By Iva Karen
KUALA LUMPUR, June 25: Financial institutions are being urged to take vendor risks more seriously, especially with more banks and insurers relying on third parties to manage key services, said financial compliance expert Muhammad Nazri Shaidon
He said what used to be just a simple buying decision has now become a serious risk issue that could affect a bank’s reputation, customer data, and legal standing.
“Before working with any third-party vendor, banks should carry out full background checks. This includes looking at the vendor’s ownership, financial status, and any connection to high-risk individuals or countries.
“One important step is to find out who really owns the vendor, also known as the Ultimate Beneficial Owner (UBO). This is because some vendors may be controlled by people or groups under international sanctions, which can put banks at risk of breaking the law,” he said.
Muhammad Nazri said if banks work with such vendors without knowing, they could face legal action or heavy penalties under anti-money laundering (AML), terrorism financing, or data protection laws.
He also advised banks to continue monitoring their vendors throughout their period of engagement. hired.
“Vendors can change owners, face legal trouble, or appear on new sanctions lists. Regular checks are needed to stay updated.
“When renewing contracts, banks should carefully review Non-Disclosure Agreements (NDAs) to make sure sensitive information is properly protected. A one-size-fits-all NDA is no longer enough.”
He said banks should also train vendors who handle important data or systems, especially on AML, anti-bribery laws, and how to protect customer information.
He stressed that contracts must be clear about what is expected from vendors, including service quality, data security, and what happens if they fail to meet standards.
He also recommended different levels of review for different vendors, whereby, high-risk vendors should be reviewed every year, while low-risk ones can be checked less often.
“Keeping a central record of all vendors, including their risk levels and review dates, can help banks manage their third-party risks more effectively.
“In today’s business world, knowing the vendor is not enough. Banks also need to know who owns the vendor. Ignoring this can lead to serious problems with regulators, customers, and the public trust.”
— WE