Email Contact Phone Company Visit Website

Boston Office

10 High Street, Suite 905




Gerald Clemente
[email protected]
Back to all Aite Group LLC announcements

Vendor risk management is rapidly emerging as a critical component of firms' operational-risk-mitigation activity

A three part report from Aite Group, Vendor Risk Management: Strength in Warning by Denise Valentine, looks at the topic of vendor risk management among commercial banks and the institutional buy-side asset management community. Vendor risk on areas like technology is a serious operational, financial, and reputational risk to the financial institution. Firms are tapping third parties to accomplish a multitude of business goals, particularly as they focus on core competencies to achieve growth and improved profitability.

It is apparent that vendor risk management teams are lightly staffed relative to the volume of risk assessments needed amongst the financial industry. It varies by firm, but most leverage staff from other functional areas such as IT, business continuity, and compliance to complete due diligence.

The regulatory spotlight is also on Vendor Risk Management. Regulators issue guidance on vendor assessments, but the specific detail of what is acceptable or not is left to the financial institutions to ascertain. Most financial institutions approach regulatory audits with some trepidation as to the regulators' interpretation of their program. Therefore, the best defense is having a risk management program that is re-validated annually and has a process that incorporates executive management, heads of business, vendor relationship managers, and multiple subject-matter experts.