Third-party risk has increased for financial institutions just as it has for other sectors. What are their obligations and where can EY make a difference?
Digital changes and an increasing focus on core business are making the ecosystem of financial institutions grow. Working with third parties means that financial institutions are also becoming part of a larger, more complex but also a riskier network. How should they account for this reality in their Risk Management? A great number of obligations have been imposed in the past, but it keeps evolving. COVID-19 offers an opportunity to identify strengths and weaknesses. It is an exercise around which EY can create added value.
What we saw in other sectors could have an impact also in the financial sector: ecosystems are growing, under pressure from an increasingly important digital agenda. Financial institutions are increasingly concentrating on their core business, which means that as a result they are working more with third parties (TP). It is no coincidence that in recent years, various fintech players have emerged who are responding to this trend - in addition to the large number of traditional players that were already established in the market. This fact raises a number of questions, and it should. What is my place in the larger picture? And what is the impact on my business when one of those third parties fails or stops delivering? That is exactly what Third-Party Risk Management is all about.
Corona lays bare weaknesses in Risk Management
In itself, the coronavirus, and all the consequences it brings about, do not change much about the workings of Risk Management (RM). However, its unique and far-reaching nature does lead to a different and broader view of Risk Management. In the past, a pandemic was sometimes a blind spot in RM. It was identified, but ultimately assessed as something that was very unlikely to happen. Today it is becoming clear that, in the current reality of a wider ecosystem, this may not have been the right assumption. In addition, the situation is causing third parties to stumble and get to grips with their own resilience. Both financially and operationally. How are their finances? How are they continuing to deliver? This can change overnight and if you do not know what the risk is, this can cause obvious problems. These more complex ecosystems also have an international dimension. We witnessed how significant the consequences for companies can be with one of our customers, a Scandinavian insurer. Because a TP in Poland suddenly ceased all activities, certain processes could no longer be executed and delivered, which completely immobilized the insurer. What effect will the corona crisis have on TPRM? Hopefully, it will be a wake-up call.