The Expanding Technology Third Party Risk Management Remit
Global Banks and Financial Institutions are under severe pressure to reduce operating cost while at the same time deliver on a Digital Transformation agenda that enhances customer experience and produces new revenue streams through expanded product offerings. To meet this challenge, these organizations are increasingly turning to Automation (RPA/AI) to gain operational efficiency and FinTech platforms to satisfy their digital agenda; both introduce incremental risk to their enterprise risk profile.
This dynamic is forcing Enterprise and Operational Risk leaders to re-think the treatment of technology third parties. As technology solutions have expanded beyond IT and are engaged across operations, Technology Third Party Risk Management first line and second line teams are being challenged to move beyond vulnerability and resilience to address the full spectrum of an expanded technology portfolio. To do so, FLOD and SLOD will need to be dedicated, multi-discipline teams. FLOD focused on collaboration across key internal parties with SLOD providing oversight and coordination with Audit, Compliance and enterprise leaders.
Working closely with procurement, Technology TPRM leaders need to establish clear positions on Right of Survivorship, Change in Ownership, Termination and other likely events when dealing with micro-venture backed companies. This will enable rapid contracting and establishing consistent risk categorization.