Leveraging lessons learnt from heavily regulated industries to identify best procedure

The views and opinions expressed in this article are those of the thought leader and not those of CeFPro.

By Orlando Fernandez Ruiz, Senior Technical Specialist, Governance, Remuneration and Controls, Bank of England

How have or can heavily regulated industries help to identify best practice for supply chain management?

There is a long history of regulatory and supervisory oversight over firms’ outsourcing, third-party and supply chain dependencies in regulated industries, such as financial services. In recent years, financial regulators around the world have been updating their regulatory standards in response to changes in industry practice, such as the growing dependency of firms on a diverse ecosystem of technology third-party suppliers, including in respect of their critical operations. Financial services is one of the biggest consumers of third-party services, including cutting-edge technology solutions. Their reliance on fast-moving technologies, make it essential for regulators to keep up-to-date with fast-moving technology developments and adjusts their standards and supervision accordingly.

How has maturity of regulatory standards increased in the last year – In particular, with the increased focused on resiliency?

Resiliency has always been pivotal for financial institutions and financial stability but in many ways, in the past few years, this has become ‘official’. Regulators around the world have been issuing new or revised standards to enhance the resilience of the firms they regulate and the sector as a whole. In addition, COVID-19 has been both a major test of the financial sector’s resilience and a catalyst for even greater and faster adoption of third-party technology solutions.

In your opinion, how can an organisation best leverage resources, expertise and external systems to identify best procedure?

There are multiple ways to do so, but two that particularly stand out are:

1) Effective board and senior management engagement: Firms need to have a third-party management strategy and an understanding of their critical third-party dependencies and both need to be visible to and endorsed by the board and senior management. These issues go to the core of firms’ strategies and resiliency and can no longer be relegated to vendor management teams with no access to key decision-makers.

2) Multi-disciplinary teams are also becoming increasingly important. Effective, firm-wide management of third-party dependencies and risks increasingly needs input from multiple areas of a firm: compliance, legal, technology, procurement risk management as well as the frontline business lines who are often the main users of third-party products and services.

What role can data analytics play in the management of third party risks?

Record-keeping and mapping are essential and will become even more so in coming years. Firms need to devise effective ways to map and manage their third-party dependencies and how they may impact on their most important business services. There may also be opportunities to use mapping tools to automate elements of firms’ vendor management.

How to you foresee third party and supply chain risks evolving over the next 2-3 years as we emerge from the pandemic?