As we’ve mentioned before, one of the challenging issues in third party risk management is staying up-to-date on news and changes occurring in the financial services regulatory world. It’s [...]
As we’ve mentioned before, one of the challenging issues in third party risk management is staying up-to-date on news and changes occurring in the financial services regulatory world. It’s [...]
The CFPB recently announced that it has entered into a consent order with Fay Servicing, LLC (“Fay”) to settle alleged mortgage servicing violations. A copy of the consent order can be found here
The examiner is coming, the examiner is coming!
DON'T PANIC! Seriously, there’s no need if you’re running a well-managed program. Let’s go through some of the key things you’ll want to do to plan [...]
The responsibility given to a vendor management department may vary across institutions. In some instances, the vendor management team may even have a voice when it comes to vendor selection and [...]
We previously reported on the Executive Order 13772 titled “Core Principles for Regulating the United States Financial System,” which is a high-level policy statement consisting of a series of [...]
Vendor ongoing monitoring is required by all of the major regulators as a fundamental practice in third party risk management. So, why is it often overlooked? What happens if you fail to monitor [...]
Extra extra! Read all about it! Last week, the Office of the Comptroller of the Currency issued Bulletin 2017-21 –Frequently Asked Questions to Supplement OCC Bulletin 2013-29.
We thought it might [...]
The federal banking agencies together with the National Credit Union Administration (the “Agencies”) issued an Interagency Advisory on the Availability of Appraisers that is intended to help [...]
In the CFPB May release (Issue 15), the Consumer Financial Protection Bureau referenced updated guidance on third party oversight initiatives. We'll go through what it says, what it means and next [...]
Today, companies merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to [...]
In the story, “The Purloined Letter” by Edgar Allan Poe, one of the key themes was thatthe most obvious things are often hidden in plain sight – we just manage not to see them. The same is true of
You did your due diligence on your vendor, you're going about your day to day duties, and suddenly you're notified that your software vendor is being acquired by another. Today, companies merge [...]
During our recent three day Vendor Management Bootcamp we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live sessions, so we have worked with the [...]
During our recent three day Vendor Management Bootcamp, we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live sessions, so we have worked with the [...]
As you may already know, I’m a cyclist. So, typically, I log a few miles every morning before work, amuse the neighbors by posting pictures of my ride on Facebook and generally enjoy rolling along [...]
Earlier this year, Fannie Mae released their long-awaited Day 1 Certainty program. For the mortgage lender,this represented a glimmer of hope to be released from certain future reps and warranty [...]
DocuSign has confirmed that a data breach resulted in widespread malware phishing attacks targeting email addresses of more than 100 million of its customers. Companies that utilize DocuSign as a [...]
If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through [...]
It can be tempting to cut corners when handling third party risk management at your institution.
When I was a few years younger, I used to love to race in criterium style races… for those of you [...]
I was chatting recently with a colleague of mine and realized that depending on your role, you could have different opinions regarding the goal of third party risk management.
A vendor's criticality and risk rating are two different things, but they often get used interchangeably. We'll clarify them more for you to better understand.
With it being the first week of May, there's an important reminder to point out to the financial industry regarding SOC reports for vendor management. As of Mon, May 1, SSAE 18 is now in effect.
Enforcement action – for anyone involved in risk management, that term can give you an upset stomach. Why? An enforcement action typically means large problems and potentially hefty fines. They [...]
The Appraisal Management Company (AMC) is a vendor which plays a vital role in the loan origination process. Regardless if your organization is a bank, non-bank, credit union or other type of [...]
There's a question I get asked often - "Why must I risk rate EVERY one of my vendors?" Many times at conferences and in follow up to webinars, this is a popular question, because I think it drives [...]
One of the real regulatory hot buttons over the past few years is around UDAAP – Unfair, Deceptive, or Abusive Acts, or Practices. There have been numerous UDAAP violations with some pretty [...]
CFPB exams for the non-bank lender have matured in recent years. The scope of the examination process has expanded to include a much more thorough review of vendor oversight.
The OCC came out with new guidance on January 24, 2017 - they published the supplemental examination guide for third party risk management, titled OCC Bulletin 2017-7. So, if you’re at a credit [...]
A topic we hear a lot at industry conferences and webinars is the maturity of your vendor management program. What exactly does this mean? Let's go through that now...
Quality control audit firms play an important role in the review function of loan files. This requirement is performed at the pre-funding and post funding stage of the loan origination process. [...]
If you don’t read anything else this week on vendor management, read this! Recent studies by Protiviti and Crowe Horwath show that vendor risk management maturity has improved significantly, but [...]
On March 13, 2017, as the East Coast of the US was awaiting the latest snowpocalypse or snowmageddon, really big news broke related to vendor management – D+H was acquired and will be merged with [...]
March 2nd, the CFPB issued Supervisory Highlights Consumer Reporting Special Edition (Issue 14), Winter 2017. For those who have had a less than perfect experience when interacting with a consumer [...]
We had SAS 70, then SSAE 16...now SSAE 18 will be making an entrance in May of this year. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your [...]
For the non-bank lender, the process of vendor oversight begins prior to establishing an annual audit schedule. And like any good process, it begins well at the beginning - the contract. [...]
How are financial institutions handling vendor management for 2017? After surveying over one hundred people, we have good and bad news to share, data to back it up and how to make the bad news [...]
There are times when even the best of relationships fall apart. But, there's also usually plenty of early warning signs. So, let's look at a few of them related to your vendors – these are just a [...]
On Tuesday, January 24, 2017, the Office of the Comptroller of the Currency issued new regulation - Bulletin 2017-7. It's supplemental guidance on the approach examiners must take when reviewing [...]
Banks, credit unions and non-bank lenders have all been audited in some fashion by state or federal regulators during their lifetime. In recent years, the CFPB (Consumer Financial Protection [...]
How often do you check your oil in your car? The air pressure in your tires? Do you take your car in for routine maintenance? Or do you ignore everything until a warning light appears on the [...]
You should prepare for an exam before you're officially given notice of it. There are items to have ready ideally 3 or 4 months before any potential exam window.
Whether reviewing a new critical vendor contract or negotiating new terms and conditions of an existing one, there are many elements you need to consider.
With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.
I was recently at a [...]
I anticipate that there will be quite a few changes looming in the new year - 2017. Some examples include change of Dodd-Frank, increased pro-bank feel, change of examination cycle and [...]
Throughout the year we have created lots of infographics, ebooks, guides and more to help you and your peers with vendor management. Your peers have found these resources to be the most valuable [...]
2016 – the year of third party risk and cybersecurity. As 2016 winds down, we should look back and think about what we’ve seen this year. There have been many extraordinary events in the world of [...]
I was recently asked what a MRA is and what it really means. Well, if you’re a compliance officer at a financial institution, that acronym is enough to send a shiver down your spine.
Just as the leaves changing or the geese migrating herald the change of seasons, things change for companies as well. And, if those companies are a critical third party of yours, you need to be [...]
If you’re a senior manager or a member of a board of a financial institution, you must be directly involved in many things, including vendor management. If there was any doubt about that, the OCC [...]
While I may not be entirely thankful for the heightened state of today’s regulatory environment, I am thankful that we live in a time of innovation and, therefore, have helpful tools to assist in [...]
Reporting to senior management and/or the board is not just a good practice; it’s actually a requirement of regulatory guidance. So, what should you prepare in terms of a report?
The simple answer is “yes”. If they fall within the scope of your third party risk management program – and remember, your scope should be well documented on who is included and, just as [...]
Here's a classic dilemma – what happens when a vendor simply won’t give you the documents you need to complete due diligence? Do you stand up and walk out on them? Usually not... but you do need [...]
Vendor management doesn't always go smoothly, and sometimes can get quite frightening. In the spirit of Halloween, check out these 17 vendor management horror stories followed by ways to stop or [...]
We have exciting news! Have you heard? Yesterday, we launched our new educational video series - Third Party Thursdays. Every Thursday, we will post a new video that will focus on a different area [...]
As tiring as it may sound, training is still the most important risk mitigation factor in reducing the number of insider threats. Insider threats originate either through the vulnerability of [...]
One of the most important and challenging parts of working in risk management is staying out of the news – that’s always a good goal, not to be in the news in a negative way. But equally [...]
You’re getting ready to do business with a huge industry leader. Why, there’s no need to try to do the usual due diligence, is there? They have to be safe.
I mean, they’re never going to give us [...]
You’ve probably updated your organization chart for your bank or credit union's compliance and third party risk management teams. You’ve likely had to explain it to Human Resources or go to senior [...]
Anyone who knows me knows I have a few obsessions – I’m cyclelogically obsessed with my bicycle and I am an absolute NASA-nut (thanks to Twitter and NASA Social for taking me to some really great [...]
On Aug 22, 2016, the FDIC released the Summer edition of its Supervisory Insights Journal. Okay, officially, it was FDIC Financial Institution Letter 57-2016, but that’s too much of a mouthful, so [...]
Unfortunately, there’s no magical solution to getting your staff up to speed and keeping them there. There’s no handbook or vendor management Bible, and even the best guidance only gets somewhat [...]
We were recently asked if there is a certain size threshold at which an institution should or should not consider outsourcing. The discussion led to a lot of thoughts – but when it came down to [...]
No serious cyclist would ever dream of riding their bicycle without wearing a helmet. Personally, having been hit by a car twice while cycling, I probably should wear a helmet every time I talk [...]
I was very fortunate when I worked in a bank; I generally always got the support and investment that I needed to run a third party risk management program.
Talking to my colleagues throughout the [...]
Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!
What in the world is a fourth party [...]
It does seem counter-intuitive, I suppose. You're all excited about signing up this great new provider who is going to help solve [...]
You’re excited to be working with a terrific new vendor. Let's go through the process.
You’ve done your due diligence, written a thorough risk assessment, gotten it approved by your risk committee [...]
There is always the natural tension between wanting to get to market with a good idea or new service provider and the need to do your homework and make sure the [...]
Okay, I’ll admit it – there are always certain companies that I admire and are my favorites to do business with.
I won’t name names, but as you read this, hopefully you can identify ones of your [...]
Of all of the areas of third party risk management, perhaps the most difficult is handling contracts effectively. Whether it’s negotiating, tracking or simply finding all of them, contracts can be [...]
Anywhere your company is spending money for a product or service, well, that’s a vendor of some sort. As part of your vendor management, you need to start by knowing who exactly your vendors are.
Due diligence should always be risk-based and tailored to the appropriate risks represented by the third party relationship. Lots of the items collected [...]
Since Prince’s passing, the lyrics to his song “1999” kept coming to mind, which then triggered me to think about how vendor management has changed from then to now.
You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data.
A little over ten years ago, I was leaving MBNA America following an acquisition by Bank of America.
I really hadn’t searched for a job in nearly 20 years, so I wasn’t quite sure where to start.
Using Excel for your vendor management can make the data cumbersome for you to manage and difficult for your examiner to read. So why are you still using those spreadsheets?
It's time to move on! [...]
Vendor management has been around for years. Having a firm grasp on the companies with whom you are doing business is not new, but the regulatory expectations continue to evolve and grow.
Just when you thought you had your arms around your vendor management program, auditors and examiners have been inquiring about your “vendor’s vendors”.
It’s understandably perplexing to figure [...]
Happy New Year! Our team has got vendor management covered for 2016, we'll be releasing new helpful content to the industry every week.
Vendor management can be difficult. Throughout 2015 we were curious what specific challenges banks were facing, so... we asked. Here's a list of what banks especially struggled with this year. [...]
It's no secret that with vendor management, comes many challenges. Throughout the year we asked credit unions specifically what those challenges were for them. Here's a recap of what those credit [...]
We've yet to come across a financial institution that does not have a vendor, and vendors of course means vendor management.
So, in the spirit of Thanksgiving, we decided to put together a fun [...]
Credit unions and banks face many challenges specifically with vendor management. To make sure we keep up with what those pain points are, we continually ask financial institutions' employees to [...]
While talking to a prospect recently, he shared a comment that his examiner made from a recent exam. It went something like this:
“You need to put away the manual spreadsheets and look into a [...]
Chances are you would not only like someone to help you get the work done but also help you raise your vendor management game. Will they further your vendor management education? Are your [...]
The job is big, you know you have to do it, there’s not enough of you to go around and the examiners will be there soon. What’s the answer?
As you are well aware, Vendor Management at your bank or credit union is not an optional activity.
In review, a SOC 1 report reviews financial and audit controls of a vendor. Basically a SOC 1 tells you if your vendor manages their books well (or not). But is it the right report for you? Does [...]
While you can use other reports for financial analysis, the 10-K is highly recommended to review the financial, legal and risk information about your vendor. The 10-K is formatted identically for [...]
Your vendor should be guarding against intrusion into the systems network from the outside and conducting regular penetration testing through a qualified credible resource.
You should insure that [...]
Let’s start with a basic description of a SOC 1 report. A SOC 1 describes the system of internal controls in place at a service organization regarding internal controls over financial reporting. [...]
This interview is part of an ongoing series where 2ONE6 International speaks with various FinTech providers as well as financial institutions that choose to partner with the innovators in this [...]
If you’re a bank or credit union then you likely already understand that you should be asking many of your vendors for a SOC report, especially your critical or high risk vendors.
Have you [...]
Should you discover that your bank or credit union vendor's income and financial performance is declining, there are some unintended consequences you need to look out for.
At Venminder we get this question alot. So, here are a few areas that you need to look at first before coming to that conclusion.
As you review your vendors financial health, here are 4 tips to an accurate vendor financial performance assessment.
Vendor management has many challenges, but what are your peers saying is their biggest challenge?
We asked a group of financial professionals just what their biggest vendor management challenge is [...]
Here are 5 simple tips for contract management at your financial institution to help you find that pot of gold:
Vendor management can be an arduous, time consuming process. Most banks know their critical vendors. However, they are typically missing the proper tools and/or knowledge to accurately document [...]
Contrary to popular belief, you cannot just pick up your Core and IT service contracts a few months before expiration and hope to get it restructured in a way that is favorable to the franchise.
Fresh off of a 5 week speaking junket, through Austin, Vegas, Naples, Phoenix and Honolulu, I have learned a lot about what is NOT being discussed amongst bankers when it comes to M&A.
I sat [...]
In October we highlighted a clear and present danger resulting from the further consolidation of the Core IT vendors. Fewer vendors exist than ever before and the impact to your service level, [...]
Trekkie fans will understand the reference to the BORG and what it feels like when you don’t have many choices. The assimilated Captain Picard provides this famous line, “…from this time forward [...]
Many organizations are initially reluctant to explore the concept of utilizing external service providers to perform critical business functions out of fear of “losing control” of the process.
A recent poll of 10,000+ CEOs and CFOs uncovered a very interesting result: The majority agreed they would participate in M&A in some way however, very few sheepishly admitted (3%) to wanting to [...]
The past couple of decades have been focused heavily on rolling out technology to allow banking customers to self-serve. If you’re like most institutions, your implementations involved multiple [...]
As I talk to financial institution management I find that most adopt my old habit of quick not great. The amount of time most vendor managers spend on their annual reviews of critical vendors is [...]
We all have seen the unbelievable risk matrices supplied by our auditors and hinted at by the FFIEC. These guides are all well-intentioned but have the effect of turning a good business practice [...]
ATM and Debit Cards. At one point the relationship was new and you focused all your attention on glossy brochures, preventing fraud and increasing transactions.
But then internet banking, and [...]
Finally, a vendor risk management topic on which most vendor managers feel they do well. After all, you tell the vendor what you expect and they agree. How hard can that be? Not hard at all if [...]