Did you miss our recent webinar, “How to Leverage SOC and SSAE 18 Reports Throughout Every Department of Your Financial Institution”? You can listen to the recording HERE. We received some excellent questions posed by our webinar attendees and thought we’d share them with you: 1. Do financial institutions need to also have SSAE reports […]

Bankers know they shouldn’t do business with parties sanctioned by the Office of Financial Assets Control (OFAC). That doesn’t just mean as a customer. They also need to make sure they aren’t using the products or services of a sanctioned entity (i.e. using a sanctioned third-party vendor), as OFAC has reminded us in its most […]

Forget Michael Meyers and the newest installment of the Halloween franchise. If you really want to be scared, you should read some of the most hair-raising items that managed to make it into actual financial institution third-party vendor contracts. 1. We might have lied to you to get you to sign this contract. Too bad. […]

Your vendors have promised a lot. More than just providing products and services, they’ve promised to keep your data safe and their systems backed up. They’ve promised to carry insurance and follow applicable laws and regulations. While it’s obvious when a product or service is delivered—the lawn is cut or a new sign is delivered—it’s […]

After the housing crisis, Fannie Mae, Freddie Mac and the Federal Home Loan Banks were largely focused on credit and market risk. Now with an increasing awareness of cybersecurity, IT security, data, and operational risk, oversight of third-party providers has become increasingly important. So important, in fact, that the Federal Housing Finance Agency (FHFA) issued […]

Regulators have given financial institutions a green light for sharing Bank Secrecy Act (BSA) resources in some situations, but proper third-party vendor management practices and controls must be in place, according to a new interagency statement. The Federal Reserve, Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the […]

When properly constructed, a vendor management software solution is a tool that guides an institution through managing third and fourth-party vendor risk. It organizes existing processes and documentation while offering insights into improving vendor relationships and policies. It’s more than a storage center for contracts. It’s an expert system that uncovers insights into vendor agreements […]

The directive came from on high, and there is no escaping it: You are responsible for your institution’s vendor management process. You’ve seen the guidance. You know it’s a big job. But where to begin? Take a deep breath, let it out, and allow me to be your guide through the vendor management process. Vendor […]

If you’re assuming your third-party service provider is following cybersecurity best practices because it’s smart business, think again. Vendors are required to honor the terms of a contract and follow applicable regulatory guidance, but unless a contract clearly defines items like internal controls and incident response plans, you have no way of knowing how a […]

In a world where systems need to be able to communicate, many financial institutions are choosing to consolidate vendors, using a single third-party service provider with a variety of product and service offerings to limit redundancy, save money, and streamline integration. It’s a move that makes sense from a business and management perspective, but how […]