Third-party vendor management is all about managing risk. It’s an issue that regulators have been pressing for years, yet it seems that not every financial institution (FI) is getting the message. At least that’s my interpretation of the FDIC’s Office of Inspector General’s (OIG) recent review of 48 third-party service provider contracts between 19 FIs and their vendors. The reviews…
A security flaw is once again forcing us to change our passwords and contact vendors. Nearly 3,400 websites, including Uber, Bain Capital, Security Scorecard, Bitsight, and Fitbit,[i] may have been affected by “cloudbleed,” a vulnerability affecting user data at sites using the Cloudflare security service. User data at these sites was published to the public […]
Banks accustomed to thinking of risk management as a point-by-point checklist should take note of the OCC’s Semiannual Risk Perspective for Fall 2016. Released in January, the document reinforces the agency’s enterprise wide approach to risk management, particularly when it comes to vendor management. Third-party risk management made cameos in several discussions of risk including: […]
Whether your financial institution has one branch or 1,000, your ability to maintain productive vendor relationships comes down to the quality of the vendor contract. For larger institutions, lawyers and years of experience eliminate many of the loopholes that otherwise create vulnerabilities for smaller FI’s. While substandard contracts can mean thousands of dollars per year in […]
Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution.
Risk monitoring touches every department and business process of the financial institution. Collaboration for identifying, assessing, mitigating, and monitoring risk addresses an inclusive strategy to ensure everyone’s involvement, as well as a multi-pronged approach to tackling the many facets of risk. This comprehensive one hour webinar will define and provide examples for effectively tackling risk […]
Just in time for Valentine’s Day, a new study has found that the Heartbleed Bug remains a serious problem for nearly 200,000 Internet-connected devices raising the question of how effectively your vendors are managing their patch updates. The Heartbleed Bug first made headlines in April 2013. It’s “a serious vulnerability in the popular OpenSSL cryptographic […]
Ever wish for a list of exactly what an examiner is looking for? When it comes to the Office of the Comptroller of the Currency and third-party vendor management, your wish has been granted with the OCC’s Bulletin 2017-7, Supplemental Examination Procedures for Risk Management of Third-Party Relationships, released on January 24. The procedures aren’t […]
Inertia is one of the greatest forces in the universe. Sir Isaac Newton dedicated the first law of motion to it: a body at rest will stay at rest unless an outside force acts on it. He was talking about physics, but he may as well have been speaking about human nature. People generally maintain […]
10 blog posts combined into one whitepaper You’ve read the top 10 risks blog posts, now download the whitepaper. From credit risk to cloud risk and everything in between, you’ll be up to speed and thwarting off risk at every turn in no time.