Scribd
Upload
499 views6 pages

Excellence in Third Party Risk Management (TPRM) : WWW - PWC.CH

Uploaded by

Roslan.Affandi2351
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
499 views6 pages

Excellence in Third Party Risk Management (TPRM) : WWW - PWC.CH

Uploaded by

Roslan.Affandi2351
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Excellence in

Third Party Risk


Management
(TPRM)

www.pwc.ch
FINMA Circular 2018/3
“Outsourcing –
banks and insurers”
Key changes
• The revised circular applies to banks and insurers
• What can be outsourced is now principle-based and under the responsibility
of each company
• Additional reporting requirements like inventory of outsourced services
and concentration risks
• Data must be accessible in Switzerland in case of restructuring, resolution
and liquidation
• Companies must perform an assessment of the opportunities and risks
before the outsourcing
The general trend within the financial services industry is to
outsource services to third party providers in order to focus more
on core business as well as to increase efficiency, quality and
lower costs.
Along with these potential benefits, Regulatory Compliance
higher risks in different areas such TPRM is a highly regulated topic with
as compliance, legal, reputational, specific requirements and guidelines
operational and information security risk across different countries (Fig. 2). Being
need to be managed. As a consequence, regulatory compliant is crucial and is in
regulators have strengthened respective general a challenge for financial institu-
laws and guidelines significantly. tions. In addition, it is important to identify
In the market, a growing need for an upcoming regulations ensuring a timely
end-to-end TPRM Framework (Fig. 1) implementation, e.g. in Switzerland the
can there-fore be observed, especially FINMA Circular 2018/3 “Outsourcing –
focusing on regulatory compliance, banks and insurers” and FINMA Circular
operational efficiency and a digital 2017/1 “Corporate governance”.
solution.
In a complex regulatory environment,
operational efficiency forms the corner-
stone of a holistic TPRM solution.

Fig 1: TPRM framework

Excellence in TPRM

Risk Strategy

Governance / Management

Vendor Lifecycle

On boarding & Monitoring & Termination &


Due Diligence Reporting Off boarding

Third Party Risk Management Tool

Risk Staff
Fig 2: Global regulation

US / FRB UK / PRA & FCA India / RBI JFSA


SR 13-19 / CA 13-21: SYSC 8.1 General outsourcing Guidelines on Managing Inspection Manual and
Guidance on Managing requirements (2018) Risks and Code of Conduct Oversight Policy on
Outsourcing Risk (2013) in Outsourcing of Financial Outsourcing (2014)
OCC BULLETIN 2013-29: Services by Banks (2006)
Third-Party Relationships EU / EBA Guidelines on Managing
Risk Management Guidelines on Risks and Code of Conduct
Guidance (2013) Outsourcing (2006) in Outsourcing of Financial
Draft Guidelines Services by NBFCs (2015)
on Outsourcing,
Consultation Paper
(2018)
Singapore / MAS
Guidelines on Hong Kong / HKMA
Outsourcing (2016) Supervisory Policy
Switzerland / FINMA
Manual SA-2;
Circular 2018/3
Outsourcing (2001)
Outsourcing – banks
and insurers (2017)
Australia / APRA
Prudential Standard CPS 231;
Outsourcing (2017)

Operational Efficiency
An efficient TPRM framework is Therefore, a TPRM framework
required because TPRM is a complex, requires a clear governance and process
long and cost-intensive process. around the third parties’ life cycle.
This is mainly due to: The current trends are to standardise risk
• increasingly complex regulatory assessments and centralise operational
environment resulting in additional tasks in a Centre of Competence (CoC)
governance, processes and controls to reduce costs and gain efficiency (Fig. 3).
• high number of involved stakeholders
(e.g. business, vendors and vendor The gains in operational efficiency
management) in different locations can be maximised with help of a
• broad variety of third parties and comprehensive and integrated digital
provided services which need a solution.
tailored risk assessment

Fig 3: Centralised operating model options

Option 1: Bank-internal centralisation


Bank
C1
Centralised
C2 CoC Risk based
C3 Standardised

1. LoD 2. LoD 3. LoD


Business / SVM Legal & Compliance, IT, etc. Audit
Bank External
C1
Centralised
C2 CoC
Outsourced
C3

Option 2: Bank-external centralisation


Digital Solution
Based on the last PwC experience, most • Risk assessment of individual
companies in the financial services suppliers
industry use simple manual office • Reporting of status and risk on
solutions, which result in highly manual individual and portfolio level
and non-aligned procedures. A digital • Ongoing monitoring of relationships
TPRM solution offers streamlined
workflows, setting clear roles and Therefore, an integrated end-to-end
responsibilities, including the basic solution combines all required
functionalities like: capabilities (Fig. 4).

Fig 4: Proposed solution capabilities

Due diligence questionnaires tailored to the needs of your organisation


Option to extend for multiple roles; e.g. procurement, compliance, etc.
Improved governance: Roles & responsibilities embedded in the workflow
Eliminates the need for email communication

On boarding &
Due Diligence

Termination & TPRM


Off Solution
boarding
Monitoring &
Reporting

All termination scenarios covered. Option to Standard monitoring of red flags


extend based on your organisation’s processes Option to tailor red flags to reflect your
Archiving functionality: All terminations archived organisation’s policies and risk appetite
for 10 years (default retention period) Examples of reports: Concentration risk,
team progress etc.
Dashboard with integrated KPIs/KRIs/SLAs
Pipeline management, including expected
workload covered
How we can support you in achieving
your targets
Our Swiss and global PwC TPRM team has extensive experience from multiple projects
with similar companies and in other industries and is ready and able to support your
organisation. PwC always seeks to find the best solution for clients. The following
examplary services can be adjusted to your specific situation and needs.

Regulatory Compliance Operational Efficiency Digital Solutions


• Regulatory Health Check on • Operational Efficiency Health • Identify repetitive, high-
the current situation within Check to benchmark current volume manual tasks
TPRM and impact assessment level of efficiency and identify to consider automation
of upcoming regulations options to lower costs opportunities
• Establish consistent regulatory • Design and implement a • Evaluate the appropriate
change governance including simplified operating model TPRM software solution
radaring to ensure ongoing including: (int. vs. ext.)
compliance -- Centralised and risk-based • Project and change
approach management support
-- Standardised operation
-- Consideration of shoring
and sourcing options

Dr. Marcel Tschanz Patrick Akiki


Partner Advisory Partner Advisory
+41 58 792 20 87 +41 58 792 25 19
marcel.tschanz@ch.pwc.com akiki.patrick@ch.pwc.com

Michael Kuss Dr. Thomas Busch


Partner Assurance Leader TPRM PwC Switzerland
+41 58 792 15 09 +41 58 792 24 08
michael.kuss@ch.pwc.com thomas.busch@ch.pwc.com

Dr. Manuel Plattner


Director Advisory
+41 58 792 14 82
manuel.plattner@ch.pwc.com

© 2018 PwC. All rights reserved. “PwC” refers to PricewaterhouseCoopers AG, which is a member firm of PricewaterhouseCoopers International Limited,
each member firm of which is a separate legal entity.

You might also like