There is temptation in the world of management. With regulatory scrutiny increasing and cost a concern, free vendor management checklists seem like an easy solution. But is that free checklist going to cost you down the road? My experience says yes. Free vendor management checklists are a disaster waiting to happen. From misclassifying vendor risk […]

After the past few months of fire and weather calamities, many financial institutions are wondering if their business continuity plans (BCPs) are as current and comprehensive as they need to be. When reviewing your BCP, make sure it incorporates these 10 best practices: Organized information. A fully realized business continuity plan has many components. Consistent […]

It’s crunch time at the North Pole, and Santa is worried. Despite his elves’ best efforts, he’s not sure they are going to be able to produce all the toys he needs by Christmas Eve. He’s wondering if it might be a good idea to outsource toy making. But before Santa breaks with hundreds of […]

A Texas credit union has found itself dealing with the expensive consequences of a third-party vendor breach, it announced to members last week. The third-party vendor the credit union was using for data analytic services was a victim of a ransomware attack that resulted in thousands of member files being compromised, including Social Security numbers. […]

A Missouri bank is facing a $1.5 million civil money penalty as part of an OCC enforcement action after allegedly violating Section 5 of the Federal Trade Commission (FTC) Act by incorrectly billing customers who purchased an identity theft product. The OCC blames it on “deficient vendor management practices” and is requiring the bank to […]

After its account-opening scandal last year, you’d think Wells Fargo would have examined all its policies and procedures to ensure the bank was following the letter of the law and keeping customers and their data safe. When thousands of employees secretly open over 2 million deposit and credit card accounts for unwitting customers by transferring […]

Another day, another third-party data breach. Actually, two of them. Earlier this month we learned that data from at least 6 million Verizon Wireless users was leaked online, including phone numbers, names, and PIN numbers to access accounts. Cybersecurity firm UpGuard discovered the leak, which was caused by NICE Systems, a vendor Verizon Wireless was […]

Just in time for your summer beach reading, the OCC has released frequently asked questions based on OCC Bulletin 2013-29, “Third Party Relationships: Risk Management Guidance.” This guidance provides additional information on 14 questions which are detailed below. While the guidance offers no surprises or material changes for most financial institutions, there are a few […]

One of the most effective community bank and credit union vendor management tools is getting an overhaul this spring, and it’s going to change how financial institutions (FIs) monitor vendors and their internal controls. Beginning May 1, 2017, the Statement on Standards for Attestation Engagements 18 (SSAE 18) will take precedence over all previous versions, […]

Third-party risk is a hot button issue for regulators. When a financial institution (FI) outsources an activity to an outside vendor, it can introduce all kinds of risk. Vendor management is all about assessing, measuring, monitoring and controlling those risks. Different regulators use different terms to talk about vendor management. While they all ultimately have […]