Establishing an Effective and Efficient Third Party Risk Management Program for Financial Institutions
Banks and financial institutions (FI’s) continue to increase their reliance on 3rd parties to provide critical products and services. These third party providers are leveraged to lessen the time needed to bring their products to market, expand or introduce new products to customers, minimize operational costs, maximize ROI and internal efficiency, and improve customer experiences. At the same time, regulators continue to release expanded guidance on requirements for third party risk management practices. If left unmanaged, banks will face not only compliance actions, but a litany of unwanted risks and unintended results from data breaches, customer impacts, operational setbacks, and reputational fallouts.
With the incessantly increasing number of hackers and threats, financial institutions need modern approaches in establishing a modern third-party risk management program that can keep pace with the continuously evolving economic landscape. In this light, a panel of global thought leaders and professionals brought together by The Knowledge Group will offer the audience with all the crucial insights and will go beyond the practical tips on how to establish an effective and efficient Third Party Risk Management Programs.
Key topics include:
- Third Party Risk Management Program - Overview
- Risks, Challenges and Opportunities
- Standards and Regulatory Guidance for TPRM Programs of Financial Institutions
- Third Party Risk Management Lifecycle and Leading Practices
- Implementation Issues
- Immediate Opportunities
Mark T. Dabertin, Special Counsel
Pepper Hamilton LLP
- Introduction: Third Party Oversight Programs
- Relevant Guidance
- Basel Guidance
- OCC Guidance
- FDIC Guidance
- Federal Reserve Guidance
- CFPB Guidance
- OSFI Guidance
- Consequences of Ineffective and Inadequate Oversight
Aaron Silva, Founder
Paladin fs, LLC
- A Market oligopoly exists with 93% of Banks over $1B being processed by FIS, JHA or Fiserv and 85% of those below $1B. This puts banks at a significant disadvantage when renegotiating their multi-year, multi-million dollar Core IT processing contracts.
- Significant hidden and unpredictable financial impact and risk embedded in these agreements when transacting a merger (buy or sell) that can punish shareholders greatly if not understood and then mitigated in advance.
- Few Core IT suppliers issues actual Service Level Agreements in their contracts which put banks at great risk if an SLA miss impacts customers and damages reputation. Most agreements contain SLOs - Service Level Objectives not SLAs.
- No pricing efficiency exists nationally for products and services sold by Core IT Suppliers. Bankers are left to 'guess' on costs for services that can range into the millions over 5-7 years. Vendors hold all the cards.
- Banks are prevented from implementing FintTech services that are competitive to Core IT supplier services even though the data belongs to the institution. This poses a great future risk of banks having the ability to make competitive choices for services without Core IT supplier permission.
Steven Slavens, Attorney
- Description of outsourcing in Canada for FIs. A brief overview of OSFI B-10 (Outsourcing of Business Activities, Functions and Processes) Guidelines applicable to federally regulated financial institutions. A discussion of the Canadian marketplace.
- Agreements with third parties as an FI’s primary means of achieving compliance. While FIs are always responsible to their regulators for their own compliance, outsourcing of functions to service providers expand (including to FinTech solutions) continues to grow. FIs need to have in place processes at the front end that effectively engage stakeholders early.
- Practical approaches to managing outsourcing risk. A case study of one FI’s enterprise cloud strategy and approach. How one major Canadian FI invested in process to create comfort in the face of risk.
Chris Monk, Managing Director
- Key Challenges and Implementation Issues
- Third Party Risk Management (3PRM) Framework
- 3PRM Stakeholders and Key Responsibilities
Subharun Mukherjee, Director: Industry Marketing
- Vendor Risk management program has and is undergoing a wide extension in scope and scale with the information revolution. As ecosystems expand and globalize on one side, and regulators increase scrutiny on the other, the use of real time information in vendor program assessments is becoming critical. Technology advances around is providing the right platform to build intelligent and real time vendor risk programs globally.
- As the business model changes, there is a introduction of a range of new threats which affect the vendor ecosystem like cyber risk. This is drastically increasing the breadth and depth of vendor risk management programs. Regs. like GDPR and FFIEC guidelines are taking cognizance of the emerging risks and advocating a relook and redesign of the vendor risk management programs.
- Improve data aggregation, and standardization for improved decision making – by integrating Third Party Risk Management with Enterprise Risk Management and IT Risk Management.
Who Should Attend:
- Financial Services Counsel
- Banks and Financial Institutions Executives
- Risk Management Officers
- Regulatory Compliance Officers
- Banking and Finance Lawyers
- Business Analyst
- Bank Regulation Lawyers
- Outsourcing Providers
- Audit Professionals
- Supply Chain Officers
- Other related/interested Professionals and Organizations
Subharun Mukherjee leads the Banking and Financial Services Vertical and the MetricStream Risk Product portfolio from the product strategy and marketing aspect. Subharun has over 12 years’ of experience in the consulting and enterprise software industry primarily working as a partner to multiple global financial services conglomerates on their enterprise GRC and risk programs driving strategic value realization. He works closely with some of the leading industry analyst firms like Gartner, Forrester, Chartis Research as well leads MetricStream’s interactions and joint thought leadership efforts with global GRC associations like OCEG, GARP, OpRisk and others. His areas of interest include risk management, risk intelligence, cognitive compliance, fraud management, capital allocation, data science and predictive analytics. Before MetricStream, Subharun played pivotal roles at Deloitte, in their risk advisory group, and SAP, in their global client advisory group. He holds a masters in analytical finance and strategic marketing from the Indian School of Business, Hyderabad.
Subharun Mukherjee leads the Banking and Financial Services Vertical and the MetricStream Risk Product portfolio from the product strategy and …
Chris is a Managing Director within Protiviti and a member of the Leadership Team for Supply Chain Solutions. Chris has over 15 years of experience in supply chain, both within industry and serving clients as a consultant. He has a proven track record of analyzing, improving, and transforming organizations, delivering performance improvement and sustainable cost savings for clients across a number of industries. His areas of focus include S&OP, Sourcing and Procurement, Accounts Payable, Enterprise Contract Management, Supplier Performance Management, and Third Party Risk Management. He is a published thought leader and has been recognized by Supply and Demand Chain Executive Magazine as a Pro to Know.
Chris has assisted financial intuitions of all sizes in the assessment, design, and implementation of leading vendor/third party risk management programs. This includes helping companies address overall 3PRM strategy and policy, risk management lifecycle processes, organization design and roles, management reporting/monitoring, risk assessment and third party segmentation methodology and tools, and enabling technologies.Enabling Speed of Innovation Through Effective Third-Party Risk Management
Fintech Compliance Readiness
Chris is a Managing Director within Protiviti and a member of the Leadership Team for Supply Chain Solutions. Chris has …
Mark T. Dabertin is special counsel in the Financial Services Practice Group of Pepper Hamilton LLP, resident in the Berwyn office. Mr. Dabertin has over 25 years of broad-based experience in financial services law and consumer and regulatory compliance.
Mr. Dabertin’s career includes extensive experience in consumer lending, safety and soundness, and anti-money laundering. His work in consumer and regulatory compliance at large financial institutions has been marked by innovations that resulted in fundamental structural changes to existing firm-wide compliance activities, including with respect to regulatory change management, risk assessments, and vendor management.
Mark T. Dabertin is special counsel in the Financial Services Practice Group of Pepper Hamilton LLP, resident in the Berwyn …
Steven Slavens’s practice focuses on corporate/commercial law, with an emphasis on technology and outsourcing matters in the financial services sector. He has also advised on complex technology and outsourcing transactions across a wide swath of industries. Recently, his work has included working with clients on integrating agile development approaches into their enterprises, and collaborating with clients on the development of risk-based contracting approaches for cloud solutions. He has worked on a wide range of corporate and commercial matters, including launches of new payment and credit card products, sponsorship agreements, contest rules, marketing initiatives, public and private acquisitions as well as securities offerings and corporate governance matters.
Steven Slavens’s practice focuses on corporate/commercial law, with an emphasis on technology and outsourcing matters in the financial services sector. …
Print and review course materials
Method of Presentation:
Experience in financial services law
NASBA Field of Study:
Management Services - Technical
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About MetricStream Inc.
MetricStream, the independent market leader in enterprise and cloud applications for Governance, Risk, Compliance (GRC) and
Quality Management, makes GRC simple. MetricStream apps improve business performance by strengthening risk management,
corporate governance, regulatory compliance, vendor governance, and quality management for hundreds of thousands of users
in dozens of industries, including Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government,
Hi-Tech and Manufacturing. MetricStream is headquartered in Palo Alto, California, with an operations and R&D center in
Bangalore, India, and sales and operations support in 12 other cities globally. (www.metricstream.com)
About Protiviti Inc.
Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.
Ranked 57 on the 2016 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
About Pepper Hamilton LLP
Formed in 1890, Pepper Hamilton LLP is a multi-practice law firm with more than 500 lawyers nationally. The firm provides corporate, litigation and regulatory legal services to leading businesses, governmental entities, nonprofit organizations and individuals throughout the nation and the world.
The financial services industry is changing rapidly. The expansion of financial institutions into new areas – securities, mutual funds, hedge funds and insurance – requires a group that has the breadth and depth to handle all these needs, needs met by the lawyers in Pepper’s Financial Services group.
Representing lenders in transactions is a significant part of our work. We also represent corporate clients in their borrowings; represent clients in asset sales and securitization transactions, representing issuers of public and private debt securities, beneficial holders of such securities and trustees; counsel our bank clients in hostile takeover attempts, auction processes for possible sales, and other corporate governance matters.
The list of federal agencies, laws and regulations that govern banks and other financial institutions seems endless and ever-growing. Add the overlay of state regulation on many institutions, and the picture gets even more complex. We also help commercial banks, bank holding companies, foreign banks, mortgage finance companies, and savings and loans to comply with all regulatory requirements.
About Torys LLP
Torys LLP is an international business law firm that works with clients who expect the best advice and exceptional service. Torys’ dedication to excellence across practice areas and industries has resulted in an enviable record of experience in Canada and globally. Teamwork is one of the firm’s distinguishing features, reflected in all aspects of how the firm partners with clients and collaborates internally. Long-standing clients continue to retain Torys not only for its excellent service and legal expertise, but also because of a shared value for lasting partnerships based on trust and respect.