The Face of Third-party Vendor Risk Management in 2016

In 2015, we wrote about best practices in vendor management, new regulatory mandates, and increasing cyber-ransom attacks on financial institutions.

As 2016 kicks into gear, it’s apparent more sophisticated vendor risk management procedures are a must-have. Here are a few key reasons:

  • The FFIEC holds your entire organization and Board responsible for third-party IT provider cybersecurity resiliency and disaster recovery viability
  • The OCC requires stricter oversight of third-party vendor management
  • The CFPB increased its scrutiny and prosecution of inadequacies in vendor management compliance

The time for financial organizations to assess their current third-party vendor risk management processes is now. This article from BankDirector covers critical areas for review before starting your vendor risk management program or ensuring the one you have is compliant.

Unfortunately, a shocking less than 20% of financial institutions currently perform vendor screenings. Are you included in that group? We hope not.

Aside from the compliance, due diligence, contract negotiation and implementation components of third-party vendor management, there is also the threat of data breaches due to possible weaknesses in the cybersecurity resilience of your IT provider. The ultimate question is: how many full-time employees does your financial institution have to handle all of these requirements? Unless you’re one of the major players in the financial landscape your resources are most likely stretched beyond capacity.

But wait – there’s more! What about ongoing relationship monitoring and terminations? Do you have a contingency plan? Are you still using manual processes and spreadsheets for reporting to your executives, examiners, and Board?

So many vital questions to answer and issues to resolve. It’s what drives our innovations – answering and resolving the facets of vendor risk management in 2016, no matter how it looks.