On Vendor Master Data integrity and Risk
In any bank there’s lots of different processes and systems to support the different functions, whether it’s procurement, to pay, sales, contracts, risk management, compliance, information, security, cybersecurity, contingency of business, and so on. These departments and groups— some of them didn’t [even] exist a few years ago— are very big groups within an organization. They go and pick their own systems, they come up with some brilliant tool to take care of whatever it is that they’re responsible for. But nobody really has that bird’s eye view, that overall view of what’s going on to make decisions and put in the necessary central controls.
“There’s evidence that when third parties enter their data themselves, the error rate goes down significantly.” |
A lot of these systems have been around a long time. They’re rather archaic, and they use old technology, there’s no connectivity between the systems. We may at best have some mapping between similar fields. I remember, many years ago, I was heading up derivatives and something came up and we needed to determine our exposure to a major Fortune 100 company. We realized that the company was in a gazillion different systems. And the name was spelled differently in every system!
So to me, the starting point is that repository of third party core data in a central way. At least, if you make sure that the name, address, tax ID, right? [Where] some core data defining the third party is centrally kept, and then fed into different systems, that would be a huge step in the right direction.
There’s evidence that when third parties enter their data themselves, the error rate goes down significantly. Because it’s not a one time thing we’re talking about here, once you set up your third party, things change over time, their address change, names change, all sorts of things change, right? So allow the third party to have control over their data, with some oversight and control, of course.