I believe I have made up a new Acronym for Compliance, KYV â€“ Know Your Vendors.
The reason why knowing your vendors is important is the associated Risks that they bring to your Financial Organization. From the Vendor that â€œwaters your plantsâ€, to â€œdelivering your lunchâ€, if your financial Institution has not fully vetted these vendors, your Company is at Risk. Examiners not only review your clients but apply the same Compliance regulations to any of your existing vendors that have access to your buildings.
Creating your vendor risk management program from the start is a challenge that overwhelms many Chief Risk Officers. Just ask the CRO to provide you with an accurate list of vendors and watch the expression on their face. Most of the lists are not centralized, outdated, and have no accurate contract start dates along with the contract terms.
In any organization, your vendors should be included in your Risk & Compliance Program with policies, processes, procedures, and standards.
The first step in this process is for getting executive sponsorship and the funding to make it work. Usually, this is what you will encounter:
- Inventory and categorize your vendors to understand the risks inherent in your vendor portfolio
- Develop and communicate expected controls standards and workflows for your vendors
- Develop methods of assessment (commonly questionnaire-based) to assess vendorsâ€™ controls
- Within your Compliance Program manage the remediation of any issues identified.
Then a series of questions you should ask yourself are:
- Does my assessment methodology effectively address the risks I intend for it to address?
- Do my vendors understand the questions Iâ€™m asking?
- Do their answers make sense?
Find the Gaps, and you are on your way to KYV.
KYV Benefits you will gain using a Risk & Regulatory Compliance Management Software Platform:
- Consistently identify high-risk vendors
- Accelerate reporting to management and regulators
- Provide for easy tracking of program progress and issues remediation
- Streamline portfolio-wide vendor risk reporting
- And facilitate the analysis needed for continuous improvement efforts
Improving alignment with business and regulatory requirements helps ensure that the KYV assessments have the appropriate scope of content and are risk-aligned to your available resources. Improving veracity by sampling control execution helps identify easily resolved risks that might otherwise go unnoticed. Including a vendor management software platform in your technological needs bucket is a must.
Now that you have a taste of the importance of KYV, you will never look at your vendors in the same light, and get to know them like you already know your customers.
*Rethinking Vendors logo is property of VendorCentric.com