Banking on Security: Unveiling the Secrets of Third-Party Risk Management in Financial Services

By Patrick Van Hull

Throughout our webinar, “Banking on Security: Unraveling the Secrets of Proactive Resilience in Third-Party Risk Management,” Chris Ballantyne of TD Bank, Michael Nassar of Deloitte, Jennifer Bisceglie, CEO and founder of Interos, and I delved into the landscape of managing third-party risks and the wide range of opportunities for financial services leaders to realize the value-generation opportunities of TPRM.

The financial services sector faces an ever-shifting panorama of risks, demanding a proactive stance to stay ahead. Traditional approaches are no longer sufficient; organizations must embrace real-time monitoring and continuous risk assessment. Disaster recovery and business continuity planning must evolve to encompass new risks and scenarios.

This transformation entails shifting from defensive to offensive strategies, focusing on mitigation, and adopting digital supply chain programs to develop comprehensive approaches to risk management.

Harnessing Data and Advanced Analytics for Effective Risk Management

Improving data quality and adopting advanced analytics and AI are central to this journey. These transformative tools streamline processes, enhance predictive capabilities, and enable proactive handling of third-party breaches. Organizations can swiftly identify and mitigate risks by leveraging external market intelligence and internal data analytics, bolster operational resilience, and protect against potential costs.

A clear majority of poll respondents in the webinar audience selected combining internal and external data to enhance risk assessment as a critical way to ensure technology and data integration in TPRM programs for maximum effectiveness.

The TPRM approach at TD Bank, according to Chris, also includes that sentiment: “We’ve been looking at how we can leverage data more effectively, both internal data and external data that are available, but also our suppliers and their supply chain, to figure out and triage an event more effectively, respond faster, and address them in a more timely manner to quickly shut down where that risk exists within our supply chain.”

Technology’s Influence on Operational Resilience and Compliance

Technology is both a boon and a challenge in the quest for operational resilience and regulatory compliance. While regulatory changes pose hurdles, they also spark innovation opportunities. Integrating commercial technology facilitates the transition from mere visibility to actionable insights, navigating the complex terrain of compliance while progressing along the industry’s maturity curve.

Nearly half of the webinar poll responses selected continuous compliance monitoring and management to encourage ongoing alignment with evolving regulations and industry standards in TPRM, with Michael’s thoughts expanding further: “to actually focus on that proactive element and respond with more agility and efficiency and effectiveness to the evolving threat landscape to the increase in incidents from third parties that is only going to frankly be impressive as a practice to regulators because it allows you to respond, assess, triage and action those incidents more quickly than you ever could before.”

Cultural and Technological Alignment

Crucially, this transformation necessitates alignment with cultural and technological shifts. Third-party risk management must become ingrained within organizational culture, grounded in data, and demonstrate tangible business value. Initiatives should start small but aspire to grand visions, moving beyond reactive approaches to emphasize proactive intelligence-driven decision-making.

As Jennifer puts it, there’s growing momentum toward “how do I do my day job faster, better, quicker, more efficiently, repeatable, and predictable? So, I don’t have to defend why I made the decision. I’m more focused on what I’m going to do with that decision. And that’s really been the big material change.”

Along the lines of that thought comes the fostering of a culture of shared responsibility for risk management, which was the most selected response to the poll question about how organizations can collaborate to embed TPRM capabilities into their culture effectively.

Setting a Path Forward

As Chris, Michael, and Jennifer see it, this journey toward resilience begins with mastering third-party risk management, which is not merely necessary for the future but is also a strategic imperative for financial institutions. Risk management may not be one-size-fits-all, but several core capabilities are essential in the path forward, including:

  • Building visibility by mapping third-party ecosystems to quantify risk exposure and continuously monitor critical indicators.
  • Leveraging trustworthy data intelligence combining internal and external sources to understand risk materiality.
  • Demonstrating actionability and agility in making decisions without compromising on risk.

To progress through ongoing expectations of uncertainty and rapid change, organizations must confidently navigate the turbulent waters of disruption and emerge stronger by embracing proactive resilience, leveraging technology, and fostering cultural alignment.

Watch a replay of the webinar here.

Assessing the Fallout of the Dali Cargo Ship Collision in Baltimore

Photo: David Adams / U.S. Army Corps of Engineers, Baltimore District, Public domain, via Wikimedia Commons

Interos is continuing to monitor supply chain impacts following the tragic collision between the cargo ship Dali and Baltimore’s Francis Scott Key Bridge. Impacts are already being felt as companies reroute shipments to other East Coast ports. The 11th largest port in the U.S., the Port of Baltimore handled $80 billion in foreign cargo in 2023. Maryland could lose $550 million to its GDP and $1 billion loss in total value of goods and services if the port is closed for 30 days. Early projections on potential global impacts vary, and come at a time when ongoing supply chain disruptions already cost the economy nearly $2 trillion dollars annually.

Interos is tracking several areas of concern in Baltimore:

  • Sectors like automotive, manufacturing, and energy, are most vulnerable to disruption. Baltimore is the top port in the nation for automobile shipments, having imported and exported more than 750,000 vehicles in 2022.
  • Auto imports are diverting to nearby ports like New York/New Jersey, Philadelphia, and Norfolk, Virginia, potentially leading to increased freight rates and congestion. However, many ports are already crowded with imported vehicles given a slowdown in EV and SUV sales. Some analysts predict auto manufacturers and dealers may moderate prices and offer discounts to move vehicles faster to avoid worsening backlogs.
  • Coal is another pressing issue. Baltimore serves as a crucial hub for coal exports, and an extended port closure could damage U.S. energy exports. Baltimore ranked as the second busiest port in the U.S. for coal exports last year, with India being the largest importer. While some coal shipments can be redirected, not all ports are equipped to handle coal imports.
  • Additionally, substantial amounts of nickel, tin, and copper stored in Baltimore may face increased transportation costs as suppliers resort to less cost-effective alternatives like trucking and rail.

This accident underscores how interconnected our nation’s vital supply networks are. It’s crucial for businesses to assess their nth Tier suppliers in the region to evaluate potential supply chain disruptions. Interos remains committed to providing relevant supply chain data to support informed decision-making.

Navigating Regulatory Storms: Resilience Watchtower™ Redefines Risk Management for Compliance and Growth

By Patrick Van Hull

The notion of risk management as a static, formulaic process is not only outdated but also a liability. The variables shift constantly and simultaneously, rendering antiquated approaches a drain on already limited time and employee capacity. Understanding and operationalizing resilience is crucial in this environment where everything is interconnected—it’s a matter of survival.

Consider the heightened scrutiny financial institutions face regarding third-party risk:

  • Recent regulations in New York mandate financial services organizations intensify oversight of third-party service providers, recognizing the potential for cascading impacts from breaches linked to third-party security failures.
  • New cybersecurity directives from the Securities and Exchange Commission compel companies to transparently disclose monitoring mechanisms for third-party providers.
  • In Canada, the Office of the Superintendent of Financial Institutions (OSFI) now holds companies accountable for “risks related to all third-party arrangements,” emphasizing “accountability for business activities, functions, and services outsourced to a third party.”

As these and other regulatory guidelines reflect an increasingly stringent landscape, non-compliance can carry severe monetary penalties and reputational damage. A recent deep dive into third-party risk management hosted by Interos and CefPro found most financial services executives anticipated increased enforcement action and regulatory fines for non-compliance.

Strategies for Enhanced Risk Management

Amid this complex and potentially costly environment that transcends industries, the need for precision in risk management has never been more acute. Organizations must identify and prioritize critical risks immediately, ensuring resources are allocated where they will significantly impact their revenue and resources.

Comprehensive frameworks, tailored risk modeling and monitoring practices, clear policies and procedures, and continuous assessment capabilities are essential to narrowing the gap between manual, inefficient processes and continuous, forward-looking risk management strategies.

While investing in advanced risk management capabilities may seem daunting, especially when resources are already stretched, operational resilience is emerging as a lifeline in the face of economic volatility. The head of third-party governance at a premier global bank said, “sharing the capabilities and benefits with other teams is the key to building a strong and resilient enterprise for the future.”

The returns are “invaluable” as organizations minimize disruptions and seize growth opportunities by taking a proactive approach to risk management. This strategic imperative protects operations and reputation, driving long-term value.

At Interos, we understand the need for a new approach to risk management. That’s why we built Resilience Watchtower™ – a groundbreaking solution that provides unparalleled precision and agility to navigate third-party complexities across global supply chains. This latest innovation in resilience prioritizes at-risk suppliers based on their impact to the business. By contextualizing intelligence, the technology enables proactive and tailored vulnerability mitigation to reduce the financial impact of supply shocks that cost the global economy $2 trillion annually.

Case in point: many large financial services companies are rightly concerned about whether small but still critical vendors can withstand cyber-attacks. One Interos banking customer manages this vulnerability by combining their custom inputs with the risk factors most important to their organization. This creates a shortlist of third parties they need to target for increased oversight. Aligning their bespoke risk-model with their business needs allowed the customer’s risk team to take faster and more precise mitigation actions.

Driving Long-Term Value with Resilience Watchtower™

In a world where every decision has cascading consequences, investing in advanced risk management capabilities is no longer a luxury – it’s essential for growth and profitability. Indeed, Interos customers gain an estimated $3 million in annual cost savings for every 10,000 suppliers they map, monitor, and model. With Resilience Watchtower™, organizations can strengthen their operations, safeguard their reputation, and capitalize on new opportunities.

See Resilience Watchtower in action here.