Third Party Risk Management: One size doesn't fit all-Managing special third party relationships

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

September 2016


In recent years, financial institutions have worked tirelessly to adjust their third party risk management (TPRM) programs to promote compliance with regulatory guidance, including issuances from the Consumer Finance Protection Bureau (CFPB), Office of the Comptroller of the Currency (OCC), Federal Reserve Bank (FRB), and Federal Financial Institutions Examination Council (FFIEC) guidance. 

While the supervisory guidance contains some specificity in terms of objectives and methods, they are not entirely prescriptive. Financial institutions are often challenged to understand the exact expectations of what is not written: What does a risk-based approach look like for nontraditional third parties? 

Certain third party relationships do not fit traditional “vendor” profiles. Variances from typical risk profiles can be the result of the greater complexity in identifying and managing relevant risks as compared to traditional third party relationships. 

Traditional TPRM processes may not be the most efficient or effective methods to identify, measure, or monitor risk associated with these types of relationships. 

In this paper, we discuss how “one size doesn’t fit all” when it comes to TPRM, and we explore how financial institutions can address risks that arise from special category relationships.

Contact us

Richard Altham

Principal, PwC US

Tara Friedman

Senior Manager, PwC US

Jason Ashenfelter

Director, PwC US

T.R. Kane

Principal, Cybersecurity, Privacy & Forensics, PwC US

Joseph Walker

Director, PwC US

Follow us