Are You Making This Common Vendor Management Mistake Observed by the FDIC?
FIs aren’t doing enough to ensure their contracts with third-party vendors sufficiently address business continuity and incident response.
3 Tips for Avoiding an Equifax-Style Breach
When one of the nation’s largest credit reporting companies reports a breach involving the private financial data of over 145 million Americans, people
Why Vendor Cyber Monitoring Matters
No matter how strong a financial institution’s own cyber defenses are, it’s really only as strong as its weakest vendor.
Risk Management: Knowing When It’s Time to Start Again
How can you tell if a risk management program needs to be totally reinvented? The benefits of a complete overhaul can often outweigh the inconvenience.
How to Discover Vendor Cybersecurity Flaws Before Data Thieves Exploit Them
How do you know if a cybersecurity rating is covering all the bases? Make sure it monitors these key areas...
GAO & OCC Disagree Over Risk Management
Have you felt like an examiner, auditor, or other reviewer just didn’t get you, your bank, or a program/business line? The OCC can relate.
3 Tips for Avoiding UDAAP Violations
If you've ever wondered how to avoid unfair, deceptive, or abusive acts or practices, this post is for you! You'll see three great tips to help you...
Is the Absence of Risk Stunting the Next Generation of Risk Managers?
If we don’t give children the opportunity to encounter reasonable, relatively low-stakes risk, how will they be prepared for risk at the enterprise level?
UDAAP Compliance: Defining Unfair, Deceptive, & Abusive Acts and Practices
Get clear definitions for each of the key terms involved in UDAAP compliance, including how to define unfair, deceptive, and abusive acts and practices!
Celebrating Abraham Lincoln's Banking Legacy: A Podcast
In honor of Abraham Lincoln's birthday and President's Day, enjoy this podcast from ABA Banking Journal celebrating Lincoln's banking impact...
Training Risk Management Heroes, Part 1: Banking on the Frontline
Frontline staff at FIs are trained to protect both the institution and its customers by identifying fishy transactions, but staff are capable of going
The Bad Guys Keep Getting Smarter. Let’s Hope Financial Institutions and Vendors Can Keep Pace.
Cyber criminals are growing increasingly clever.Just consider what happened to Tampa Bay Credit Union recently...
Fintech Update: Agencies Encourage Increased Regulator Oversight of Third Parties, but Will Anything Happen?
Increased risk exposure from third-party providers poses threats to the entire financial system, and banking regulatory agencies should have the ability
Third-Party Management of Cloud Computing
While 'the cloud' may seem mysterious to the layperson, there shouldn’t be anything secretive about your third-party vendors’ cloud use. If your vendor
2019 Risk Outlook: Concentration Risk
Concentration risk is most commonly associated with lending. Looking ahead, the New York Fed is warning of a different kind of concentration risk
Is Apple Pay a Vendor?
Apple Pay is not a direct vendor. This raises an interesting question. Should financial institutions (FI) using Apple Pay have to review Apple as a vendor?
NCUA Eyes Economic Environment, Change Management & Third-Party Risk With 2019 Supervisory Priorities
The NCUA has made adjustments to its Supervisory Priorities for 2019 - emphasizing controlling risks, including a new focus on third-party risk management.
The Top 8 Internal Cybersecurity Vulnerabilities Challenging Financial Institutions
Internal vulnerabilities are the aspects of cybersecurity that your institution has direct control over. The eight most significant internal vulnerabilitie
How the Government Shutdown is Affecting Regulatory Agencies
The partial government shutdown has furloughed workers at the national parks, the Smithsonian museums, the IRS, courts, and other federal institutions, but
Your Vendor Talks Risk Management Talk, but Does It Walk the Walk?
The words “manage, mitigate, and reduce risk” from a third-party vendor are music to the ears of a risk manager. Unfortunately, talk is cheap—and legal
Inside the Life of an Information Security Officer
What’s it like to be the information security officer at a $1.5 billion-asset community bank? We chatted with one to learn more about the challenges ISO
Turf Battles and Low Morale Can Increase Risk. Just ask FinCEN.
FinCEN’s issues are just a small part of the fascinating story about how Russia tried to use backdoor channels to infiltrate Treasury. It’s also a story
Holiday Gift to Bankers: Regulators Slap Down Fintech Bank Wannabe
The Robin Hood of legend is known for being above the law. Fintech firm Robinhood is learning that it is not.
Yule Shoot Your Eye Out: Classic Holiday Movie Characters That Underestimated Risk
These classic films let us enjoy a bit of nostalgia and give us a break from the holiday rush, but do they have anything to teach us about risk? I’d say ye
Business Continuity
Business continuity means planning for major disruptions in a company so that the company can continue operations.
What Asset-Based Risk Assessments Get Wrong
Wouldn’t it be nice to reduce risk management to a simple checklist? That’s the thinking behind asset-based risk management - but this idea has more flash
RPO - Recovery Point Objective
RPO is otherwise known as Recovery Point Objective and refers to the age of files that must be recovered from backup storage for normal operations to
Findings on Findings on Findings: Guess Whose Audit Uncovered Over 2,000 Findings?
If you think tracking findings is challenging, try being the Pentagon. The Department of Defense underwent its first-ever full financial audit - the resuls
Examiners Will Be Focusing on Your Institution’s Riskiest Areas. Do You Know What They Are?
In the FFIEC Press Release, dated 11/27/2018, the FFIEC provided a more formal idea of what a “risk-based exam” looks like and the factors that will help
You Got SOC Questions? We Got SOC Answers!
Did you ask a question during our live broadcast of How to Leverage SOC and SSAE 18 Reports Throughout Every Department of Your Financial Institution?