Managing Third-Party Risk in Financial Services
Minick walked the audience through some of the biggest contemporary challenges to securing a modern financial institution and described how Fifth Third responds to these challenges. One of these is managing the cybersecurity risk introduced by third parties such as vendors, a huge challenge for banks that rely on fintech partners to help them with things like transaction management and data analytics.
“Third-party risk is a big challenge,” Minick said, noting that institutions should apply a multipronged approach to managing it. “It starts with vetting any third parties you use,” he said. “You need to understand exactly what their security protocols are and what they’re doing.”
Financial services companies often have difficulty forging new partnerships, even with firms whose products they like, because they don’t always meet the stringent cybersecurity requirements of regulators. This is especially true among startup technology companies, Minick said, which is disappointing because many startups are developing innovative solutions.
Before he started his role at Fifth Third, Minick founded his own cybersecurity startup. In those days, he said, he’d often steer clear of trying to sell into industries, including finance, that had high barriers to entry.
“In financial services, the bar is much higher than it is in other industries,” he said. From the perspective of startups, “we’re not the 30,000-pound gorilla in the room.”