Third-Party Risk Management in Financial Services

21 Dec 2016
by Archit Mishra, Jimit Arora, Ronak Doshi

Financial services firms engage with a number of third parties including outsourcing vendors. Some of the reasons for this are cost containment, access to talent pool, improving time-to-market, and adopting technology solutions. Third-party vendors play a critical role in the financial services ecosystem; however, they also pose some risks that need to be managed. Third-party risks emanate from relying upon outside parties to perform services or activities on behalf of an enterprise. Regulators expect enterprises to be responsible for all activities, regardless of whether they have been performed by a third-party or internal resources. Therefore, it is important for enterprises to manage risks from third-party relationships.

As financial institutions increase dependence on third parties to deliver critical business processes and services, the complexity of oversight also increases. Third-party relationships are under increasing scrutiny by regulators globally, including the U.S. Office of the Comptroller of the Currency (OCC), Financial Industry Regulatory Authority (FINRA), the UK Financial Conduct Authority, the Prudential Regulation Authority, and the Monetary Authority of Singapore.

Third-Party Risk Management (TPRM) refers to a structured approach to identify, manage and mitigate risks arising from parties other than the financial services firms or the end-consumers. To stay ahead of competition and ensure compliance, avoid fines/penalties, and manage business risks, financial services firms are focusing on containing costs of compliance and adopting disruptive business models, and mutualizing costs through shared utilities.

In this research we highlight the importance of efficient TPRM practices and define the best-in-class operating model of a TPRM practice.

Scope of the analysis

  • Industry: Banking, Financial Services, and Insurance (BFSI)
  • Geography: Global

Key findings of this research are

  • The lack of standardization with regards to collecting and distributing due-diligence data lead to duplicate efforts, creating costly and inefficient processes
  • The standardization of technology infrastructure for Third-Party Risk Management (TPRM) enables enterprises to drive efficiencies in the entire TPRM value chain and automate several tasks
  • Financial services firms can benefit from industry collaboration in the field of TPRM to adopt modern technologies as well as mutualize costs
  • Shared utilities help firms to reduce costs, improve vendor information collection process, provide real-time visibility & continuous monitoring of risks, and equip financial services firms with data and analytics to respond to regulators’ demands
  • Shared utilities empower financial services firms to gain competitive advantage by reducing costs of several non-core activities such as vendor information collection and due-diligence
  • Financial services firms need to overcome challenges of change management, perceived loss of control, and security of vendor information to drive adoption of shared utilities


Banking, Financial Services & Insurance (BFSI) - Information Technology Outsourcing (ITO)


Page Count: 20