A clear and bold header

The Value of Using Cybersecurity to Improve Vendor Management | VendorInsight®

Posted by Rachel McKenzie on Oct 28, 2019 9:00:00 AM

A Risk-Based Approach to Cybersecurity Monitoring

While you may already be aware of the potential risks imposed on your organization through a failure at your third-party vendor, what are you doing to identify those risks and take actionable measures to protect yourself in real time?

Read More

Topics: Cybersecurity

The Dangers of BSA/AML and OFAC Risk | VendorInsight®

Posted by Rachel McKenzie on Oct 11, 2019 9:17:27 AM

A Risk-Based Approach to BSA/AML and OFAC Compliance 

How much do you know about your third-party vendors? Could your subcontractors be laundering money used to finance drug cartels, terrorist organizations or other illegal activities? It’s not as far-fetched as you might imagine. Without your knowledge, your bank or credit union may be non-compliant with requirements in the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML).

Read More

Topics: BSA/AML, OFAC Compliance

The Dangers of Hidden Contractual Language | VendorInsight®

Posted by Rachel McKenzie on Sep 3, 2019 8:40:02 AM

The Dangers of Hidden Contractual Language in Vendor Contracts

In the last decade, the Consumer Financial Protection Bureau (CFPB) has become more focused on protecting consumers from harm. This has resulted in increased scrutiny on Unfair, Deceptive or Abusive Acts or Practices (UDAAP).

UDAAPs are a key aspect of consumer compliance and continue to be a regulatory focal point. This regulation targets businesses that offer financial products or services to consumers.

Read More

Topics: Terms and Conditions

What SOC Report is Best for You? | VendorInsight®

Posted by Rachel McKenzie on Aug 19, 2019 1:02:51 PM

SOC 1, 2 or 3: What’s Best for You?

 Almost a decade after Service Organization Controls (SOC) were introduced, there is still confusion over the variety and contexts of SOC audits. On the surface there are three kinds of SOC reports, and within them two types.

If some critical or high-risk vendors provide a SOC 1 and others give you SOC 2 or even SOC 3, how can you know the difference? And how do you know when and why to use each one?

Read More

Topics: SOC Reports

Outsource Your Third-Party Risk Audit | VendorInsight®

Posted by Rachel McKenzie on Aug 2, 2019 11:18:45 AM

Why You Should Outsource

In today’s highly regulated environment, banks and financial institutions are held to increasingly strict standards when it comes to vendors. Not only are you liable for third-party business activities, but you are held responsible for their third-party vendors, as well.

Relying on a strong working relationship with third-party vendors isn’t enough. To protect your customers and company, you need to understand and assess risks related to your vendors.

Read More

Topics: Third-Party Risk Audits

Best Practices: Retrieving Data from Vendors | VendorInsight®

Posted by Rachel McKenzie on Jul 17, 2019 11:38:37 AM

Best Practices for Retrieving Data from Vendors After a Contract Termination

There are many reasons why a relationship with a third-party vendor could be terminated. In these circumstances, your vendor-stored data could be vulnerable.

The service requirements of the business often need to continue, but the risk is that data could be accessed by unauthorized users after contract termination. Another fear is that vendors may improperly dispose of documents that contain a customer’s confidential information, leaving that data at risk of being located and stolen.

Read More

Topics: Data Retrieval, Best Practices

VendorInsight®’s Approach to Healthcare VRM | VendorInsight®

Posted by Rachel McKenzie on Jul 1, 2019 2:54:31 PM

The Evolution of Healthcare Management

Risk management is drastically different today than it was 40-50 years ago. Back then, risk managers were mostly focused on clinical issues and minimizing damages due to the abundance of medical malpractice suits and professional liability claims.

Read More

Topics: Healthcare

Putting Trust in Third-Party Vendors | VendorInsight®

Posted by Rachel McKenzie on Jun 17, 2019 12:06:05 PM

How Much Should You Trust Your Third-Party Vendors?

eSentire recently conducted an online survey of 600 information technology and security decision makers across the globe. These leaders have purchase influence over security solutions and familiarity with third-party risk. While the survey intended to quantify market concerns about third-party risk, determine top challenges and identify potential areas of vulnerability, there was an unexpected takeaway.

Read More

Topics: Vendor Monitoring

Red Flags within Your Vendor’s BCP | VendorInsight®

Posted by Rachel McKenzie on Jun 3, 2019 11:14:38 AM

Red Flags within Your Vendor’s Business Continuity Plan

Significant events, including natural disasters and massive cybersecurity breaches, will not only impact your vendor’s operations, but yours as well. Your data could be lost, your processes can be slowed or stalled, and your reputation could be hurt. To protect your organization and stay proactive, you need to understand a vendor’s Business Continuity Planning (BCP) and Disaster Recovery (DR), their processes of creating systems of prevention and recovery to deal with potential threats.

To do so, your organization should be reviewing the vendor’s BCP annually as part of your ongoing monitoring after you’ve selected and contracted with them, to determine if there are any concerning red flags. But what would be considered a red flag?

Read More

Topics: vendor reviews, Cybersecurity, Business Continuity, BCP, Experts, RTO, RPO, Business Continuity Plans, Recovery, Breaches, Disaster Recovery

Handling Problematic Vendors | VendorInsight®

Posted by Rachel McKenzie on May 17, 2019 9:22:05 AM

How to Handle Problematic Third-Party Vendors

Many companies rely heavily on third-party vendors to help meet both contractual obligations and consumer demand. With such business relationships, however, comes the potential for disruptive natural and human-made events risks.

Even the most reliable vendors can suddenly and unexpectedly perform poorly, causing a previously healthy and mutually beneficial relationship to head south. When faced with such a dilemma, what can be done to fix a problematic vendor’s performance? And at what point is the decision made to terminate a relationship with a vendor?

Read More

Topics: Third-Parties, monitoring, vendor performance reviews, Risks, Reputation, penalities, brand, suppliers, SLA, Problematic Vendors

What Vendor Oversight You Should be Performing | VendorInsight®

Posted by Rachel McKenzie on May 10, 2019 10:21:32 AM

How Much Vendor Oversight Should Your Company be Performing?

It’s a common practice for enterprises to conduct due diligence on any prospective third-party vendor. But why do so many organizations fail to regularly evaluate their existing vendors?

A poorly managed vendor oversight program can be a point of pain for any institution hoping to function smoothly and efficiently. Without a consistent program for managing vendor risk, banks and financial institutions, in particular, face non-compliance with government regulations. This can not only pose financial risks but can also diminish a company’s reputation. 

Read More

Topics: Third-Parties, vendor risk management, risk alerts, compliance, Audits, vendor, oversight, regulation, monitoring, regulators, vendor performance reviews

Tracking 4th Party Vendors | VendorInsight®

Posted by Rachel McKenzie on Apr 19, 2019 8:21:48 AM

The Importance of Fourth-Party Vendor Tracking

Third-party vendor breaches are on the rise, but what about fourth-party risk? A fourth party is a subcontractor to your vendor, someone your vendor relies on or subcontracts to. The effectiveness of your vendor and the risk to you increasingly depends on fourth parties as your vendors outsource and subcontract critical activities. 

They go by a lot of names, including providers and strategic partners, and can provide bill pay, mobile banking, core processing, legal or other services.

Read More

Topics: fourth party, risk management, vendors, subcontractor

VendorInsight® Performs On-Site Vendor Visits | VendorInsight®

Posted by Rachel McKenzie on Apr 5, 2019 9:01:15 AM

Let VendorInsight® Perform Your On-Site Vendor Visits

Vendors are increasingly important for banks as they can perform consulting, process transactions, reduce costs and implement controls, all while directing your focus to core business functions and objectives. How many of your bank’s products depend on multiple vendors? How many of your vendors are managing your customers’ private data? For these reasons, regulators have been demanding that banks keep closer tabs on their relationships with third-party vendors.

Read More

Topics: Collaboration, SaaS, VendorInsight, On-site Visit

The Hassle of Hiring a Vendor Manager | VendorInsight®

Posted by Rachel McKenzie on Mar 22, 2019 8:57:20 AM

Is Hiring a Vendor Manager Worth the Hassle? 

Whether managing risk in one department or throughout the enterprise, analyzing and selecting the best vendor at the right price, delivered in a timely fashion, is a critical part of the risk management process.

That’s where vendor managers come in. A vendor manager facilitates the relationship between their business and its vendors while meeting contractual obligations and compliance.

Read More

Topics: vendor management outsourcing, SaaS, Vendor Manager, VendorInsight, Lower Costs

Delivering VRM Solutions | VendorInsight®

Posted by Rachel McKenzie on Mar 13, 2019 11:47:53 AM

Delivering Vendor Risk Management Solutions

In this current economic climate, risk management is more important than ever. Companies only beginning to develop risk management programs haven’t yet realized the potential benefits of a structured solution for managing vendors. This includes reducing costs and risks while creating a competitive advantage against organizations who aren’t managing their risk.

Read More

Topics: vendor risk management, Cybersecurity, board members, risk assessment, Transparency, Automation, Collaboration, Return on Investment, Stability, Scalability, C-Suite

3 Ways to Create a Competitive Advantage with Vendor Management Automation

Posted by Rachel McKenzie on Aug 30, 2018 10:04:51 AM

Organizations often have very few employees working in vendor management, leading to heavy workloads. Manually tracking, monitoring, and reviewing vendors assumes vast amounts of time and resources. About half of financial organizations do not utilize an automated vendor management platform for tracking and assessing vendors. Adopting an automated vendor management system not only allows organizations to become proactive while easily staying on top of due diligence, but also delivers insight into the effectiveness of your compliance strategy.

Read More

Topics: outsourced vendor management

VendorInsider Blog

Insight into Vendor Management Best Practices, Challenges, Solutions and Trends from Industry Insiders

As one of the longest running and most advanced vendor management software solutions, the helpful people of VendorInsight® have a unique perspective on third-party risk, compliance and management.  In the VendorInsider Blog, we share our insights on timely and relevant issues facing vendor managers.  You can subscribe using the button below, or contact us with questions.

Subscribe to Our Blog

Recent Posts

Posts by Topic

see all