Nov 15, 2019 / 10:22

Vietnam banks urged to step up third-party risk management

The Hanoitimes - Most Vietnamese banks are still struggling to comply with the banking authority’s regulations related to digital transformation, particularly those concerning the management of third-party risks.

Digital transformation has given rise to increased outsourcing of operations and services by banks to third-party vendors, leading to growing information security threats. Experts, therefore, urged local banks to step up third-party risk management.

 

Cost savings are not the only reason why third-party services are on the rise in banking. Beyond that, third-party vendors give banks access to specialist capabilities and technologies that they might not yet be able to build or maintain in-house, said PwC’s experts at a workshop themed “Managing third-party risks under Circular 18” for members of the Vietnam Banks Association (VNBA).

Despite the evident benefits of using third-party providers, the associated risks are not to be ignored. A few years ago, hundreds of customers’ bank statements were stolen from a bank in Singapore, following unauthorised access into a server containing such information on an off-site printing facility. And earlier this year, a data and analytics firm catering to some of the biggest financial institutions in the US failed to secure millions of private financial documents after a major data breach.

 Pho Duc Giang, Cyber Security and Privacy director at PwC Vietnam Cyber Security Services Company.

On August 21, 2018, the State Bank of Vietnam, the country's central bank, issued Circular No. 18/2018/TT-NHNH to govern the assurance of information systems safety and security in banking operations. However, most local banks are still struggling to comply with the requirements related to digital transformation in the circular, particularly those concerning the management of third-party risks.

“The convenience of tech-enabled financial services has led to an ever-larger and more complex ecosystem of banks, fintechs and related service providers. The adoption of international standards and good practice helps the banks to improve the effectiveness of risk management, including third party risks,” said Nguyen Phi Lan, Partner and Risk Assurance leader at PwC Vietnam.

Sharing experience from Malaysia and the region, Yu Loong Goh, IT Risk Assurance director at PwC Vietnam, said that most high-performing banks in the region are focusing on two main tasks in third-party risk management. First, assessing the current state of their cyber security risk management programme and second, third-party attestation reporting. These provide the basis for banks to come up with measures to address gaps and protect their organisation and clients.

Pho Duc Giang, Cyber Security and Privacy director at PwC Vietnam Cyber Security Services Company added, “third-party attestation can bring many potential benefits, such as improved trust with stakeholders, increased confidence in your own operations, reduced costs and moving towards a sustainable financial services ecosystem.”