Small banks seeking to manage risk from vendors and other third parties share something in common with a mom-and-pop retail store: They've got to continually take inventory. Eric Holmquist, president of Holmquist Advisory, an enterprise risk management consulting firm, says the key for small banks seeking to better manage risk from vendors is to rank those third parties according to their level of risk and continue to perform due diligence throughout the life of the relationship. "It's important to maintain a comprehensive and current inventory of all third parties where you're risk-ranking them based on the criticality of the service they provide along with the level of information that you're exposing to them and developing an appropriate due-diligence process commensurate with the level of risk of each of the vendors," Holmquist says. He adds that many community banks historically have failed to stay on top of their third-party relationships, often because of a lack of manpower and resources. Small banks typically focus on two or three core vendors that pose the most risk due to the important services they provide and the personally identifiable information they have access to, he explains.
展开▼