Kenneth Wolckenhauer, VP, Vendor Management at Nordea Bank speaks to the Center for Financial Professionals ahead of the Vendor & Third Party Risk USA Congress taking place June 14-15 2016.
Kenneth, please tell us a little bit about yourself and experience within Vendor Management?
I moved from financial crimes compliance to vendor management in 2014. My experience dealing with risk, regulators, consultants, remediation, and policies and procedures made be competent to launch a program that was compliant with the banking regulations on third parties.
Why do you believe Vendor and Third Party Risk has become such an important topic?
I think info security has pushed the topic to the foreground. Breaches from 2008 till now, and especially the very public vendor-oriented breaches with Home Depot, Target, etc. have brought the risks into the light.
When developing a Vendor Risk Program should banks be looking to implement a program for all vendors or just the most critical?
Most vendors pose some sort of risk. By giving all of them a criticality rating, we at least identify the inherent risk and review all contracts. New risks are being identified related to consultants, lawyers, cleaning companies, HVAC, and even staffing firms.
What regulatory trends should Vendor Risk professionals be aware of?
Wide adoption of OCC framework, and emphasis by NY DFS on info security
Do you foresee any future challenges ahead for banks in regards to managing vendor and third party risk?
So far the regulators have been easy on us, but the recent focus by DFS on info security and broader understanding of the OCC framework by regulators will cause them to increase the scrutiny. Tools for managing the process and collecting quality due diligence is still immature, and SME’s for the various due diligence and risk analysis are not always available in-house.
![VRMUK[1]](http://www.cefpro.com/wp-content/uploads/2015/11/VRMUK1.jpg)