ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Missing Ingredients of Shared Due Diligence Services

March 15, 2018
Reading Time: 5 mins read

By Krista Shonk

Professional chefs and home cooks know that a prized recipe will be mediocre if the dish omits key ingredients. The food may be palatable, but it does not live up to its potential. The same holds true for attempts to standardize the collection of due diligence information on third parties—sometimes referred to as “shared” or “collaborative” due diligence.

While it is tantalizing to think about eliminating duplicative efforts to gather and validate information about third parties and their control environment, many shared due diligence services are missing some key ingredients. For there to be widespread adoption of shared due diligence, products must offer a strong value proposition, provide more detailed information about a third party’s information security and compliance with laws and regulations and be affordable for community banks.

Increasing efficiency and effectiveness

In recent years, banks have dedicated significant resources to identifying and managing risks presented by third parties. As third-party oversight programs mature, banks are evaluating how to increase the programs’ efficiency and effectiveness. Some banks have embedded third-party relationship managers within each business unit; others have re-evaluated their third-party population to determine whether service providers designated as “critical” or “high-risk” truly warrant that designation and the accompanying level of oversight; still others have aligned the risk assessment and contracting functions to ensure that identified risks are properly addressed and mitigated in vendor contracts.

[perfectpullquote align=”right” bordertop=”false” cite=”” link=”” color=”” class=”” size=”11″ ] >>Did you know?

An ABA survey of community banks found that 94 percent of respondents would consider collaborating with other banks to conduct third party due diligence. However, 28 percent said that the immature marketplace is the primary challenge to shared due diligence efforts.[/perfectpullquote]

Participating in a shared due diligence service is another strategy that banks are considering, particularly in light of the OCC’s favorable treatment of collaboration, which the agency highlighted in a recent bulletin. A recent announcement by a consortium of banks planning to standardize and house the collection of third-party due diligence information generated additional interest in the shared due diligence concept.

Shared due diligence: where we are now

Banks, consultants and others have attempted multiple times to craft a common due diligence questionnaire that banks may present to prospective or existing third parties. The questionnaires typically focus on matters involving information security, privacy and business resiliency. In some cases, shared due diligence providers house the collected information in a central location where banks can access it and perform their own assessment of the third party based on the bank’s risk appetite and the particular services purchased from that third party. Many vendors are struggling to deal with a high volume of bank due diligence requests and are highly supportive of efforts to eliminate due diligence redundancies.

What shared due diligence doesn’t do

A quarter of community banks responding to a recent ABA third-party risk poll said that conducting risk assessments is their most significant third-party risk challenge. But while shared due diligence services reduce the administrative paper chase, they will not eliminate or supplement a bank’s third-party risk analysis.

Rather, banks must evaluate the due diligence information about the third party and assess how the third-party’s controls compare to the bank’s own risk and control environment. The OCC bulletin specifies that banks participating in collaborative due diligence arrangements must undertake certain responsibilities individually, including:

  • Assessing the risks of doing business with particular third parties as well as the ability of the bank to monitor and control those risks;
  • Conducting ongoing benchmarking of the third party’s performance against the contract or service-level agreement;
  • Evaluating the third party’s fee structure to determine if it creates incentives that encourage inappropriate risk taking;
  • Monitoring the third party’s actions on behalf of the bank for compliance with applicable laws and regulations; and
  • Monitoring the third party’s disaster recovery and business continuity time frames for resuming activities and recovering data for consistency with the bank’s disaster recovery and business continuity plans.

Bankers talk pros and cons

Recently, ABA’s third-party risk management peer group discussed the strengths and weaknesses of shared due diligence services. Some of the participants have contracted with shared due diligence providers, while others have researched multiple product offerings but ultimately determined that they did not offer a sufficiently strong value proposition. Bankers identified pros and cons in several areas:

  • Reductions in due diligence collection. Bankers do not expect that shared due diligence will eliminate their collection of third-party due diligence information. However, they would like for shared due diligence to reduce their information collection effort by specified percentages. Ideally, bankers want a due diligence platform that collects 80 to 90 percent of the due diligence information that they require about a third party.
  • Information security. In many cases, the level of information collected on a third party’s information security is too generic and requires deeper bank involvement than peer group participants prefer.
  • Legal and regulatory compliance. A similar weakness exists in the information collected regarding a third party’s compliance with laws and regulations.
  • Onsite verifications. Some bankers are intrigued by the onsite verification of third-party procedures and internal controls that some due diligence services provide. Others are not interested in this feature because outsourcing onsite reviews hinders the bank’s ability to build relationships with the third party.
  • Cost savings. The bankers resoundingly agreed that shared due diligence services result in limited actual cost savings. Staff is still needed to analyze the due diligence information and follow up on additional information when necessary. However, on the positive side, shared due diligence does help bank staff to focus on information analysis as opposed to information collection.
  • Speed to market. Speed to market is the most significant benefit that large banks are seeking from shared due diligence. By contrast, a recent ABA poll found that only 5 percent of community banks consider speed to market to be a key reason to subscribe to shared due diligence services.
  • Wait and see. Most of the peer group participants continue to be interested in shared due diligence and have spoken with multiple industry providers. However, banks are waiting for an industry leader to emerge prior to signing on with a shared due diligence provider.

The experiences of these banks will be important to the evolution of the ongoing effort to standardize and streamline due diligence collection.  As best practices for shared due diligence emerge, institutions will be able to focus their efforts on analyzing due diligence information (as opposed to chasing paper), making better decisions and implementing controls that will protect their institutions. In the meantime, banks should not shy away from pointing out the “missing ingredients” necessary to make the business case for engaging a shared due diligence provider.

KRISTA SHONK is VP for Regulatory Compliance Policy at ABA.

Third-Party Tactics, a regular feature on the ABA Banking Journal site, explores leading practices and practical tips for third-party risk management.

ADVERTISEMENT
Tags: Risk managementThird-party risk
ShareTweetPin

Author

Monica C. Meinert

Monica C. Meinert

Monica C. Meinert is a senior editor at the ABA Banking Journal and VP for executive communications at the American Bankers Association.

Related Posts

Fifth Circuit grants ABA mandamus, vacates transfer order for second time

ABA, CBA support maintaining confidentiality of CFPB nonbank risk determinations

Compliance and Risk
June 12, 2025

The American Bankers Association, joined by the Consumer Bankers Association, expressed support for the Consumer Financial Protection Bureau’s proposal to maintain the confidentiality of decisions to exercise the agency’s supervisory authority over a nonbank entity that may pose...

ABA experts see reasons for optimism amid economic, regulatory uncertainty

ABA experts see reasons for optimism amid economic, regulatory uncertainty

Compliance and Risk
June 11, 2025

The Trump administration has rolled back a broad range of banking guidance and regulatory proposals made in the last few years, and while bankers are used to regulatory whiplash when administrations change, it is possible some of changes...

ABA’s Nichols: Banking sector seeing positive policy developments

ABA’s Nichols: Banking sector seeing positive policy developments

Compliance and Risk
June 11, 2025

The banking sector has seen many constructive, positive policy developments at the federal level so far this year, and top officials have expressed their willingness to work with and engage with bankers on those issues, ABA President and...

Report: Synthetic identity fraud on rise

ABA Fraudcast: Federal data points to need for united response to fraud

Compliance and Risk
June 11, 2025

Telecoms and Meta are avoiding addressing serious challenges. And it's time to set up a family password.

Fighting the Rise in Ransomware Attacks: The Value of Breaking Through Silos

Key questions and decisions bankers face in response to ransomware attacks

Cybersecurity
June 10, 2025

ABA has recently convened panel discussions and a simulation to highlight important challenges bankers will likely encounter.

OCC issues statement for banks on recent data breach

Trade groups: Financial agencies’ handling of data needs ‘significant reform’

Compliance and Risk
June 9, 2025

Financial institutions are legally required to share sensitive, proprietary and nonpublic information with their regulators as part of the supervisory process. This information can range from capital and liquidity management to cybersecurity protocols. Centralizing large amounts of data,...

NEWSBYTES

In 90th anniversary year, Stonier graduates 182

June 12, 2025

ABA, CBA support maintaining confidentiality of CFPB nonbank risk determinations

June 12, 2025

Survey finds high customer satisfaction with banking apps

June 12, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.