Risk Assessments

 View Only
Expand all | Collapse all

Global or Regional Service Classification templates ?

  • 1.  Global or Regional Service Classification templates ?

    This message was posted by a user wishing to remain anonymous
    Posted 03-24-2023 09:59 AM
    This message was posted by a user wishing to remain anonymous

    Hi 

    We are a FS firm that operates in multiple regulated jurisdictions, each with their own, albeit similar Outsourcing regulations.

    How do others approach the classification and risk assessment of third party vendors or Outsourcing providers? 

    Do you have one all encompassing form that cover the core assessment criteria in each regime, or bespoke forms for a region of country? 

    Do you use the same form for the UK and Germany ? 

    Many thanks



  • 2.  RE: Global or Regional Service Classification templates ?

    Posted 03-28-2023 03:25 PM

    Hi,

    Yes, I'd recommend the following:
     

    • Classifications: High. Medium, Low.
    • Risk Assessment gauges risk across Inherent risk categories include the following: Business Continuity, Compliance, Concentration, Country, Credit, Cyber, Financial, Interest, Legal, Operational, Reputational, Strategic, and Transactional. 
    • Yes, an Inherent Risk form should be the same to ensure consistency across the entire vendor inventory.
    • Different countries like the UK and Germany can be captured in Risk headers/categories such as Country, Compliance, and Concentration, but this is not exhaustive - there are many ways to reflect this information. 
    • Yes, use the same form for the UK and Germany as described above. Compliance regulations that are country specific like GDPR will apply to European countries, but for the purposes of a Risk Assessment, indicating Compliance risk is sufficient (based on the available Compliance questions).

    I am interested to hear what others think.