The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.
By Jeremy Resler, SVP, Director, Third Party Risk Management Governance, U.S. Bank
How have you seen regulation evolve and what changes do you see ahead for vendor & third party risk management?
Regulatory expectations continue to keep pace with emerging risks in the broader environment, with particular focus on interconnected business, resiliency and event awareness, and technology oversight.
Given the pandemic impact on workplace shifts, ongoing volatility in travel restrictions, as well as continued economic fluctuation, regulators will likely continue scrutinizing banks’ abilities to demonstrate enhanced preparedness and monitoring, as well as forward-looking processes (as opposed to reactive activities) against a wide array of potential events. Similarly, given increased environmental disruption across the world (e.g., wildfires, severe weather), regulators may show increased interest in climate and environmental risk management across provider populations. More directly within the business arena, increased prevalence of innovative technology, remote connections, and money movement allow higher potential for fraud or general disruption—requirements will likely include granular expectations to sustain strength in “defense in depth” security layers, threat awareness, and 24/7 monitoring. While regulations and preparedness protocols cannot predict every event, it will become increasingly paramount that banks prove they can adapt and respond intelligently and quickly to the manifestation of multiple risks.