Interview with Aretina Trepczyk, Vice President, Enterprise Risk Manager at Umpqua Bank
The increased regulatory pressures on third party vendor risk have increased focus on this key area of operational risk. And, despite institutions implementing changes to their third party risk strategies, many programs still need to be optimized and enhanced to ensure strong due diligence of vendors and minimize the risk exposure to the enterprise. Institutions need to incorporate their third party risk strategy into overall enterprise risk to ensure they effectively manage risk, whilst adding value to the organization.
Ms. Trepczyk, Vice President, Enterprise Risk Manager at Umpqua Bank recently spoke with GFMI about key topics to be discussed at the second edition of their Third Party Vendor Risk Management for Financial Institutions Conference, September 21-23, 2015 in San Francisco, CA.
Why is third party risk such a key issue for financial institutions at this time?
AT: Increased regulatory expectations are a driving force behind third party risk being a key issue for financial institutions. Banks can be held liable if third parties are not meeting regulatory requirements, and therefore, there is a need for stronger on-going monitoring and oversight. Additionally, many of our third parties have access to customer information, which must be protected against unauthorized use. To add to the complexity of this issue, many third parties that financial institutions have historically done business with do not currently have the technology or process infrastructure to meet these increased expectations and it can sometimes be difficult to exit these relationships.
How can you ensure sustainable third party risk management?
AT: Given the sheer volume of third parties that most financial institutions work with, third party risk management cannot be a one size fits all approach. To have a sustainable program, risk management activities should be tailored to the specific risk associated with the third party’s activities. This is why performing thorough due diligence and taking the time to complete a comprehensive risk assessment of the third party is essential. For example, you may find that a particular third party represents high consumer compliance risk but low financial risk. In this case, you would want to keep monitoring activities focused on compliance and perhaps a detailed financial review is not needed. Utilizing such an approach helps ensure limited resources are focused on the right things.
How can third party risk management bring value to the organization?
AT: Third party risk management can bring value to the organization by providing timely risk intelligence that helps key stakeholders make decisions on entering into a new or renewing an existing third party relationship. In order to be successful in this, risk management needs to get involved early on in the process and stay engaged during the life of the relationship.
Why is it important to streamline your third party risk program to follow your ERM programs?
AT: The risk associated with third parties should funnel up to the risks that are tracked at an enterprise-wide level and should fit into your overall risk appetite. This helps Senior Management and the Board make the connection on how third parties can impact the bank’s overall risk profile. If you ignore third party risk in your overall ERM program, you may not have a comprehensive picture of the risks facing the institution.
What do you think attendees will gain from attending this event?
AT: Best practices and real life solutions on how to approach current third party risk management issues.
Aretina Trepczyk is the Enterprise Risk Manager for a large community bank in Portland, Oregon. Her current role includes managing the Third Party Risk Management function as well as Enterprise Risk Management and Continuous Monitoring. Aretina brings 15 years of experience in both Risk Management and Internal Audit. She is also a CISA and has a strong background in Information Technology which has helped strengthen her Risk Management skills. Additionally, Aretina is working on implementing her second GRC program which will be used for her Enterprise Risk assessment and monitoring, Third Party Risk due diligence and ongoing oversight, and Continuous monitoring testing.
At this GFMI conference, the practical case study presentations focus on the effective management of risk, whilst adding value to your organization. Our speaker discussions will help financial institutions optimize their management of fourth parties, and ensure efficient ownership of third party risk, to effectively manage all third party relationships and reduce the overall risk to the enterprise.
About Global Financial Markets Intelligence
GFMI is a specialized provider of content-led conferences for the financial markets. Carefully researched with leading financial market experts, our focused quality events deliver key bottom-line value through targeted presentations, interactive discussions and high-level networking opportunities.
Timely, incisive articles delivered directly to your inbox.