How often should advisors review their vendors or third-party service providers?
It’s a critical question that firms of all sizes are grappling with in order to protect their data, prevent reputational harm or financial ruin, and stay in good standing with regulators.
In a live survey conducted by FINRA during its conference this month, more than 70% of attendees in the break-out room (an audience of approximately 100 people) said they performed vendor due diligence on their most critical vendors annually. Roughly 11% said they reviewed their vendors more often; about the same percentage said they had no regular schedule.
The figures highlight industry-wide inconsistencies in conducting frequent vendor due diligence, despite current and pending regulations on vendor oversight.
FINRA, for example, has a rule that requires broker-dealer firms to have “reasonably designed” written supervisory procedures governing how they oversee the activities of associated persons and businesses they engage.
“But what does that mean, really? It’s kind of this imperial concept, and it’s vexing and liberating to firms for the same reasons, in that there are no bright-line definitions,” Sarah Kwak, associate general counsel within FINRA’s office of general counsel, said May 14 during the self-regulator’s annual conference. Kwak was speaking on a panel about mitigating risks throughout the vendor lifecycle.
READ MORE:
Kwak said the term “reasonably designed” is meant to recognize that a supervisory system cannot guarantee firm-wide compliance to all rules and regulations.
“It’s got to be tailored to what makes your firm unique. And so, at the end of the day, all supervisory roads lead back to the firm,” she said. “It can’t just outsource away or contract away, from its direct control, its supervisor and compliance obligation.”
However, Kwak added that “doesn’t mean that a firm can’t seek help from others in designing…
Read the full article here
