While you may already be aware of the potential risks imposed on your organization through a failure at your third-party vendor, what are you doing to identify those risks and take actionable measures to protect yourself in real time?
Topics: Cybersecurity
How much do you know about your third-party vendors? Could your subcontractors be laundering money used to finance drug cartels, terrorist organizations or other illegal activities? It’s not as far-fetched as you might imagine. Without your knowledge, your bank or credit union may be non-compliant with requirements in the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML).
Topics: BSA/AML, OFAC Compliance
In the last decade, the Consumer Financial Protection Bureau (CFPB) has become more focused on protecting consumers from harm. This has resulted in increased scrutiny on Unfair, Deceptive or Abusive Acts or Practices (UDAAP).
UDAAPs are a key aspect of consumer compliance and continue to be a regulatory focal point. This regulation targets businesses that offer financial products or services to consumers.
Topics: Terms and Conditions
Almost a decade after Service Organization Controls (SOC) were introduced, there is still confusion over the variety and contexts of SOC audits. On the surface there are three kinds of SOC reports, and within them two types.
If some critical or high-risk vendors provide a SOC 1 and others give you SOC 2 or even SOC 3, how can you know the difference? And how do you know when and why to use each one?
Topics: SOC Reports
In today’s highly regulated environment, banks and financial institutions are held to increasingly strict standards when it comes to vendors. Not only are you liable for third-party business activities, but you are held responsible for their third-party vendors, as well.
Relying on a strong working relationship with third-party vendors isn’t enough. To protect your customers and company, you need to understand and assess risks related to your vendors.
Topics: Third-Party Risk Audits
There are many reasons why a relationship with a third-party vendor could be terminated. In these circumstances, your vendor-stored data could be vulnerable.
The service requirements of the business often need to continue, but the risk is that data could be accessed by unauthorized users after contract termination. Another fear is that vendors may improperly dispose of documents that contain a customer’s confidential information, leaving that data at risk of being located and stolen.
Topics: Data Retrieval, Best Practices
Risk management is drastically different today than it was 40-50 years ago. Back then, risk managers were mostly focused on clinical issues and minimizing damages due to the abundance of medical malpractice suits and professional liability claims.
Topics: Healthcare
eSentire recently conducted an online survey of 600 information technology and security decision makers across the globe. These leaders have purchase influence over security solutions and familiarity with third-party risk. While the survey intended to quantify market concerns about third-party risk, determine top challenges and identify potential areas of vulnerability, there was an unexpected takeaway.
Topics: Vendor Monitoring
Significant events, including natural disasters and massive cybersecurity breaches, will not only impact your vendor’s operations, but yours as well. Your data could be lost, your processes can be slowed or stalled, and your reputation could be hurt. To protect your organization and stay proactive, you need to understand a vendor’s Business Continuity Planning (BCP) and Disaster Recovery (DR), their processes of creating systems of prevention and recovery to deal with potential threats.
To do so, your organization should be reviewing the vendor’s BCP annually as part of your ongoing monitoring after you’ve selected and contracted with them, to determine if there are any concerning red flags. But what would be considered a red flag?
Topics: vendor reviews, Cybersecurity, Business Continuity, BCP, Experts, RTO, RPO, Business Continuity Plans, Recovery, Breaches, Disaster Recovery
Many companies rely heavily on third-party vendors to help meet both contractual obligations and consumer demand. With such business relationships, however, comes the potential for disruptive natural and human-made events risks.
Even the most reliable vendors can suddenly and unexpectedly perform poorly, causing a previously healthy and mutually beneficial relationship to head south. When faced with such a dilemma, what can be done to fix a problematic vendor’s performance? And at what point is the decision made to terminate a relationship with a vendor?
Topics: Third-Parties, monitoring, vendor performance reviews, Risks, Reputation, penalities, brand, suppliers, SLA, Problematic Vendors
It’s a common practice for enterprises to conduct due diligence on any prospective third-party vendor. But why do so many organizations fail to regularly evaluate their existing vendors?
A poorly managed vendor oversight program can be a point of pain for any institution hoping to function smoothly and efficiently. Without a consistent program for managing vendor risk, banks and financial institutions, in particular, face non-compliance with government regulations. This can not only pose financial risks but can also diminish a company’s reputation.
Topics: Third-Parties, vendor risk management, risk alerts, compliance, Audits, vendor, oversight, regulation, monitoring, regulators, vendor performance reviews
Third-party vendor breaches are on the rise, but what about fourth-party risk? A fourth party is a subcontractor to your vendor, someone your vendor relies on or subcontracts to. The effectiveness of your vendor and the risk to you increasingly depends on fourth parties as your vendors outsource and subcontract critical activities.
They go by a lot of names, including providers and strategic partners, and can provide bill pay, mobile banking, core processing, legal or other services.
Topics: fourth party, risk management, vendors, subcontractor
Vendors are increasingly important for banks as they can perform consulting, process transactions, reduce costs and implement controls, all while directing your focus to core business functions and objectives. How many of your bank’s products depend on multiple vendors? How many of your vendors are managing your customers’ private data? For these reasons, regulators have been demanding that banks keep closer tabs on their relationships with third-party vendors.
Topics: Collaboration, SaaS, VendorInsight, On-site Visit
Whether managing risk in one department or throughout the enterprise, analyzing and selecting the best vendor at the right price, delivered in a timely fashion, is a critical part of the risk management process.
That’s where vendor managers come in. A vendor manager facilitates the relationship between their business and its vendors while meeting contractual obligations and compliance.
Topics: vendor management outsourcing, SaaS, Vendor Manager, VendorInsight, Lower Costs
In this current economic climate, risk management is more important than ever. Companies only beginning to develop risk management programs haven’t yet realized the potential benefits of a structured solution for managing vendors. This includes reducing costs and risks while creating a competitive advantage against organizations who aren’t managing their risk.
Topics: vendor risk management, Cybersecurity, board members, risk assessment, Transparency, Automation, Collaboration, Return on Investment, Stability, Scalability, C-Suite
Organizations often have very few employees working in vendor management, leading to heavy workloads. Manually tracking, monitoring, and reviewing vendors assumes vast amounts of time and resources. About half of financial organizations do not utilize an automated vendor management platform for tracking and assessing vendors. Adopting an automated vendor management system not only allows organizations to become proactive while easily staying on top of due diligence, but also delivers insight into the effectiveness of your compliance strategy.
Topics: outsourced vendor management
|
