Building an Independent Financial Services Third Party Risk Clearinghouse Organization

Client

Booz Allen Hamilton

Advisor

Semester

Fall 2015

The latest financial crisis resulted in new regulation and renewed scrutiny over financial institutions’ internal risk management. This has led financial institutions to spend a significant amount of resources and time in the due diligence processes before onboarding third-party vendors. Banks are carrying this activity independently from one another and on an overlapping pool of third parties. This results in a duplication of effort and creates the potential for streamlining due diligence through the creation of a Third Party Risk Clearing House Organization (TPRCO) bridging banks and third party vendors.

This report evaluated the feasibility of creating this centralized body through independent research as well as extensive interviews with professionals within the financial industry, services providers, regulators and other relevant actors. This paper identified the current state in the field of third-party risk management, present obstacles and challenges in the implementation of the TPRCO, and the potential future conflicts among stakeholders.

The Capstone team found that the creation of a body undertaking such an activity will face obstacles related with compliance and regulation, capacity building, geographic coverage, and non-disclosure agreement management. Considering the existence of independent vendor risk management companies, this paper recommended the creation of an alternative industry-wide consortium in which financial institutions would directly become stakeholders. The Capstone team believed this would achieve the following: 1) enable the TPRCO to benefit from the banks’ resources and expertise and gradually carry out due diligence for all functions and business lines; 2) solve the lack of a centralized body and become a platform for the gradual standardization of procedures; 3) bypass the risk of a low adoption rate and mitigate the necessity of regulators’ support and conflicts between actors; and, 4) build the adequate safeguards between banks to ensure proper data management.