Insights from the 2024 CeFPro Vendor & Third-Party Risk USA Conference

Escode recently co-sponsored the Center for Financial Professionals (CeFPro) Vendor & Third-Party Risk USA Conference. Attracting over 100 professionals from various financial institutions, this two-day event in New York served as a platform for industry leaders to discuss the latest trends, challenges, and regulatory updates shaping third-party risk management (TPRM) and resilience. 

The discussions throughout the event were rich and diverse, including presentations and panel discussions on regulation, business continuity, fourth-party risk, AI, vendor management, and stressed exit planning.

AI in Third-Party Risk Management

AI was a dominant topic at the event, with discussions focusing on its role in continuous monitoring, contract management, and supplier assessments. The event highlighted that while AI offers new opportunities for enhancing TPRM, it also introduces new risks and governance challenges that need to be addressed.

Regulatory Changes

During the event, one significant topic of discussion was the heightened regulatory focus on resilience. In June 2023, the Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), and Federal Reserve Board (FED) issued a joint statement offering guidance focused on outsourcing and third-party risk management for banking institutions. This Interagency Guidance is reshaping how financial institutions interact with third parties, particularly fintech companies.

During the event, Wayne Scott, Escode's Regulatory Compliance Solution Lead, presented on 'Supplier Financial Instability: Successful Stressed Exit Planning.'

Supplier Instability and Operational Resilience

Stressed Exit Planning

Protecting against supplier failure, service deterioration, and concentration risk is crucial in stressed exit planning. An increasing number of global regulators recognize Software Escrow as a vital component of these plans.

Software Escrow Agreements form a legal arrangement where a third party holds source code and other intellectual property, ensuring access during a stressed exit. Escrow Agreements and associated Verification Services are one of the only ways to always guarantee the protection of business-critical software. 

Wayne outlined the critical steps for creating a successful stressed exit plan:

• Establishing Legal Right: Secure a legal right to access essential information regarding critical third-party software in the event of supplier failure. 
• Knowledge Transfer: Ensure key personnel have access to the necessary information and resources to continue operations during a stressed exit.
• Scenario Testing: Organizations must subject their stressed exit plan to scenario testing, including scenarios of a supplier's insolvency. This ensures the plans are demonstrably successful and helps identify any weaknesses or areas that need improvement.

This process allows organizations to mitigate against their own failure. Wayne also stressed the importance of shifting from corrective controls to preventive and detective controls. He explained how Software Escrow provides a seamless stressed exit solution that proactively manages third-party risk. 

The 2024 CeFPro Vendor & Third-Party Risk USA Conference provided invaluable insights into the evolving landscape of third-party risk management. From the transformative role of AI to the importance of stressed exit plans, the event highlighted the need for proactive and informed risk management strategies.

Thank you to CeFPro for organizing such a fantastic event and to all attendees for their valuable contributions. We're excited to continue these conversations and help elevate your TPRM strategies.