Financial Services Industry Call to Action

Creating True Efficiencies through Standardization, Cooperation and Public-Private Partnerships Focused on Critical Third Party Risk Management Issues

For the third consecutive year, financial services ranked in the top three industries affected by security incidents.1 Larger institutions, which typically have more mature risk management programs, are more likely to detect information security, privacy, cyber, insider and other significant threats. However, when institutions reach the $20B level, the 2015 Vendor Risk Management Benchmark Study reveals a significant drop in maturity ratings across all governance components for their vendor risk programs. This same drop is evidenced for this group in the development and implementation of vendor risk policies, standards and procedures.2 This is indicative of the effect of organization size and complexity, which lends itself to greater friction against good risk management hygiene, especially in the area of third party risk management. A proactive stance is clearly required to establish best practices for more mature risk management programs industry-wide.

Since its founding in 2005, Shared Assessments has been dedicated to improving security enterprise-wide by building common evaluation criteria assessments and standardized practices across all areas of operations, from risk management and information security policy to asset management, physical and environmental security. Organizations have the opportunity now to build on recent efforts, such as the Shared Assessments Collaborative Onsite Assessments Project and the AICPA’s Service Organization Control (SOC) Reports, to collectively raise the bar and establish effective industry- wide risk management solutions.3,4

The financial services industry is in position to continue its leadership role in third party risk management, in order to improve the quality and efficiency of risk management programs at both the outsourcer and provider levels. Toward this end, the Shared Assessments Program is urging all financial services institutions to:

  • ŸBecome more involved in cooperative relationships.
  • ŸAdopt standardized, consistent, robust third party risk management methodologies.
  • Work collaboratively to perform onsite assessments and leverage the results.
To obtain a copy of this paper, please complete the form below. The paper will be sent upon receipt of submission to the email address provided.
  • This field is for validation purposes and should be left unchanged.

  1. 2015 Data Breach Investigations Report. Verizon. 2015. 

  2. 2015 Vendor Risk Management Benchmark Study: The Shared Assessments Program & Protiviti Examine the Maturity of Vendor Risk Management. Shared Assessments & Protiviti, Inc. June 2015. 

  3. Shared Assessments Program: Case Study – Shared Assessment AUP Project: A Collaborative Approach to Onsite Assessment. Shared Assessments. May 2015. 

  4. SSAE-16 Service Organization Control Reports. American Institute of CPAs (AICPA). 2016. 

Shared Assessments Licensee Protiviti
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Logo usbank
Shared Assessments Logo Deluxe Corp
Shared Assessments Logo sei
Viewpoint Logo
MetricStream logo
Shared Assessments Logo first data
Shared Assessments Logo dtcc
Shared Assessments Licensee Pivot Point Security
Shared Assessments Logo pwc
Shared Assessments Logo Iron Mountain
Shared Assessments Licensee Power Advocate
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Rsam
Shared Assessments Logo radian
Shared Assessments Logo Deloitte
Shared Assessments Licensee TD Ameritrade
Shared Assessments Licensee Bank of the West
Shared Assessments Licensee ControlCase
Shared Assessments Licensee ZS logo
Shared Assessments Licensee Lockpath
Shared Assessments Program licensee Churchill & Harriman logo