Data protection and security through improved risk assessments and monitoring approaches

Data protection and security through improved risk assessments and monitoring approaches

We interviewed Mark DeLuca, SVP Global Sales at Opus on the key topic of Vendor and Third Party Risk, the future for the vendor professional, branding and advice in regards to the safe and secure management of vendors.

How do you see the future of managing third party vendors?

There is a focus on regulators who are holding financial institutions accountable for their third parties’ information security practices. Therefore, the future of managing third party vendors is to make sure all your information is in one place. Cyber security, regulations and reputational risk are important, and it needs to be shown that sensitive information of third parties is secure.
As many companies only identify third party risks during onboarding and contract negotiation, the changes occurring during the contracted period often go undetected. For example, perhaps a principal leaves the company or the financial situation of the third party deteriorates.

What advice can you provide financial institutions in achieving safe and secure management of vendors?

All too often companies have information about their third parties spread throughout the organisation, making it difficult to manage properly. Financial institutions need to streamline and simplify the way they manage vendors by creating processes and systems specifically for third parties where data collection is made consistent and complete, risk assessment is more accurate and the management of these relationships more effective.
This can be achieved by collecting, assessing, managing and monitoring third party information in one place: across your enterprise, between your departments and with your third parties.

Without giving too much away, can you give us an insight into how organisations manage their “brand” internally?

In order to manage your brand internally your performance needs to be measured objectively with both the good and the bad being reported to your leadership team. Once your programme is up and running, make sure you hold yourself accountable for its performance. It is critical for the leadership team to be involved and to understand the effectiveness of the programme.

How do you see the role of the vendor and third party risk professional changing over the next 6-12 months?

We provide core risk services to 9 of the top global banks, 10 of the top US banks and 8 of the top European banks. Within these relationships we see vendor and third party risk professionals taking on the role of ‘enablers’, by allowing their organisations to safely navigate risks in order to take full advantage of lucrative business opportunities. Going forward the only way to be confident of monitoring, managing and responding to vendor risk and the new wave of compliance regulations is to continually review individual suppliers and vendors – any touch-point with an organisation is also a point of risk.