Your vendors have promised a lot. More than just providing products and services, they’ve promised to keep your data safe and their systems backed up. They’ve promised to carry insurance and follow applicable laws and regulations. While it’s obvious when a product or service is delivered—the lawn is cut or a new sign is delivered—it’s […]

After the housing crisis, Fannie Mae, Freddie Mac and the Federal Home Loan Banks were largely focused on credit and market risk. Now with an increasing awareness of cybersecurity, IT security, data, and operational risk, oversight of third-party providers has become increasingly important. So important, in fact, that the Federal Housing Finance Agency (FHFA) issued […]

Regulators have given financial institutions a green light for sharing Bank Secrecy Act (BSA) resources in some situations, but proper third-party vendor management practices and controls must be in place, according to a new interagency statement. The Federal Reserve, Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the […]

When properly constructed, a vendor management software solution is a tool that guides an institution through managing third and fourth-party vendor risk. It organizes existing processes and documentation while offering insights into improving vendor relationships and policies. It’s more than a storage center for contracts. It’s an expert system that uncovers insights into vendor agreements […]

The directive came from on high, and there is no escaping it: You are responsible for your institution’s vendor management process. You’ve seen the guidance. You know it’s a big job. But where to begin? Take a deep breath, let it out, and allow me to be your guide through the vendor management process. Vendor […]

If you’re assuming your third-party service provider is following cybersecurity best practices because it’s smart business, think again. Vendors are required to honor the terms of a contract and follow applicable regulatory guidance, but unless a contract clearly defines items like internal controls and incident response plans, you have no way of knowing how a […]

In a world where systems need to be able to communicate, many financial institutions are choosing to consolidate vendors, using a single third-party service provider with a variety of product and service offerings to limit redundancy, save money, and streamline integration. It’s a move that makes sense from a business and management perspective, but how […]

For years, financial institutions have outsourced a variety of activities to third-party vendors creating a new conundrum: Should we outsource vendor management? The answer depends on a variety of factors, including the size and location of the institution, as well as its financial condition. 4 Reasons to Outsource Vendor Management Increase productivity/control labor costs In […]

You probably think of vendor contract management as something that protects your institution. That’s true, but it does much more than that. It also protects your job. A casual approach to contract management leaves a lot of room for error. It’s also surprisingly common. In my experience, about 20 percent of contracts at financial institutions […]

Financial institutions need to continue to pay close attention to third-party access points, control objectives, reporting, monitoring, and gap analysis for the foreseeable future, according to an article in the Financial Services Information Sharing and Analysis Center’s (FS-ISAC) June Risk Summary Report. The article examines the progress financial institutions have made in managing third-party risk […]