An Interview with Kelly Entas, Senior Vice President, Third Party Program Oversight Executive at Bank of America

Interested? Do you feel you will benefit?

11th Edition Third Party Vendor Risk Management For Financial Institutions

Due diligence, risk assessment and ongoing monitoring of 3rd and 4th party vendors to advance to a best-in-class TPRM program

February 10-12, 2020
New York City, USA

What our delegates think of us:

Very interesting. Fundamental to understand the VRM key issues and the current and near future situation.

BBVA

Best conference, materials were clear and rich. Well put together and organized.

BNY Mellon

The participating speakers and topics were extraordinary. A valuable 3 days focusing on third party risk .

Santander

An Interview with Kelly Entas, Senior Vice President, Third Party Program
Oversight Executive at Bank of America

Ahead of our 11th Edition Third Party Vendor Risk Management For Financial Institutions Conference, we spoke with Kelly Entas of Bank of America. In her role, Kelly is responsible to ensure the bank has an effective Third Party Risk Management program. Most recently Kelly was a Procurement Executive within the team managing all procurement activities for the Staff Support Functions ($11B annual spend). Kelly has extensive experience leading global procurement operations, serving as a dynamic leader who has fostered highly successful teams throughout her 19-year career. Kelly joined Bank of America in 2005 supporting the Global Procurement team as a Process Design Consultant. Kelly’s ability to lead, adapt and execute flawlessly allowed her to take on expanding roles as a Sourcing Manager, Senior Sourcing Executive, Procurement Executive and now Third Party Program Oversight executive. Prior to joining Bank of America, Kelly worked within supply chain management at two manufacturing companies. She is a Certified Professional in Supply Management and Six Sigma Green Belt.

What are the main challenges for Financial Institutions today in carrying out vendor due diligence and risk assessments?

- Ability to properly assess, understand, and document the inherent and residual risks of third party relationships.
- Improve processes to perform proper due diligence and assessment of the third-party's risk and controls.
- Maintain appropriate contract terms and conditions to cover inherent risks across all types of products/services.
- Adequate number of resources to execute vendor due diligence and risk assessment activities.
- Determine the right balance between over-assessment and defendable posture within risk appetite.

Can you briefly describe what a consortium for vendor risk assessments is?

Financial institutions share many of the same third parties to help execute their processes and may be impacted by the same operational and regulatory risks. In addition, financial institutions may implement similar controls to manage their third party risks and may expect third parties to execute similar risk-mitigating activities.

A consortium enables multiple banks to centralize and standardize risk assessment activities to share a common source of due diligence research. Banks may analyze the research to complete their due diligence.

How could a consortium for vendor risk assessments help both the Financial Institutions and their vendors?

The due-diligence process that banks must go through to vet third parties is a manual process that each vendor must complete for each bank that engages them. Individual banks' due diligence questionnaires and forms frequently differ in structure but contain similar requests, which creates duplicative engagement by vendors in each request.

A consortium can develop a "library" of due diligence reports that banks and other financial companies can draw from rather than performing their own research for their third-party risk assessments. This collaboration will save time and resources for both banks and their vendors. The consortium will enable banks to raise their risk assessments to industry standards.

Can you think of some other ways TPRM programs can be made more efficient?

- Build and manage our third party inherent risk assessment questionnaire with other large banks with the same challenges to leverage industry knowledge and expertise.
- Co-design an industry leading flexible risk assessment technology tool.
- Integrate the TPRM program into other enterprise-wide risk management activities, such as PRCs, RCSAs, or affiliate management.

What would you like to achieve by attending the 11th Edition Third Party Vendor Risk meeting?

I am somewhat new in role so I am looking forward to getting to know my peers across other companies and learning more about challenges they face.

Panel Discussion: Industry collaboration: Exploring the idea of a consortium for vendor risk assessments
• How could a vendor risk assessment consortium optimize TPRM across
the financial industry?
• A look at how consortiums have worked in the Payment Card Industry (PCI)
• Determining the basic controls and standards that would need to be in place for a vendor risk consortium to work

For registration pricing and multiple attendee discounts, please contact:

Jeremy Wise
jeremywi@marcusevansch.com

DOWNLOAD AGENDA DOWNLOAD AGENDA

Kelly Entas will be one of our expert panelists!