Skip to content

Understanding your gaps with Third-party Risk Management regulation

From our experience of reviewing and implementing financial services operational resilience, the Third-Party pillar usually requires action to enhance the approach and close urgent regulatory gaps.

Our observations fall into common categories:

  • The operational risk register does not include third-party risk management and often internal operational risk standards and RCSAs are not extended to third parties
  • Lack of a defined third-party framework leads to an inconsistent approach and no definition of roles and responsibilities throughout the supplier lifecycle (assessment, onboarding, monitoring, management, offboarding)
  • Missing or incomplete third-party register in accordance with regulatory requirements
  • Poorly defined or non-existent approach to risk assessing and segmenting all suppliers in accordance with regulatory requirements
  • Inconsistent risk assessment, oversight, monitoring and management of material outsourcers or suppliers
  • Incomplete exit plans and business continuity for material suppliers in accordance with regulatory requirements
  • Supplier monitoring does not ensure third parties are aligned to key business services and performance is within impact tolerances

For firms that are concerned about regulatory gaps and their exposure to third-party risk, we’d suggest an urgent internal audit review to give you a clear picture of the required actions.

If that’s not possible, FourthLine can provide a ten-day high-impact review where our expert team:

  • assesses existing Outsourcing and Third-Party artefacts and approach
    considers audit findings (if applicable)
  • reviews third-party requirements aligned to the operational resilience programme and investment plan
  • assesses the approach against regulatory requirements
  • benchmarks your programme against best practice and peer approaches
  • provides a report and recommendations outlining gaps and suggested actions

Please click here to enquire about our TPRM high-impact review.

 

How FourthLine can help:

FourthLine is working with a number of financial service firms to help them with Operational Resilience enablement and Outsourcing and 3rd-Party Risk Management, through a mixture of end-to-end consulting and resourcing options.

July 28, 2022
Daniel Waltham
Responsible for leading client relationships and new business sales. Dan takes a lead role in customer engagement, identifying, creating and designing solutions to help our customers with risk and regulatory challenges. 13 years of experience working with financial services businesses across risk, compliance, data protection and regulatory change.
Contact Us

Company Number: 6952875

VAT Number: 981375491

Privacy Policy

Complaints Procedure

Code of Conduct

CONNECT WITH US

Stay up to date with industry news, risk and resilience events and webinars.

Copyright © 2022, FourthLine. All Rights Reserved.