The creation and issuance of vendor management regulatory guidance takes quite a while – the process from start to finish can take months or even years. Meanwhile, the evolution of mobile technology seems to sprint ahead at an amazing pace.
Interpreting the new products and services in the context of outdated guidance makes a very difficult situation for vendor compliance, legal and third party risk management.
The 4 Steps to Take to Stay Current
When the guidance lags far behind the new technology, what are some prudent steps to take?
- Stick to the pillars. While guidance may be outdated, there is great value in going back to basics and looking at how best to apply the fundamental pillars of third party risk management. Granted, it can be very difficult to figure out how best to do due diligence or properly assess risk on a product or company with very little history, but working to understand it as best possible is a prudent step. In my past experience, we would often call together meetings to figure out what best to ask and what documentation to expect for each of our vendors.
- Read the news. Look for industry articles on the experiences of others. Perhaps this is an area where the internet and social media can be a huge help – you can find a great deal of timely information and articles. Even Twitter can help in some cases, though take it with an appropriate amount of caution.
- Network. Reach out to industry experts for advice and guidance – what are they seeing and what are they concerned with?
- Write everything down. As with anything else, document it well. Write down the basis of your analysis, where you looked for answers, with whom you consulted and what conclusions you reached.
While the regulations certainly lag behind technology, there are places where some regulations have been updated. Witness the regulatory guidance issued recently by the OCC suggesting that marketplace lenders and financial market utilities be included in third party programs, and the FFIEC appendices E and J on both mobile banking and considering new types of services.
Keeping up with the latest and greatest is a real challenge. Use your best judgment and rely on the tried and true – good analysis and thorough documentation can help to dissect new solutions. For more information on the current state of vendor management, download our free whitepaper.