How Financial Services Benefits by Integrating Vendor Risk and Business Resilience Programs

By unifying vendor continuity (VCM) and business continuity management (BCM) principles and practices, banks and financial services institutions can capitalize on economies of scope and manage risk more holistically to achieve cyber resilience.

Sanjay Kumar, Executive Vice President, Product & Strategy
Terence Lee, Vice President, Sales North America

The volume and frequency of cyber breaches that occur via third-party vendors are alarming, leading to millions of records containing privacy data for customers, consumers and employees being stolen all too frequently.

While financial services organizations and banks are maturing in their approach to risk management, there are still significant gaps across silos of risk practices. In December 2018, the Basel Committee on Banking Supervision (BCBS) published Cyber-resilience: Range of Practices, which compares bank cyber-resilience practices across regulatory jurisdictions around the world.

A key section of the report, Interconnections with Third Parties, found that banks across different jurisdictions require institutions to develop a management- and/or board-approved outsourcing framework for managing risk. The findings in this section support a strong business case for banks to integrate their vendor continuity management (VCM) and business continuity management (BCM) programs to better manage dependencies and achieve economies of scale.

In an increasingly complex business ecosystem, critical activities depend on vendors, with regulations stressing the importance of aligning business continuity plans of critical vendors (and their subcontractors) with the needs and policies of banks, in terms of recovery, stability, and security. These regulations drive improved resiliency through a detailed assessment of a vendor’s continuity and recovery programs.

This paper is a road map to integrate VCM and BCM disciplines by aligning technological advances and best practices with evolving risk appetites and tolerances. Banks must strive to close the gap between cybersecurity, vendor continuity management, and continuity to reduce risk to their customers and business, and to improve their overall resilience.


Learn more about our business continuity and vendor risk solutions.

Or, request a demo to see how SAI Global has helped organizations like yours.

Previous Article
What Happens When You Let Vendor Risk Assessments Slip: Zoom and Security Risks
What Happens When You Let Vendor Risk Assessments Slip: Zoom and Security Risks

Vendor resilience and active assessment of third-party risks are critical parts of maintaining your infrast...

Next Article
Resilience 2020: 6 Webinars on Business Continuity Planning
Resilience 2020: 6 Webinars on Business Continuity Planning

For business continuity and crisis management teams: Everything you need to keep your business running amid...

Download a Complimentary Copy of the 2019 Gartner IT VRM Report

Learn More