Third Party Risk Management in Financial Services
Outsourcing remains a major trend in the financial industries resulting in higher efficiency, quality and lower costs. While the benefits of outsourcing are widely recognized the downsides and risks such as compliance, legal, reputational, operational or information security risk are often not understood and managed properly. As a consequence, high fines by the regulator, reputational damage or a loss of market share could be seen in the past.
To mitigate these risks a robust Third Party Risk Management (TPRM) framework is required. Our services are tailored to the needs of our clients focusing on PwC’s Consulting Services and PwC’s Managed Services
Regulatory Compliance
Ensure compliance with regulatory standards in the context of outsourcing and third party risk management.
Key Challenges
Regulatory compliance remains a key challenge for players in the financial services industry, because:
- TPRM is highly regulated across all industries and has already resulted in significant fines, especially in the banking and insurance industry
- Not only being regulatory-compliant but also staying compliant by focusing on new upcoming regulations requires significant effort and know-how
- Regulators judged on 14%* of the companies to have significant deficiencies and 31%* to have minor deficiencies in their TPRM process
Our Service Offering
Assure compliance with global regulatory standards, through:
- gap assessment by comparing current and upcoming regulations with the existing controls and checks in place to identify required changes (regulatory health check)
- Supporting the implementation of new / changed regulatory requirements by providing a structured project management approach and the right experts (e.g. SMEs for specific regulatory requirements)
* Source: The Development of Third Party Risk Management Practices (2017), Center for Financial Professionals – MyComplianceOffice (MCO)
Global Regulations in the Financial Services Industry
Operational Efficiency
Optimise the target operating model (e.g. by standardised and risk-based processes) to reduce risk, complexity and costs.
Key Challenges
Generally speaking, TPRM is a complex, long and cost-intensive process because of:
- the complexity of the due diligence questionnaires across all industries (average duration 53 days*)
- various internal and external stakeholder require coordination
- static approach treating/ assessing all suppliers similar instead on their risks
- the static approach to treating/ assessing all vendors, independent of their individual risks
Our Service Offering
Improve operational efficiency and reduce risks by:
- Analysing the current processes to identify potential options for improvements.?Based on our experience key topics are around implementing a risk based approach, standardization of the assessment, centralisation and potential outsourcing of operational tasks (“TPRM as a Service”), automation of the assessment process (robotics)
- Designing and updating the target operating model to reflect the identified improvements
- Providing implementation support by selected experts ensuring a high quality delivery
* Source: The Development of Third Party Risk Management Practices (2017), Center for Financial Professionals – MyComplianceOffice (MCO)
Digitalisation
Have the right digital solution (e.g. F2B TPRM tool, RPA) in place to enable the automation of TPRM processes.
Key Challenges
Digitisation is a key enabler for implementing an efficient and risk-based TPRM Framework, given that:
- 50%* of the companies use tools like Excel, Access etc. to manage their third party risks, which lack required functionalitiesl, such as: F2B process coverage including specific views for each stakeholder (Vendor, Business Compliance, Vendor Management etc.)
- required reporting (KPIs) and ongoing monitoring functionalities (SLAs, sanctions, negative news etc.)
Our Service Offering
Support in finding the right digital solution based on the needs raging from a new TPRM software solution to automation of processes via RPA
- Assess current Target Operating Model to identify options to increase efficiency and to reduce risks and costs
- Design of the improvements so that they fit in the client's governance and control framework
- Support implementation / roll-out of the new solution guided by our experts ensuring a high quality delivery
* Source: The Development of Third Party Risk Management Practices (2017), Center for Financial Professionals – MyComplianceOffice (MCO)
Managed Services
As part of our managed service model we offer the following two services:
- TPRM as a service - Allows you to focus on your core business by outsourcing TPRM activities including operational tasks, risk assessments and case approvals in one of PwC’s Global Business Delivery Centers
- PwC’s TPRM tool - Can be tailored to your needs and supports you in managing the vendor life-cycle (onboarding & due diligence, monitoring & reporting, offboarding & termination) in a structured and efficient way
PwC’s TPRM 2.0 brings you to the next level by combining both managed services (see example below)
Contact Us
In case you would like to know more about PwC’s TPRM Service Offering our team of experts are pleased to get in touch with you.
https://pages.pwc.ch/core-contact-page?form_id=7014I0000006qQlQAI&embed=true&lang=en
