Critical risks about third party service providers are not being reported to the boards of financial services companies, according to EY.
While more than 60 per cent of financial services institutions report noncompliant third parties to senior management, less than half of firms escalate the problems to board level.
EY's Global Third Party Risk Management Survey has uncovered that "critical third party information" is only escalated to board level by 41 per cent of organisations – and only 26 per cent of companies report breaches and incidents to the board.
EY surveyed 54 global financial services organisations with third-party risk functions of "varied maturity and sizes" for the report.
Of the six global asset managers included in the EY survey, only one indicated that it reports critical third-party risks to the board – while three (50 per cent) asset managers report third-party breaches to the board level.
The global findings, which include two unnamed Australian institutions, come after revelations of poor corporate governance at AMP that led to the resignation of the CEO and chair on 20 April and 30 April, respectively.
Overall, the EY report concluded there have been "big gains in governance and oversight" when it comes to third-party risk management, but more needs to be done on board reporting and technology integration.