Cyber criminals are growing increasingly clever. Just consider what happened to Tampa Bay Credit Union recently. Fraudsters played an elaborate game of connect-the-dots by figuring out the Bin number on the credit union’s debit cards and spoofing cards by connecting Bin numbers to members’ debit cards, reports SC Media. Thousands of cards had to be […]

Increased risk exposure from third-party providers, particularly fintechs, poses threats to the entire financial system, and banking regulatory agencies should have the ability to oversee them. That’s the message of two government reports published late last year by the Financial Stability Oversight Council (FSOC) and the Government Accountability Office (GAO). FSOC: Supervision Key to Reducing […]

People like to joke about the amorphous nature of “the cloud.” It’s neither here nor there but also everywhere. While the cloud may seem mysterious to the layperson, there shouldn’t be anything secretive about your third-party vendors’ cloud use. If your vendor is housing any of your client or sensitive data on the cloud, you […]

Concentration risk is most commonly associated with lending, particularly with commercial real estate lending. This remains true today, with the Government Accountability Office’s predictive models of CRE loan performance indicating that concentration risk in CRE lending has risen based on an increase of both bank CRE lending and CRE prices the past few years, according […]

A lot of banks and credit unions participate in Apple Pay. In fact, nearly 3,000 U.S. financial institutions do – up from 1,600 just two years ago. When Apple Pay was first being adopted, I wrote a blog post discussing the potential data security and transaction risks Apple Pay could pose to client data. There’s […]

The words “manage, mitigate, and reduce risk” are music to the ears of a risk manager. When a third-party vendor puts this phrase front and center, it inspires confidence that the company has a strong risk management culture. Unfortunately, talk is cheap—and legal settlements are expensive. Just ask Celink, a reserve mortgage servicer billing itself […]

Did you miss our recent webinar, “How to Leverage SOC and SSAE 18 Reports Throughout Every Department of Your Financial Institution”? You can listen to the recording HERE. We received some excellent questions posed by our webinar attendees and thought we’d share them with you: 1. Do financial institutions need to also have SSAE reports […]

Bankers know they shouldn’t do business with parties sanctioned by the Office of Financial Assets Control (OFAC). That doesn’t just mean as a customer. They also need to make sure they aren’t using the products or services of a sanctioned entity (i.e. using a sanctioned third-party vendor), as OFAC has reminded us in its most […]

Forget Michael Meyers and the newest installment of the Halloween franchise. If you really want to be scared, you should read some of the most hair-raising items that managed to make it into actual financial institution third-party vendor contracts. 1. We might have lied to you to get you to sign this contract. Too bad. […]

Your vendors have promised a lot. More than just providing products and services, they’ve promised to keep your data safe and their systems backed up. They’ve promised to carry insurance and follow applicable laws and regulations. While it’s obvious when a product or service is delivered—the lawn is cut or a new sign is delivered—it’s […]