In a world where systems need to be able to communicate, many financial institutions are choosing to consolidate vendors, using a single third-party service provider with a variety of product and service offerings to limit redundancy, save money, and streamline integration. It’s a move that makes sense from a business and management perspective, but how […]

For years, financial institutions have outsourced a variety of activities to third-party vendors creating a new conundrum: Should we outsource vendor management? The answer depends on a variety of factors, including the size and location of the institution, as well as its financial condition. 4 Reasons to Outsource Vendor Management Increase productivity/control labor costs In […]

You probably think of vendor contract management as something that protects your institution. That’s true, but it does much more than that. It also protects your job. A casual approach to contract management leaves a lot of room for error. It’s also surprisingly common. In my experience, about 20 percent of contracts at financial institutions […]

Financial institutions need to continue to pay close attention to third-party access points, control objectives, reporting, monitoring, and gap analysis for the foreseeable future, according to an article in the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) June Risk Summary Report. The article examines the progress financial institutions have made in managing third-party risk […]

Everyone knows that third-party relationships introduce risk. But what about second parties, fourth parties and beyond? Let’s take a quick look at first, second, third, fourth, and fifth parties to understand who they are and the potential risks they pose. First Party This is your institution, and it’s where it all begins. Risk comes in […]

Could a third-party provider be the weak link in your institution’s operations? It’s possible, according to the Office of the Comptroller of the Currency’s (OCC) recently published Semiannual Risk Perspective. The OCC notes that operational risk remains “elevated” and specifically highlights several instances where third-party relationships are a potential source of operational risk. Cyber Risk […]

Your financial institution is regulated by one state but has an office in another state. Which state’s law do you follow in the event of a data breach? The answer is complicated. State law for data breaches varies widely. From protected data to the definition of a breach, each state has its own approach. Connecticut […]

It looks like some Utah-based credit unions might be re-examining the risk of broker-dealer networking arrangements after the Utah Division of Securities petitioned to fine three independent broker-dealers a combined $2.25 million for failing to comply with regulatory requirements. Federal credit unions can’t register as broker-dealers or sell non-deposit investments directly to members. To provide […]

A vendor data breach is a nightmare for any bank or credit union. From the financial cost to the bad press to the regulatory attention, data breaches pose a huge risk. Yet despite due diligence, they still occur. That’s why it’s essential to have a plan in place for dealing with vendor data breaches before […]

What’s worse than a vendor that suffers a data breach that exposes your sensitive customer information? The answer: A vendor that waits almost six months to tell you about it. That’s the issue that both Sears and Delta Air Lines are facing after a malware attack on each of the company’s online chat services vendors. […]