Interview with Erin Straits, Senior Vice President, Director, Vendor Risk Management, Fifth Third Bank
Third party risk management continues to grow as an area of increasing concern for institutions, as the increased digital environment and several high profile incidents highlight the importance of strong third party risk practices. Despite strong advances in this area, institutions still need to further enhance their third party programs to ensure they add value to the business. Financial institutions need to ensure they effectively manage vendor relationships to remain compliant.
Erin Straits, Senior Vice President, Director, Vendor Risk Management at Fifth Third Bank recently spoke with GFMI about key topics to be discussed at their 4th Edition Third Party Vendor Risk Management for Financial Institutions Conference:
What has changed in third party risk management in the last year? Why is it still a major issue for financial institutions?
ES: In the last year there has been additional focus on the lines of defense (LoD), and clear roles and responsibilities. Ensuring everyone has a clear understanding of their role in managing vendor risk is a key to success. Third Party Risk Management is still a major issue because the regulatory guidance that was set out in 2013 is only three years old. Most institutions implemented a VRM program and framework, but in the last year are finally taking a step back to look for enhancements. There is no competitive advantage in doing Vendor Risk Management “right,” so many banks are sharing best practices and VRM Roundtables have been created. This collaboration allows us to continuously look for refinement and improvement opportunities.
What is the key challenge in establishing a strong vendor risk management framework?
ES: This may sound cliché, but the key to establishing a strong vendor risk management framework is support and buy-in from senior management. There are many facets to ensure an effective VRM framework in both due diligence and on-going monitoring. Employees who are the vendor owners and many of the risk experts who support due diligence and ongoing monitoring do not report into VRM. Therefore, if there is not appropriate support for employees to adhere to and comply with the VRM framework, then it will be very challenging to have a successful program.
What tools are important in creating a consistent vendor risk management framework?
1) A risk-based inherent risk scoring model that ensures a risk-based approach.
2) Reporting to ensure all stakeholders (risk experts, service owners, vendor managers, sourcing, etc.) are aware of the health and performance of the vendor, items that need escalation, and overall compliance with the VRM program.
3) Training & Awareness to ensure everyone understands their role in managing the vendor management lifecycle
How can institutions ensure their vendor risk management framework remains up-to-date?
ES: Ensuring VRM is held accountable through a governance structure will ensure the VRM framework stays up to date. At Fifth Third, we have a Vendor Management Steering Council that reports into the Operational Risk Committee. The meetings are bi-monthly and we review changes to the VRM program or policy, vendor health, QC results, items needing escalation, new rules or regulations. Senior members including the Chief Risk Officer are members of the Council and ensure that the appropriate actions are being taken.
What do you think attendees will gain from attending this next edition of the event?
ES: As I mentioned earlier, VRM is not a competitive advantage. The more we can come together as an industry and share best practices, the more efficient we will all be, as well as ensuring we are focused on the right risks.
The 4th Edition Third Party Vendor Risk Management for Financial Institutions Conference (September 12-14, 2016 in San Francisco) continues the work of its predecessors to enable institutions to understand the latest developments in third party risk management. The vendor risk management community will learn how to effectively incorporate the latest regulations, such as the FFIEC Appendix J, into their strategies, and optimize their processes to aid effective third party risk management. Case studies will cover the latest data management and fourth party risk strategies to allow institutions to advance their third party risk programs to effectively manage the latest threats from their vendors.
About Erin Straits
Erin Straits is Senior Vice President and Director of Vendor Risk Management at Fifth Third Bank. She is responsible for the oversight of Vendor Risk Management throughout the enterprise including due diligence and ongoing monitoring of vendors, as well as the Third Party Complaint program. Erin assumed her role as Director of Vendor Risk Management in March of 2015. Previously, she was the Enterprise and Operational Risk Senior Manager for the Consumer Bank for four years. Prior to joining Fifth Third in 2010, Erin worked for Toyota’s North American headquarters in several different capacities, including Purchasing, Compliance and Risk Management.
About Global Financial Markets Intelligence
GFMI is a specialized provider of content-led conferences for the financial markets. Carefully researched with leading financial market experts, our focused quality events deliver key bottom-line value through targeted presentations, interactive discussions and high-level networking opportunities.