McKinsey & Company’s Hamid Samandari, John Walsh, and Emily Yueh have written an article on how financial institutions are now being held accountable for the actions of their suppliers. The Consumer Financial Protection Bureau (CFPB) and other regulators “are holding financial institutions responsible for not only their actions but also for those of their vendors and suppliers.” As an example, American Express, Captital One, and Discover Bank, in the past year, have paid in total more than $530 million due to third-party supplier bad behavior, such as deceptive selling. This has caused a number of banks to focus on new solutions to identify and manage third-party risk. McKinsey has developed a six step approach to managing this type of risk (click on the article to read about these steps in more detail). The steps:
- A comprehensive inventory of third parties
- A comprehensive catalog of third-party risks
- A risk-based segmentation
- A rules-based due-diligence test
- A disciplined governance and escalation process
- An integrated management-reporting and workflow process and tools
