“Regulated firms should have appropriate oversight and control over third-party providers and take responsibility for the service they provide. Doing so will reduce the risk of third-party failures or weak controls which could lead to operational disruption, unauthorised loss or disclosure of consumer data.”
This was the specific paragraph in the FCA Business Plan for 2018/19 that has been a key focus on the agendas of our UK Financial Services customers since the plan came out in April.
It comes under the cross-sector priority relating to “Data Security, Resilience & Outsourcing” and features on page 25 of the plan.
For Gatekeeper, key to providing the best service to our customers is understanding as many of the regulatory forces operating on their business as possible.
Naturally, what the FCA is looking to focus on into next year is of going to have the attention of our customers operating in this industry.
Fortunately, Gatekeeper has a wealth of functionality to assist our customers in this regard, significantly contributing to the FCA’s aim of “improving the industry’s operational resilience”.
Specifically, we help our customers by:
- Recording details of every third-party provider including contract documentation, relevant security certification and sign-off parties.
- Managing periodic renewals of certifications, such as for Penetration Testing. Gatekeeper generates notifications, automates and tracks the overall progress and records the latest results against a third-party record.
- Tracking obligations for each contracted party and delivery against them.
- Providing a secure, auditable record of every action carried out against a particular third-party, with names, dates and change history.
- Displaying this information in a secure, simple-to-use system allowing permitted users to view and report on the data at any time.
The Case for Third-Party Focus
Aside from the increased focus from the FCA, why else is managing third-party risk more important now in 2018?
Deloitte’s 2018 Report on third-party governance and risk management highlights that 53% of survey respondents have seen “some” or “significant” increase in their dependence on third parties in the last year.
Deloitte’s same report in 2017 revealed that 74% of respondents had experienced at least one third-party incident in the last three years, with a fifth of those incidents being a “complete third-party failure or an incident with major consequences”.
Together, this means there’s:
- A growing dependence on third-parties
- A high number of incidents with major consequences
- An increased regulatory focus
- A public and press more sensitive to incidents such as data breaches or service outages
Managing third-parties more closely and mitigating risk through the effective deployment of technology has therefore never been more in focus or a higher priority for financial service providers.
In fact, there’s a further case being made that treats effective third-party risk management not just as a prudent measure but also a source of competitive advantage.
Being able to access and exploit third-party expertise faster than competitors has significant upside, particularly in industries such as Financial Services where disruption is being encouraged by regulation and public opinion.
The theme of turning third-party risk into competitive advantage is explored in this report from Ernst & Young.
The Case for Gatekeeper
Not only do we help our customers with monitoring their suppliers but, as a third-party supplier ourselves, we maintain the highest security and quality measures.
Our Information Security Management System (ISMS) has been certified to the ISO 27001:2013 standard. Meanwhile, our Quality Management System (QMS) has been certified to the ISO 9001:2015 standard.
Gatekeeper is also subject to regular security and penetration testing to make sure that our customers’ data remains safe.
This is why we’re trusted by businesses in highly regulated industries such as Finance and Healthcare, in the both the UK and abroad.
If you’re reviewing your internal processes in light of the FCA Plan, or would simply like to understand how other businesses in your sector are mitigating third-party risk using Gatekeeper, then please get in touch today for a free consultation.