Identifying fourth parties and beyond to track dependencies and mitigate risk of service failure

The views and opinions expressed in this article are those of the thought leader as an individual, and are not attributed to CeFPro or any particular organization.

By Jeremy Resler, SVP, Director Third Party Risk Management Governance, U.S. Bank

How can a better understanding of fourth parties help with mitigation of risk of service failure?

For many years, financial institutions relied upon service providers and other Third Parties to support business activities and the delivery of products and services to customers. Since companies do not exist in a vacuum, there is often a chain of interconnected and contracted entities leveraged by these providers to ultimately establish the end services used by the engaging financial institution. This chain of reliance and associated risk are often considered in terms of data, but there is a much wider array of possibilities, including location, resiliency, technology, credit/monetary, and reputation.

Both matured and evolving financial institutions should establish tailored Third Party Risk Management frameworks to better understand Fourth or Nth party risk in such a way that is meaningful and reasonable for their risk profile. Awareness of critical fourth party support, including data access, location, and other factors, helps round out awareness of the larger risk environment by offering further visibility into planning, concentration, and potential path of various impacts. With increased cybersecurity, technology, pandemic, and other risks, impacts could be triggered through a domino chain of events or occurrences. Armed with reasonable subcontractor awareness, banks can plot potential weaknesses and drive focused mitigation strategies that enable prompt response. At the same time, it is important to leverage a risk-based approach in terms of “Nth” parties—at the level of 5^th, 6^th or 7^th Parties, it is often less likely that there are material providers relative to the financial institution not already involved higher up the chain—as such, expending energy at much deeper levels could present diminishing returns for the resources leveraged, which may be better expended on the bank’s clear and present risk profile.

Jeremy will be presenting at the Vendor & Third Party Risk USA Congress. This event will be taking place on October 7-8 at the Crowne Plaza Times Square Manhattan. Click here to view the full agenda, and find out how you can register for this live in-person Congress!