Joe, can you please tell the Risk Insights readers about yourself and your professional experiences?
I have a slightly unorthodox background in that I started out in engineering construction, building process plants all over the world. Since then I’ve worked in project management, consultancy, education and marketing. I’ve been at Metro Bank since 2011; it’s a truly extraordinary place and I’m here for the long term.
At the Vendor & Third Party Risk EMEA Summit you will be joining a panel discussion on the advantages and disadvantages of building industry wide utilities. Why is this a key talking point at the Summit?
No-one working in Financial Services can fail to be aware of the intense regulatory focus on third party risk right now. It’s clear that a lot of work to be done, but there is always the danger of creating a monster where 95% of the work is both worthy and ultimately worthless. All of us owe it to our suppliers – and to ourselves – to make the process as efficient as possible and utilities are a great way of doing this.
Do you believe there should be a different criteria of tests for organisations dependent on their status?
No. Tests should be based on the risk posed by the service supplied. However there is a strong case for ensuring SMEs aren’t excluded from any process. That might look like support through the process, or differential charging.
Can you outline some of the challenges of agreeing questions with other
banks to ask vendors upfront?
Organisational inertia. Asking several banks’ policy owners to agree on a common set of questions by committee can take an awful long time. It helps if each bank’s team is crystal clear about their organisation’s risk appetite, which makes both internal discussions with policy owners and discussions between banks easier.
It also helps if one bank is prepared to take the lead and others fall in behind, but that presents problems in itself. However, agreeing a tight, consistent common set of questions is vital, otherwise the whole benefit of the utility is lost.
How do you see the role of the vendor risk professional changing over the next 6-12 months?
I think there is already a good deal of collaboration, but I’d like to see more of it.
I see technology increasingly focusing vendor risk activity on the most important areas.
Most organisations already have good sources of data, albeit sitting in different systems. I think they are starting to realise they need to turn them into information which can be used to build a technology-enabled predictive model.