Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
OCC Updated Guidance on Third-Party Risk
Recently, the Office of the Comptroller of the Currency (OCC), released updated guidance for bank examiners as they scrutinize third-party risk programs in banks and other financial institutions. The OCC’s guidance emphasizes bank examiners’ inspection of banks’ third-party risk programs to ensure that they are effectively managing the risk related to their third parties throughout the lifecycle of third-party relationships, and that banks’ risk management programs are themselves effective in the context of third-party risk.
The updated guidance adds color to the OCC’s previous bulletin on third-party risk that was published in 2013. That bulletin superseded guidance published in 2001. This should make it clear that third-party risk is increasing in its importance and that the practice of third-party risk has changed significantly in the past fifteen years.
Look at how financial institutions process information today. Unlike two decades ago when nearly all processing was in-house and on-premise, information processing often includes third parties, whether for main account processing or for ancillary tasks that banks decide are too expense to duplicate in house. The result: third-party organizations routinely do heavy lifting for core functions as well as features that make customer experience richer and stickier.
The takeaway is this: third parties have as much to do with information processing as in-house services. The rigor required in managing third parties, including a deep understanding of risk issues and processes to address them, is commensurate to the proportion of work they perform for banks.
Organizations not regulated by the OCC should take notice of this development, for it is a reflection of the growing critical role that third parties play in virtually every organization. There is inherently more risk related to outsourcing information processing than in performing it in-house. While a bank can outsource parts of its operations, it cannot outsource accountability.
For organizations that do not have a mature risk management program, the increased risk associated with outsourcing information processing may represent a great call-to-action: business risks have gone up, and it’s time to develop not only an effective third-party risk program but also a risk management program.
Let us know what you need, and we will have an Optiv professional contact you shortly.