September 14, 2015 13:01 ET

Elevate Your Vendor Risk Management Program Maturity

Interview With Sladan Sinanovic, Head of Enterprise Vendor Management, VyStar Credit Union

NEW YORK, NY--(Marketwired - September 14, 2015) - Due to the continued pressure from regulators, third party risk remains a key issue for all financial institutions. However, despite strong advances in this area, institutions still need to further enhance their third party programs to ensure they add value to the business. Financial institutions need to ensure they effectively manage vendor relationships to remain compliant. Third party risk needs to become part of the business to free the institution from the inherent risk of third parties.

Mr. Sinanovic, Head of Enterprise Vendor Management at VyStar Credit Union recently spoke with GFMI about key topics to be discussed at their 3rd Edition Third Party Vendor Risk Management for Financial Institutions Conference, February 17-19, 2016 in New York, NY.

What are the latest developments in third party risk management? What new challenges are emerging?

SS: Third party risk management became important for every bank, credit card company, credit union, and other financial institutions after regulatory agencies issued formal third party risk management guidance, such as OCC Bulletin 2013-29; CFPB Bulletin 2012-03; Federal Reserve System SR 13-19; NCUA Due Diligence Over Third Party Service Providers 2001, to name a few. The most recent document of significant importance has been issued by FFIEC (SR 15-3), aimed toward explaining the components of an effective third-party management program that can identify, measure, monitor, and control the risks associated with outsourcing, this time focused on strengthening the resilience of outsourced technology services. This document focuses on the business continuity planning (BCP) aspects of managing third party product and service providers.

In addition to new challenges expressed in satisfying FFIEC (SR 15-3) requirements, the old regulations still very much attract significant attention of vendor risk management professionals, especially among financial institutions that have not yet been subject to OCC or CFPB in-depth audits. It is not uncommon that such organizations still maintain third-party risk management programs at low maturity levels, primarily because of subjective factors (change resistance among executive management) and lack of underrating of consequences associated with inadequate third party risk management. In short, a huge problem is reactive rather than proactive mentality of executive managers who have high tolerance to risk and low desire to manage vendor risks proactively.

How are institutions attempting to mature their third party vendor risk management programs?

SS: The way I see it, two different approaches are commonly recognized in managing third party risks within the financial industry. One is expressed in business philosophy that can be summarized as, "Why would we change anything and invest in resource, when we are doing just fine." This group mainly consists of financial institutions that have not yet been subject to OCC and CFPB audits or institutions where regulatory third party oversight is very light and lacks substance.

The second group includes financial institutions that either employ highly skilled third party risk management professionals, strong enough to go through the challenging process of changing organizational culture and mentality toward third party risk management, or financial institutions that do this because they have to, or better yet, that are forced by multi-million regulatory penalties or the possibility of being a subject to multi-million regulatory penalties. In my experience, the second group receives much greater support from executive management and is much more determined to establish sustainable, mature vendor management and contract management programs.

What is the difficulty in elevating the vendor risk management program maturity?

SS: The difficulty is primarily is in heads of decision makers who have a low desire to make substantial change. Commonly, they verbally support similar initiatives, but the actual support is rather modest, at best, or clusters around zero, at worst. Everybody can develop vendor risk management tools; everybody can establish vendor risk management techniques, but not everybody is sincerely ready to make this happen. In many instances, it is more about form than substance. The reality is that changing organizational mentality and culture never happens quickly and that people, by their nature, feel more comfortable by maintaining or slightly changing status quo, rather than taking significant steps forward, even if taking such steps is the right thing to do and something that will considerably benefit the organization.

What do you think attendees will gain from attending this next edition of the event?

SS: This is an outstanding opportunity for attendees to learn about new regulatory requirements, to discuss best industry practices, and to meet professionals who experience similar challenges in their daily work activities. Nobody understands vendor risk management issues better than people who encounter similar challenges daily. In addition, opportunities for personal growth and advancement are amazing: after my first conference, I received several invitations to speak in the US, Asia, and Europe. Most importantly, people can learn a lot while enjoying the event and having some fun. I highly recommend the conference to all vendor, risk, contract, business continuity, and information security professionals.

The 3rd edition Third Party Vendor Risk Management for Financial Institutions Conference will follow its predecessors to help institutions increase the efficiency of their third party risk programs to ensure they cover all aspects of vendor risk. Case study presentations will discuss the best strategies to capture vendor data and increase the effectiveness of their due diligence process to reduce vendor risk. Attendees will leave the meeting with an understanding of how to manage fourth party risk and reduce the effect of potential cyber and reputational risk arising from third party vendors.

For more information, please click here to download the conference agenda or contact Tyler Kelch, Assistant Marketing Manager, GFMI at 312-894-6310 or

About Sladan Sinanovic

Dr. Sladan Sinanovic is a business professional with versatile vendor management, risk management, and process improvement skill set, developed through more than 18 years of experience in financial industry. He established and managed fully compliant vendor management programs with emphasis on vendor risk management and contract administration processes. In addition to managing traditional vendors, Sladan managed a large, nation-wide network of foreclosure and bankruptcy attorneys. Prior to functioning in VP, Director, and PM capacities in the financial industry, Sladan used to be an Attorney of Law.

Sladan holds a Philosophy Doctor in Business Administration from NCU, AZ as well as Certified Regulatory Vendor Program Manager (CRVPM) and Project Management Professional (PMP) certifications.

About Global Financial Markets Intelligence
GFMI is a specialized provider of content-led conferences for the financial markets. Carefully researched with leading financial market experts, our focused quality events deliver key bottom-line value through targeted presentations, interactive discussions and high-level networking opportunities.

Contact Information