What do financial industry regulators want from third-party risk management?
Homer C. Hill, a principle in KPMG’s Regulatory Risk practice and former Senior Vice President at the Federal Reserve Bank of New York, shares that regulators view third party risk management as critically important to the resilience and stability of the overall financial system. Regulators want to see that organizations have clear governance, including well defined roles and responsibilities across the lines of defense, and a methodical, transparent, documented approach to assessing, ranking, and monitoring. And they like to see third party oversight that is closely aligned with an organization’s overall risk management program. A good general rule for effective risk management is for organizations to demonstrate methodical processes, sustainability, and transparency.