How issuers are managing third-party risk, while maximizing quality
CFSI’s Compass Principles offer a useful framework to help financial services providers focus on managing third-party partnership risk.
The Compass Principles are guidelines for the U.S. financial services industry. They affirm standards of excellence in the design and delivery of basic tools that people use to manage their daily financial lives. The four Compass Principles are:
Compass Advisory Note at a Glance
Recommendations for using the Compass Principles to actively manage third-party relationships include:
1. Define expectations for third parties, and codify them for operational use
2. Communicate for clear action from partners and staff
3. Monitor at the front end to catch breaches early
4. Up the bar to stay ahead of the competition
5. Establish clear metrics to assess success
In 2012, two prepaid issuing banks, MetaBank and Sunrise Banks, integrated the Center for Financial Services Innovation’s (CFSI) Compass Principles into their processes for conducting due diligence and monitoring prepaid program managers. Drawing on the experiences of these banks, CFSI recently published a Compass Advisory Note that provides five recommendations for financial services providers seeking to minimize risk and maximize the quality of their products.
Beth Brockland, CFSI’s Compass Principles director, spoke with Joan Herman, senior vice president of prepaid at Sunrise Banks, and Linda Loof, senior vice president of partner services at Meta, to gain more insight into their companies’ motivations and lessons learned.
Beth Brockland: Let’s start with you, Linda. You have so many different priorities competing for company time and resources. What motivated Meta to revisit its approach to third-party risk management?
Linda Loof: Building strong relationships with our partners is core to our business and always has been very important to us. That being said, the initiatives we undertook with respect to the Compass Principles helped evolve our thinking with our partners in that they established a foundation from which to communicate. We really don’t think of this as third-party risk management, so much as just good business.
BB: Joan, it seems like establishing that shared understanding of your goals and expectations regarding risk management has been critical for Sunrise, too.
Joan Herman: Yes, we are constantly reviewing risk trends and how we need to react and change our processes. What we’ve seen throughout the prepaid industry is that having strong risk-management processes in place is increasingly important. The challenge is relating this changing information to our partners and getting them on board. Every partner in the process is affected, whether they do business with us or another bank, so as time goes on, we see less push-back from partners.
BB: So, what are you doing differently now compared to what you were doing, say, two years ago?
JH: In the last two years, we refined our processes to include risk reviews of all parties in the channel—anyone who touches the data or the cardholder, etc. A few years ago we might not have reviewed an entity further down the chain.
LL: Two years ago, much of our focus at Meta was in building out our third-party “risk management” program, focusing on risk attributes of the partners themselves. Today, we are at a point where we feel we have built a strong risk program and can spend our time focusing more on the customer experience, which, in our opinion, is even more critical to our business and strategies.
BB: Say more about that. How have you improved the customer experience? How did you communicate with your program partners about the changes you were making to your partner guidelines?
LL: We worked closely with our partners to roll out the draft guidelines and to gather their feedback. We had calls with our partners to go through the feedback and to make sure we had considered the partners’ perspectives. Those conversations still go on today as the industry and the products evolve. We have learned that any guidelines we apply are just that—guidelines. It is really important to us at Meta to retain flexibility in the way we look at product structures to give us and our partners room to grow and change with the marketplace. Being overly prescriptive, in some cases, might have the opposite effect from what we are trying to accomplish.
BB: So, clear communication and flexibility have also been critical.