And How to Reduce the Risk of It Happening to You.
The COVID-19 pandemic has been a trying time for everyone including financial institutions working with third-party vendors.
From falling short on service to not sharing enough information about pandemic planning, many FIs reported having issues with critical third-party vendors, according to the Risk Management Association’s COVID-19 and Third-Party Risk Management Impact Survey.
RMA found that 25 percent of financial services companies experienced issues with critical third or fourth parties not being able to deliver services as a result of the COVID-19 pandemic and that only 63 percent of vendors are meeting service level agreements (SLAs) and expectations.
What went wrong?
- Over 40 percent of financial services companies reported delayed or nonexistent support from areas like customer service and tech support.
- Over a quarter of FIs had a period of unstable vendor connections or inability to connect to networks and systems.
- Over 20 percent dealt with increased outages or system availability issues.
- Another 20 percent were impacted by ransomware attacks on third-party vendors.
A Failure to Plan
Why did so many critical third-party vendors struggle? It may have had something to do with the lack of planning.
Many vendors failed to deliver business continuity management and pandemic planning documentation, suggesting there may not have been concrete plans in place to deal with the sudden upheaval introduced by COVID-19.
More than a third (39 percent) of FIs weren’t able to get updated business continuity plans from critical third-party vendors. Less than half of FIs had received a detailed pandemic response plan in the 45 days before they took the survey.
The Pandemic Has Changed Vendor Monitoring
The pandemic has influenced FIs’ requirements for ongoing monitoring of critical third parties at over half of institutions (51 percent). Oversight and monitoring at 69 percent of FI respondents now has a heightened focus on specific risk areas like financials, cybersecurity, business resilience, and other operational risks.
The vast majority (over 80 percent) of FIs are monitoring these areas through email communication, with half also deploying questionnaires and relying on risk news, external resources, or internal scorecards.
The Good News
The good news to takeaway from these disappointing results is that vendor management solutions exist to mitigate many of these problems. Rather than nagging critical vendors for a pandemic plan that your contract should have required them to deliver you in the first place, FIs can outsource the collection and analysis of third-party vendor pandemic plans and BCPs to help your FI make risk-based decisions about that vendor.
Similarly, there are survey tools that allow an FI to quickly draft questionnaires and send them to vendors so that the FI can capture and respond to any COVID-related information in real-time.
There’s more good news. As the financial services industry, including regulatory agencies and examiners, shift to focus more on risk, it’s good to see that FIs are adopting the same approach to vendor management. Rather than giving equal attention to all areas, FIs are drilling down into areas of key importance and putting less emphasis on lower risk activities. It’s a smart strategy that not only aligns a FI with regulatory trends, it’s also a best practice.
If you’ve faced vendor challenges this pandemic, it’s not too late to find better ways of managing the risk of outsourcing to critical vendors during a pandemic and embracing risk management.
To learn more, download our webinar Unprecedented: COVID-19, Vendor Management & the New Normal.