Vendor Risk Management


Banks and financial services institutions often depend on hundreds of vendors to fulfill their business processes. Single sourcing puts institutions at risk by making them too dependent on one vendor. On the other hand, multiple sourcing dilutes vendor accountability, and makes vendor collaboration and coordination much more challenging.
In both sourcing models, vendor risks are high, and should be managed and mitigated through a robust Vendor Risk Management (VRM) approach. Regulations such as PCI DSS, Basel II, FFIEC, GLBA, and SOX all require effective VRM, especially for vendors who have direct access to an institution’s assets and systems.

Reasons Financial Institutions are Collaborating with Vendors

Banking and financial services institutions outsource many vital functions to third-party vendors, as well as procure diverse set of product and services from them. This approach provides multiple benefits, including:
  • Performance boosting
  • Cost reduction
  • Access to specific expertise
Some of the areas where institutions are outsourcing their processes to third party vendors are:
  • Customer facing activities
  • General Operations
  • Regulatory compliance activities

Types of Vendor Risks

Although hiring a third-party vendor makes processes simpler and more cost-effective, it also brings in multiple risks such as breach of confidentiality, breach of contract, data errors, fraud, and loss of data – all of which have the potential to lead to financial and reputational loss. However, such vendor associated risks are unique, and depend on the type of vendor chosen, as well as the process or service outsourced.
Typical areas of vendor risks include:
  • Strategic risk
  • Reputation risk
  • Industry risk
  • Geographical risks
  • Compliance risks
  • Operational risks
  • Transaction risks
  • Credit risks
It is becoming increasingly important to identify, understand, and effectively manage and mitigate all the above risks, especially in light of the global economic downturn which has resulted in greater regulatory scrutiny.
Many large organizations have thousands of vendor relationships that need to be examined regularly by regulators, board of directors, and internal and external auditors. Therefore, it is vital for these organizations to exercise greater control and oversight over the activities of their vendors.
A lack of vendor risk management practices and associated control mechanisms can significantly harm an organization’s financial and legal standing, as well as its reputation. New regulations are also driving organizations to have a greater understanding of their third-party relationships, while at the same time providing them with a framework to manage third-party risks.

VirtusaPolaris Offers Solution to Manage Vendor Risk

VirtusaPolaris, in a partnership with MetricStream provides a comprehensive, scalable, and Web-based solution that is designed to help banks and financial institutions effectively manage vendor risks, performance, and governance. Leading institutions are replacing their point solutions and paper-based systems with MetricStream’s solution to streamline and automate the vendor management life-cycle, and gain real-time visibility into vendor risks and controls.

Ontology Based Solution that Offers the Following Benefits:

  • An integrated approach to manage vendor risks and issues.
  • Streamline vendor risk assessments by providing them with secure access to an online application for assessment completion, viewing performance and alerts & notifications.
  • Map vendor risk assessments to organizational policies and regulations to ensure compliance.
  • Automatically update vendor’s risk profile based on benchmarking and assessment responses.
  • Measure and manage vendor risk based on multiple performance indicators.
  • Enable collaboration and data consolidation with vendors across regions and countries.
  • Generate flexible vendor risk reports to manage vendor relationships and strategies.