Julie Hubbard, Director Strategic Operations and Nitin Joshi, Senior Manager Quality & Vendor Control at One Savings Bank will be delivering a presentation at the upcoming 2nd Annual Vendor & Third Party Risk EMEA Summit. Ahead of the conference we interview Julie and Nitin for their insights on maintaining effective oversight of third party vendors.
Can you please tell our Risk Insights readers about yourself and your professional experiences?
Julie – My current role with OneSavingsBank is the Group Operations Strategic Director located in Kent. I am originally from Newcastle and generally travel between Newcastle, Kent and India on a regular bases. I have been working with OneSavings Bank for just over 3 years and have worked in the Financial Services section for over 25 years working in various banks and buildings societies practically since leaving school. I am an experienced professional in Operational, Change and Quality Management.
Nitin – I joined OneSavings Bank in 2014 as Quality Controls Manager and took up additional responsibilities to set up the Vendor Management & Controls team in 2015. In this role I am responsible for ensuring adherence across the group to the Vendor Management & Outsourcing Policy and thus ensuring that third party relationships are appropriately and effectively managed. Prior to OneSavings Bank, I spent 11 years with AOL & IBM managing outsourced customer service operations. During this tenure I specialised in implementation of Quality Controls Framework and gained an understanding around operational risks from a third party perspective.
At the Vendor & Third Party Risk EMEA Summit, you will be delivering a presentation on maintaining effective oversight. Why do you believe this is a key talking point at the Summit?
Maintaining an effective oversight around Vendor Governance is a key focus area as it’s one of the pillars in the risk management lifecycle and governance structure to ensure all key residual and inherent risks associated with identification, initiation and ongoing management of services provided by third parties are understood and managed effective while also ensuring all agreed joint contractual commitments are being adhered to.
Also, in an ever changing technology, regulatory and economic environment having an effective oversight model in place helps businesses to continually develop and understand key risks associated with outsourcing of services.
What risk exposures should risk professionals consider?
There are various risks that need to be considered at different stages of the third party life cycle considering identification, initiation, ongoing day to day management and exit of third party services.
Key risk areas are generally considered based on a financial, technical, reputational, customer, legal and a regulatory perspective depending on the type of services being outsourced, what controls are in place the effectiveness and the business risk appetite.
Can you explain some of the differences in oversight and control of large suppliers versus smaller ones?
The difference in oversight does not generally change based on the size of the supplier and is based more around the type of services that the third party is providing, the identified inherent and residual risks and criticality of the services being provided for your business.
Based on experience more larger organisations are more established and have a more embedded framework already in place to comply with third party management and oversight requirements due to the larger organisations having their own outsourcing policies in place. This can be seen as a positive as the understanding and compliance to third party management can be easier to implement and evidence although issues can be identified if differences in policies and operating standards are identified whereby smaller organisations have been seen to be able to be more flexible in adopting tailored requirements to business needs.
How do you see the role of the vendor risk professional changing over the next 6-12 months?
The increased need to introduce and enhance a robust vendor management programme within organisations should increase over the next year raising the profile, understanding of risk management in this area and overall benefits as a core business strategic function within more businesses. There are various considerations where the role of a vendor risk professional will grow considering different economical, legal and compliance aspects supporting businesses to ensure that all risks that are identified are proactively being managed and risk assessed for all outsourcing services or contracted third party services.
Some areas of consideration are around the impact on services due to Brexit, new legislations such as anti-slavery, GPDR regulations and the every evolving IT world and IT security. It is a very interesting time in the ever evolving vendor management world which is continually proving to be a value add to any organisation.