New Regulations Drive Financial Firms, Global Vendors to Partner on Risk Issues

As financial services institutions tighten risk and vendor management practices to comply with new banking rules, a study by Duke University's Offshoring Research Network reveals how affected providers are responding to the new regulatory demands.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friend
The providers were very open with us, allowing us to compile a comprehensive overview highlighting the gaps between what providers know and do and what the OCC requires of their financial services clients.

Durham, NC (PRWEB) August 22, 2014

Financial services firms are asking global service partners to work with them more closely to comply with new US banking regulations, and providers have been receptive, according to findings by the Duke University Offshoring Research Network (ORN).

The Office of the Comptroller of the Currency (OCC) issued guidelines last October that hold financial institutions in the United States responsible for overseeing not only their vendors but their vendors’ subcontractors. The rules aim to prevent fallout from operational, credit and other risks related to third parties that provide technology and business services critical to financial firms and the industry as a whole.

“Our research and regular interaction with major financial institutions demonstrates that they are proactively educating and extending their risk management expertise to their information technology, call center and other vendors worldwide,” said Jeff Russell, Duke ORN’s managing director. “While some providers are still learning about the new requirements, many tell us they are willing to support their clients with services that facilitate regulatory compliance.”

Duke ORN recently surveyed major global providers to assess their understanding of the new risk management demands, help bridge any knowledge gaps, and support financial firms’ compliance efforts. Among the study’s highlights:

  • One third of the vendors use subcontractors to support their financial services clients.
  • One fourth of the providers are not aware of Dodd-Frank, the federal regulations passed in 2010 that govern financial institutions and their customers.
  • Almost 40 percent of the providers believe it is not their responsibility to govern their subcontractors according to financial regulations.
  • Most providers are included in their clients’ discussions about governance and risk, and more than half support their clients' vendor management-related regulatory requirements.
  • Nearly two-thirds of vendors include in contract terms the ability for clients or the OCC to conduct control audits.

“The providers were very open with us, allowing us to compile a comprehensive overview highlighting the gaps between what providers know and do and what the OCC requires of their financial services clients,” said Keren Caspin-Wagner, PhD, Duke ORN Senior Research Associate. She conducted the research with Arie Y. Lewin, professor and director of the Strategy and International Business at Duke’s Fuqua School of Business, and Director of CIBER.

The new OCC regulations are particularly aimed at providers that support key functions such as IT, payments, clearing, settlements, and custody. Regulators have said that they expect financial firms to incorporate vendor risk management in their corporate strategy, and to be vigilant about their vendor selection, contract terms and performance monitoring.

“Through this survey, we were also able to reinforce to providers the importance of risk management to their clients in today's regulatory environment, and at the same time support financial services firms in their continued compliance efforts,” Caspin-Wagner said.

Duke ORN is a global network of renowned research universities, top scholars, and industry practitioners that hosts a tri-annual Financial Services Roundtable. The Roundtable facilitates dialogue and research that assists firms in managing risk across the globe, increasing supplier management capabilities, and meeting Dodd-Frank regulatory requirements.


Contact