As the landscape of financial services has continued to evolve, so the issue of operational resilience has moved ever more center stage – especially when it comes to third-party engagements. Financial institutions, including wealth and asset management firms, increasingly rely on third-party vendors to support operations, but this dependency introduces a complex web of challenges.

This has necessitated the development of robust frameworks to address third-party operational resilience, ensuring that a firm can maintain continuous operations and protect customer interests in the face of disruptions or failures arising from dependencies on external parties. 

For wealth and asset managers, these third-party relationships encompass a variety of services, including investment research, custodial services, and technology provision, all of which clearly play a critical role in the seamless functioning of financial services.

Third-party challenges

For wealth and asset managers who rely on third-party partners, several unique obstacles must be considered and taken into account.

• Increased Risk Exposure: With multiple dependencies, wealth and asset managers face heightened risk exposure to disruptions caused by third parties, potentially leading to service outages, data breaches, or operational failures
  
• Reduced Visibility and Control: Managing and monitoring the activities of multiple vendors across diverse services often results in a lack of visibility and control, making it challenging to assess and mitigate risks effectively
• Heightened Regulatory Scrutiny: Regulators are increasingly focused on third-party risk management, necessitating a stringent approach to compliance and reporting standards.

To counter these challenges, US regulators have introduced substantive guidelines aimed at strengthening third-party operational resilience. In June of 2023, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Fed), and the Federal Deposit Insurance Corporation (FDIC) issued ‘Interagency Guidance on Third-Party Relationships: Risk Management’, which includes operational resilience as a key component of sound third-party risk management practices.

The new guidance stresses the importance of assessing options when a third party’s ability to perform an activity is impaired, and also of determining whether the third party maintains appropriate operational resilience practices. This requires an assessment of both the third party’s operational resilience practices and the institution’s own practices should the third party be off the grid for an extended period of time.

Enhance Your Resilience Capabilities

Third-party operational resilience is paramount to safeguard operational integrity, customer trust, and regulatory compliance. The best practices outlined below can be adopted by wealth and asset managers to bolster their resilience.

• Apply Robust Due Diligence: When onboarding critical third-party vendors, stringent due diligence processes should be implemented, including an assessment of the third-party’s business continuity and disaster recovery practices.
  
• Perform Comprehensive Risk Assessments: A thorough risk assessment to identify, assess, and prioritize resilience risks with each third-party relationship is a valuable step when assessing factors like substitutability and the possibility of reintegrating the service within the firm.
  
• Establish Clear Contractual Agreements: Comprehensive contracts that not only outline service expectations should be developed, as well as termination provisions that protect the firm in case of disruptions.
  
• Develop Contingency and Exit Planning: The third-party’s tactical and strategic options should be assessed, and playbooks developed to address both short-term and long-term stress scenarios when the third party is unable to continue providing the service.
  
• Engage in Resilience Testing: Regular third-party resilience tabletop exercises will simulate disruptions and validate the effectiveness of response and recovery plans. The third party should be included in these exercises wherever possible.
  
  

Conclusion

In an increasingly interconnected financial services landscape, adopting these best practices will not only help to reduce risk, but also enhance the continuity and reliability of wealth and asset management services – ensuring significant benefits to both the institution and its customers.