Alfred Kahn is the founder and CEO at OvationCXM, a customer experience management company.
getty
According to EY, 98% of U.S. financial services firms use third parties to fast-track offerings and fulfill customer journeys. That’s no surprise—driven by technology advances and shifting customer expectations, institutions have embraced fintech partnerships to overcome rigid legacy banking systems and gain speed to market.
These relationships surged without much regulatory comment. However, several banks were cited for missteps in their risk management of third parties, and regulatory fines and enforcement actions were levied on both banks and their fintech partners in the last year.
The three main agencies—Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC) and the Federal Reserve—published interagency guidance outlining third-party risk management recommendations. In May 2024, they issued similar guidance to community banks.
In short, financial institutions are responsible for all customer service in their value chain, even if parts of it are delivered by third parties.
The Risky Gap In Compliance Monitoring
Eight of 10 executive risk committee members say their organizations have experienced operations disruptions due to a third-party risk incident.
Few banks and credit unions have visibility into customer contacts with partners as they happen, making it nearly impossible to manage service governance. Essentially, financial institutions are held liable for customer interactions they can’t see.
Regulators are not sympathetic to the challenge of fragmented service delivery, so banks must take action to unify their ecosystem to minimize compliance risk.
Many banks prioritize third-party risk management (TPRM) during partnership onboarding and recertification, spending 73% of risk management resources on these “bookend” events and just 27% on monitoring the ongoing relationship. However, eight in 10 incidents happen during the day-to-day. This reactive approach leaves banks vulnerable and out of sync with ongoing issues impacting customers.
In other words, when “material” compliance events are most common, banks are least likely to be watching. That’s risky.
McKinsey predicts more consumer protection and “conduct” regulation is coming, so banks should embrace solutions that connect them to their ecosystem so they can monitor all of their customer engagements.
The Role Of Real-Time, Connected Data
Fragmented data silos are a major hurdle to effective TPRM and a persistent obstacle hindering service visibility and customer experience.
Gartner recommends an iterative approach to third-party risk management, shifting resources to the ongoing activity of partners so it’s proactive instead of an urgent reaction to a specific event.
Many organizations have refined their framework to assess, identify and remediate risk, but tell us it's difficult to turn this manual, time-intensive endeavor into an automated, data-driven strategy at scale. Deloitte notes even large global organizations still manage third-party risk with spreadsheets.
In my experience, organizations face four consistent pain points.
1. No visibility into customer-partner interactions.
2. Customer data locked in disparate systems.
3. Limited analysis to detect problems.
4. Manual documentation and reporting.
Organizations should look to technology and processes that can address these pain points and shore up partner service governance. Here are a few ways to do so.
1. Continuous Monitoring
Financial partners should have visibility into all interactions with partners to meet regulatory guidelines and contractual and service-level agreements.
Companies do a good job of proactively managing risk in certain areas but don’t have an enterprise-wide view of their risk exposure. Extend this lack of visibility across the ecosystem, where partners also use proprietary platforms, and it’s clear why surveilling service delivery is so hard.
Data silos must be smashed and systems and teams connected, unlocking the flow of customer information. That can begin through a customer journey mapping exercise, where internal and external stakeholders document the customer’s experience step by step.
Pain points and gain points become obvious. In one case, my company discovered a bank customer received 13 different emails with conflicting branding and messaging because the bank and its partners didn’t know what the other was doing.
Technology can also help to thread disparate platforms together, allowing banks and partners to share customer information and collaborate to solve issues.
2. Real-Time Data Sharing
Data must be unified in real time to power an iterative approach. One way to do this is with solutions that feature pre-built ecosystem connectors that have a continuous bidirectional sync that can be configured to their specific security posture.
Keep in mind that interaction data from call transcripts, emails and chat sessions typically have fewer security concerns than sensitive account data.
3. AI-Powered Insights
By giving generative AI access to third-party data where risk is most often hidden, it can identify patterns and irregularities.
AI is only as good as the data it is fed, however, so incomplete information can yield inaccurate conclusions, bypass red flags, exacerbate data biases or deflate confidence in recommendations. Human oversight remains instrumental to data quality and AI outputs.
A best practice for incorporating generative AI is to seek out technology providers with a track record of using AI in their applications and leveraging multiple AI models, applying the best model to each use case. AI technology is simply evolving too quickly for companies to become locked into any single model.
4. Automated Processes
Regulatory bodies impose timelines for complaint responses from financials. It may involve locating documents, reports and emails and crafting written responses. GenAI can also streamline compliance documentation and subsequent research and reporting. It ingests details from the customer’s history from data sources to create a detailed synopsis of events.
Automation minimizes investigative hours, but staff should review the summaries and fine-tune anything that’s ambiguous and needs further explanation, minimizing investigative hours.
Managing Risk Can Boost The Bottom Line
According to Gartner, the iterative approach gives organizations a two-fold greater ability to see incidents before they become serious and one-and-a-half times greater ability to remediate them before it’s too late. It also provides benefits to the bottom line by addressing compliance gaps before they lead to enforcement actions or reputational damage.
Ecosystem connectivity paired with AI and updating internal processes can help address compliance weaknesses between banks and their partners, but it also provides an opportunity to elevate customer experience quality, which always pays off.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?