Vendor Management: What the FDIC Really Wants
Find out what the FDIC wants banks to know about vendor management. We explore part VII of the Compliance Exam Manual and pull out the nuggets of vm gold.
OCC Vendor Management: What the OCC Really Wants
You just found out you're getting a visit from the OCC. Vendor management is suddenly top priority what do they want? This is the resource you need to read
Guarding Against Cyber Events: How Strong Are Your Vendor’s Protections?
If your third-party contracts are structured like those at many financial institutions, your response may fall short of expectations due to lack of clarity
Warning Ahead: Many Vendor Contracts Are Missing Essential Internal Controls
The phrase “internal controls” is closely associated with accounting, but these valuable tools are also an integral part of risk management.
Is Your Contract Protecting Your Institution?
Don’t ignore your contracts. If you’re not demanding detailed term definitions, controls and performance standards, you’re doing your FI a disservice.
Weak Vendor Management Trickles Down to Contracts
Third-party vendor management is all about managing risk. It’s an issue that regulators have been pressing for years, yet it seems that not every
The Life of a Strategic Risk Manager: Building Buy-In
No matter how bright and organized a chief risk officer is, an institution’s ERM program is only effective when employees follow it.
The Life of A Strategic Risk Manager: The problem of manual processes
What’s it like to be a chief risk officer? It’s a complex, time-consuming job—one that balances day-to-day management with big picture planning.
OCC: Marketplace Lenders Are Third-Party Vendors
The OCC says marketplace lenders are third-party vendors. How does that affect your risk exposure? We look at how you're affected in this blog post.
What Happens in New York Doesn't Stay in New York
How does this help your institution? If any of your vendors have clients in New York state, it should easily be able to provide your institution with
Does Vendor Size Matter?
Some institutions try to simplify vendor management by picking the biggest vendor in each category. Going big, however, is not always the safest option.
Western Unions Pays $184 Million for Ignoring Vendor Due Diligence
After failing to conduct adequate due diligence on vendors, incl. background checks and on-site reviews, the $184MM fine may be its biggest transfer yet.
Lessons from the CFPB: Why It’s a Bad Idea for a Banker to Name His Boat Overdraft
A lawsuit against TCF National Bank alleges that it tricked consumers into signing up for costly overdraft services in order to preserve its bottom line.
Are You Connecting the Risk Management Dots?
The OCC’s Semiannual Risk Perspective for Fall 2016 reinforces the agency’s enterprise wide approach to risk management, particularly to vendor management.
Don’t Let Heartbleed Lead to Vendor Management Heartbreak
A new study has found that the Heartbleed Bug remains a serious problem for nearly 200,000 Internet-connected devices raising questions about vendor mgmt.
Documentation is Key: Takeaways from the OCC’s Third-Party Vendor Risk Management Procedures
Ever wish for a list of exactly what an examiner is looking for? When it comes to the OCC and vendor management, your wish has been granted.
After Six Years, Agencies Fine Mortgage Processor $65 Million
It’s bad enough to be hit with a regulatory consent order. Now imagine the expense and public relations nightmare when those proceedings drag on for years.
Why Inertia Creates Risk
Inertia is one of the greatest forces in the universe. It applies to banking and business and there are costs if inertia goes unchecked.
The Risks of Apple Pay for Banks and Credit Unions
In the race to remain competitive more than1,600 banks and credit unions have joined Apple Pay, probably hoping that some of Apple’s cool will rub off.
Broker-Dealers Need Vendor Management Too
The Financial Industry Regulatory Authority (FINRA) is putting broker-dealers on notice that vendor management of cybersecurity will be a hot topic in 2017
A Quick-and-Dirty Guide to CRA Compliance Exams
CRA compliance is familiar for many institutions. In this post, we'll cover a few things you may not know, and provide some tips for how to prep for a...
RiskTech vs RegTech
Don’t let the label of RegTech trick you into thinking that checking off to-dos on a list of tasks is compliance. Here's more on RiskTech in our article.
Cloudy with a Chance of Data Loss
Perhaps there’s no buzz word more confusing to bankers and credit union executives than the “cloud.” It evokes an ethereal image of data floating safely
When Natural Disasters Become Customer Relationship Disasters
Customers don’t want to hear that a data center across the country flooded, a cyberattack overwhelmed systems or a piece of equipment failed. In their eyes
Why You Need to Focus on Cybersecurity Risk Now
Rather than lump cyber risk in with other categories, it’s important for banks and credit unions to directly address this risk with their critical vendor
What is Concentration Risk - And What Does My Regulator Have to Say About It?
When most bankers and credit union executives think of concentration risk, they think of lending—but concentration risk has a different meaning whentalking
Compliance Risk - Avoid Vendor Compliance Failures by Properly Assessing Risk
Compliance risk is one of the 10 biggest vendor risks facing FIs—and the reason why FIs need to know the whats, hows and whens of its vendors’
Country Risk - Why It Pays to Choose Domestic Service Providers
Think it’s tricky to keep track of the rules and regulations U.S. regulatory agencies? Imagine following operational requirements of foreign countries.
Planning to Fail or Failing to Plan - Strategic Risk
Strategic risk is the possibility that a company doesn’t make decisions that support its long-term goals. Learn how to avoid these costly decisions.
Assess Vendor Reputation Risk - Before You Have to Rebuild Yours
Ben Franklin once wrote that “Glass, china and reputation are easily cracked, and never well mended.” Reputation risk can be mitigated through these steps