Maximising the benefit from third party relationships in the Financial Services industry - Banking blog

As the extended enterprise grows and becomes more complex, the ability to manage third-party relationships becomes more critical to success than ever before. Organisations that hesitate to expand their ecosystem, out of fear of the potential risks it could create, will likely be outpaced by organizations that boldly decide to seize the value of third-party relationships, confident in their ability to effectively identify and manage the accompanying risks. 

Third-party risk is a hot topic

Many organisations have already experienced the consequences from shortcomings of third-party providers. They range from brand and reputational damage to regulatory penalties and the disruption of the ability to meet customer expectations.Furthermore, insufficient management and oversight of third parties often results in contract value leakages in areas such as overcharges, missed service credits as well as discounts and rebates. The implementation of a robust enterprise wide Third Party Risk Framework helps companies to manage the risk associated with third party interactions along the entire lifecycle.

Third-party risk is a very hot topic within the Financial Services (FS) sector. Senior executives across many organisations in the industry are having discussions to find a consensus on the best strategies, procedures and policies to mitigate the risks posed by third parties. The type of third parties engaged by a business can range from small niche providers to large outsourced services. Results from our recent third-party governance and risk management survey show that:

  • 74% of the respondents have faced a disruptive incident involving a third party in the last three years,
  • 94% of the surveyed executives are not confident in the tools and processes available to manage third-party risk,
  • 74% of the respondents believe third parties will play an important role in the year ahead, and
  • 54% of the participants were identified as having a high or critical level of dependence on third parties in their organisation

Compared to other sectors, FS organisations have the highest dependency on third parties. At the same time their industry is also exposed to the highest regulatory scrutiny (e.g. FINMA has revised the provisions of Circular 2008/7 "Outsourcing - banks" with the new regulation FINMA-RS 17/xx “Outsourcing banks and insurers”). Moreover, the FS industry has experienced the largest number of instances where global regulators have made organisations responsible and accountable for actions of their third parties. This has not only resulted in large fines and penalties, but also driven the increased need of focus on governance and risk management.

However, when the discussion turns to third-party risk, risk functions within many FS organisations remain primarily concerned with risk directly linked to capital at stake as well as transactional and credit risks. This focus clearly disregards the continuing rise of internal reliance placed upon third parties in terms of outsourcing sizeable portions of operations and third-party supplier agreements. As the following example shows, such risk can have vast impacts to commercial operations.

Latest observations from FS organisations

A recent supplier compliance inspection of a global FS organisation resulted in the following observations:

• Overcharges of service/product fees exceeding CHF 1.2 million
• Potential regulatory non-compliance
• Multiple off-contract costs and expenses, and
• Unsupported commercial deals and operations.

To face this challenge, an increasing number of FS and other organisations are conducting compliance reviews of their third parties to verify adherence with contractual terms and conditions. This includes verifying the third-party spend and assesses whether benefits and credits due under the contract are correctly allocated. Our experience suggests that supplier compliance inspections identify recoveries in the region of 1-10% of the analysed contract spend on average.


The implementation of a robust enterprise wide Third Party Risk Framework protects our clients, the communities they impact, and ultimately their clients against existing and future third party risks, by delivering a robust, proportionate, proactive and scalable framework, that is integrated into the business. This will lead to an increase of the supplier compliance, the strengthening of the contractual governance, the identification of supplier management process improvement and it will also deliver a positive P&L impact.

If you are conducting or considering a review of your third-party risk and would like to understand more about any of the tools and techniques discussed above or to speak to one of our experts, please get in touch with us. To find out more about this topic, please download our Third-party governance and risk management survey.


Florian Widmer - Partner, Risk Advisory, Zurich

Florian Widmer is a Partner in Deloitte’s Risk Advisory practice and leads the Technology and Digital Risk services in Switzerland. Florian has over 15 years of experience in helping clients managing their most challenging technology and other operational risks. His range of expertise includes corporate governance, operational risk and control, cyber security, IT risk, data protection, investigations and programme management. Prior to Deloitte he was the global head of technology and transformation risk management for a global insurance company.



Steffen Pietz - Director, Risk Advisory, Zurich

Steffen is a Director in our Risk Advisory team in Zurich with a focus on operational risk management. He has significant experience in technology and process risk, process controls and risk auditing, as well as Sarbanes Oxley compliance. Steffen holds a Master degree in Business Administration and Economics from the University of Passau, Germany, and has an additional degree in Sinology & Economics from Fudan University, Shanghai.



Elias Hofstetter - Senior Consultant, Risk Advisory, Zurich

Elias is a Senior Consultant in the Risk Advisory department in Zurich with profound experience in assessing third-party compliance. He possesses multiple cross-industry project experiences in Risk Management and has provided services to clients in the Financial Services, Consumer Business, Technology, Oil and Gas, Energy and Life Sciences industries as well as the Public Sector.



  • Thank you for sharing the findings.

    Posted by: on June 29, 2019 at 15:39

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.