Just in time for Valentine’s Day, a new study has found that the Heartbleed Bug remains a serious problem for nearly 200,000 Internet-connected devices raising the question of how effectively your vendors are managing their patch updates. The Heartbleed Bug first made headlines in April 2013. It’s “a serious vulnerability in the popular OpenSSL cryptographic […]
Ever wish for a list of exactly what an examiner is looking for? When it comes to the Office of the Comptroller of the Currency and third-party vendor management, your wish has been granted with the OCC’s Bulletin 2017-7, Supplemental Examination Procedures for Risk Management of Third-Party Relationships, released on January 24. The procedures aren’t […]
Inertia is one of the greatest forces in the universe. Sir Isaac Newton dedicated the first law of motion to it: a body at rest will stay at rest unless an outside force acts on it. He was talking about physics, but he may as well have been speaking about human nature. People generally maintain […]
10 blog posts combined into one whitepaper You’ve read the top 10 risks blog posts, now download the whitepaper. From credit risk to cloud risk and everything in between, you’ll be up to speed and thwarting off risk at every turn in no time.
Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution. #9 – Operational Risk […]
Not every third-party vendor requires the same level of scrutiny, the Consumer Financial Protection Bureau made clear in its October 31 guidance update on risk management for third-party service providers. Supervised banks and non-banks have the “flexibility” to perform an inherent risk assessment on the third-party vendors to “allow appropriate risk management” of these relationships, […]
Empty threats are rarely a good idea—and sometimes they are straight-up illegal. That’s the lesson $73 billion-asset Navy Federal Credit Union is learning after the CFPB forced it to pay members $23 million in redress and a $5.5 civil money penalty for making “false threats about debt collection.” The largest credit union in the country […]
Either Wells Fargo didn’t have strong enough account opening and management policies and procedures in place or there wasn’t a strong enough system to ensure policies and procedures were followed—or both.
You believe your institution is prepared for a disaster—but are your vendors? Precautions against fourth party risk for both vendor management as well as business continuity planning. If you’re dependent on a third-party vendor that can’t quickly recover from a disaster, there’s a major gap in your own business continuity plan. Unfortunately, not every institution […]
Banks think of spreadsheets as an inexpensive way to track all kinds of activities—but it’s often an expensive mistake in the making. Just ask Goldman Sachs. The investment bank and another firm recently settled a lawsuit for $30 million—and it all started with a spreadsheet error, The Wall Street Journal reports. Goldman Sachs was handling […]