01:45 (GMT +7) - Tuesday 20/04/2021

Banking & Finance

Workshop discusses third-party risks in banking

Released at: 10:50, 15/11/2019

Workshop discusses third-party risks in banking

Ms. Nguyen Phi Lan, Photo: PwC Vietnam

Vietnam Banks Association, PwC Vietnam, and PwC Vietnam Cyber Security Services Company hold workshop for Association's Hanoi members.

by Doanh Doanh

The Vietnam Banks Association (VNBA) together with PwC Vietnam and the PwC Vietnam Cyber Security Services Company organized a workshop on November 14 entitled “Managing Third-Party Risks under Circular 18” for its member organizations in Hanoi.

The event was attended by various local banks and fintech companies, with the majority of participants being C-suite executives and experts in digital banking, information technology, cyber security, and risk management.

PwC experts discussed digital trends in the financial services sector and the associated risks, focusing on third-party risks under the impact of Circular No. 18. Workshop instructors also gave an overview of common security risk assurance standards, such as ISAE 3402/SOC 1, ISAE 3000/SOC 2, and ISRS 4400/AUP.

“The convenience of tech-enabled financial services has led to an ever-larger and more complex ecosystem of banks, fintechs, and related service providers,” said Ms. Nguyen Phi Lan, Partner and Risk Assurance Leader at PwC Vietnam. “The adoption of international standards and good practice helps banks improve the effectiveness of risk management, including third-party risks.”

Sharing experience from Malaysia and the region, Mr. Yu Loong Goh, IT Risk Assurance Director at PwC Vietnam, said that most high-performing banks in the region are focusing on two main tasks in third-party risk management. First, assessing the current state of their cyber security risk management programs and second, third-party attestation reporting. These provide the basis for banks to identify measures to address gaps and protect their organization and clients.

“Third-party attestation can bring many potential benefits, such as improved trust with stakeholders, increased confidence in your own operations, reduced costs, and a move towards a sustainable financial services ecosystem,” said Mr. Pho Duc Giang, Cyber Security and Privacy Director at the PwC Vietnam Cyber Security Services Company.

Following on from the success of this workshop, the VNBA, PwC Vietnam, and the PwC Vietnam Cyber Security Services Company expect to hold a similar event for financial institutions and fintech companies in the southern region.

Digital transformation has given rise to increased outsourcing of operations and services by banks to third-party vendors. Common types of third-party services used by banks include payment initiation, customer loyalty programs, and routine office administration tasks, etc.

Cost savings are not the only reason why third-party services are on the rise in banking. Third-party vendors also give banks access to specialist capabilities and technologies that they might not yet be able to build or maintain in-house.

Despite the evident benefits of using third-party providers, the associated risks are not to be ignored. A few years ago, hundreds of customers’ bank statements were stolen from a bank in Singapore, following unauthorized access into a server containing such information on an off-site printing facility. And earlier this year, a data and analytics firm catering to some of the biggest financial institutions in the US failed to secure millions of private financial documents after a major data breach.

As information security threats grow, so do related regulations. For instance, the State Bank of Vietnam issued Circular No. 18/2018/TT-NHNH on August 21, 2018 to govern the assurance of information systems safety and security in banking operations. However, most local banks are still struggling to comply with the requirements related to digital transformation in the circular, particularly those concerning the management of third-party risks.

User comment (0)

Send comment