaluating the scope of 3rd Party Relationship Risk Assessments | Audit Programs, including: the sourcing landscape, number of deals, geography, country, business units, IT services, service provider, maturity of the relationship, degree of VRM Risk Management Strategy, Process and 3rd Party Vendor Risk Management programs, maturity of the Vendor Risk monitoring processes, practices and reporting.
Energica has a network of consultants with GRC Expertise and Capabilities cut across BFSI, Telecom and Healthcare arena. Energica will designate internationally experienced associate(s), who will support the client depends on the nature of engagement.
Energica will provide you with Assessment reporting that includes an executive summary, our approach, Risk Assessment | Audit findings and practical recommendations for the 3rd Party Relationship(s) audited as well as other sourcing agreements that you may have with similar vendors.
We would welcome the opportunity to further discuss about the 3rd Party Supplier Risk Assessment
/or/ about our managed governance services with you. Please feel free to contact Ramesh Somasundaram @ +91 99620.55678 or write to [email protected] /or/ [email protected]
Way Forward: Ring Fencing - Compliance Matters Managing the 3rd Party Risks in Banking & Financial Services Buyers