Vendor risk management is a process that aims to deal with the risks associated with working with vendors. This process begins when the company is first vetting the vendor and continues through the contract phase and throughout the life cycle of the vendor relationship.
Before the vendor is hired, the bank needs to conduct due diligence. That includes assessing the credit risk of working with the vendor. They need to determine if the vendor is reliable and follows sound security protocols. All the risks of using that vendor need to be assessed and evaluated before an agreement is ever made with them.
The contract manager is responsible for ensuring that the agreement is not only negotiated to benefit the institution but also for making sure the contract includes all issues of regulatory compliance and bank policy. Vendor risk management continues with monitoring the vendor to ensure they fulfill the contract appropriately, completely, and with adequate safety and security.
One goal of vendor risk management is to reduce the risk that a vendor will fail to deliver the services they have been hired to provide. This transaction risk comes from vendor mistakes or failures that can adversely affect the FI and its customers. It can also come from fourth-party vendors that the third-party vendor hires to do a portion of their part of the bank’s work. Dealing with concentration risk that comes from relying too much on one vendor is another piece of vendor risk management.
When dealing with third-party service providers (TSPs) that supply technology solutions such as software as a service (SaaS) software, the challenge for vendor risk management is to ensure that the financial institution’s data and their customers’ data is secure. The TSP needs to undergo risk assessments before and throughout the vendor relationship.
Financial institutions rely on vendors to apply the same adherence to regulations as the FI does itself. After all, it is ultimately responsible for everything the vendor does on its behalf. Vendor risk management seeks to ensure that vendors have processes in place and stay compliant with all regulations that apply to them.