While you're enjoying your chocolate from Valentine's Day, there were some big headlines in vendor risk management. Topics include: Wells Fargo outage, NAFCU's letter to CFPB, Mortgage fintech [...]

The first full week of February contained big news, including UDAAP, CARD Act and Equifax as the main headlines. It's been an interesting week! 

The due diligence you collect on a vendor is only as good as the analysis performed. Due diligence is one of the most critical activities in third party risk management because let’s face it, your [...]

There was a lot of news this week! Topics include: a lengthy report by Wells on how it will make amends and respond to consumer complaints, two large CFPB enforcement actions, discussion of [...]

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

This was a short week and although there is less industry news this week, what news there is still is significant. Read for more details below!

This week features some fun stuff – continued sparring over how to regulate fintech’s, the best banks in US and news on last year’s major data breach at Marriott. Read for more details below!

2018 did not deliver the highly anticipated sweeping regulatory reform – sure, it nibbled at the edges with a break in the exam cycle for well-managed organizations under $3 billion and changes [...]

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

An interesting week – CFPB news, UDAAP enforcement action, huge money laundering scandal, and an NCUA update…This week’s edition of the news has something for everyone.

 If you’re like us, then you’ve probably set some resolutions for yourself in the new year.

So this week, we heard from the new head of the CFPB, got an instructional video from the FDIC, have new workshops from the OCC, learned about a new Wells Fargo settlement and even get a little [...]

Even though it was a busy holiday week for most, there was still a fair amount of news for third party risk. In case you missed it, this week included the release of the worst passwords of the [...]

With it being the last week left in 2018, majority of your focus may already be planning for the new year. Before this year wraps up, you can still build a better foundation for third party risk [...]

This was another busy week for vendor risk management in the news! This week there was regulators being told to play nice, UDAP actions, AML actions, BCFP returning to its acronym of CFPB, OFAC [...]

2018 has been a quiet year from an enforcement perspective, particularly as it relates to third party risk management. However, there has been changes in leadership at all of the major national [...]

There are weeks that make you want to run for cover… this was one of those weeks!  News on every possible angle – new CFPB director, Equifax fall out and just tons of other news. Read for more [...]

Having an effective strategy for vendor risk management is critical to protect your organization and your customers. Continuing to make improvements to your existing policy, program and procedures [...]

There was so much news this week, I don’t even know where to start – the massive Marriott data breach, the CFPB Ombudsman’s report, the political controversy swirling at the CFPB (as well as its [...]

Do you have vendors that you’d categorize as naughty around this time of year? Don’t worry, we’ll cover ways to handle them.

At first glance, it looks like a sparse news week, but then when you look more closely, there’s a lot here – Deputy Fed Chair Quarles taking over a global regulatory function, a major UDAAP [...]

Ready to grow or expand your vendor risk management function? Do you know what to think about when scaling your program? There are a number of factors to consider. Let’s go through them.

A vendor risk assessment should be performed on a third party vendor in order to properly assess and determine the risk posed to your organization. This should be done during both the vendor [...]

Check out the articles we deemed important for this week from the world of third party risk management. Articles mention FDIC, SEC, exam consistency and more. Read below. 

Stay updated in the world of third party risk management by reading some articles that we recommend. Topics this week include more on enforcement actions, risk management and compliance, [...]

In the second and third quarters of 2018, several of the major financial services regulators issued an interim final rule extending the examination cycle for well-managed institutions from 12 [...]

We’ve had a little bit of everything as far as third party risk news this week – from new FFIEC information, cyber issues and, oh yes, an election causing gridlock. Read those articles and more [...]

There has been lots of news this week – none bigger than the announcement that the FTC is going to open its complaints database to the public, much as the CFPB has done. That is not just big news, [...]

This was an eventful news week in the world of regulatory risk. On our headlines, I’ve captured only two of the fines that were levied this week, but there were several others of smaller note. In [...]

Last year, I spoke at a conference and, as I wrapped up, a member of the audience approached me and shared that he thought if he is doing well with complying to FDIC guidance, he shouldn’t need to [...]

A vendor management policy is a document that informs senior management and the board about the activities provided in the vendor management program. A well-written vendor management policy is the [...]

We've selected some insightful stories below related to third party risk management that we found interesting from this past week. Biggest news this week is CFPB claims it will define “A” for [...]

We've selected some top stories below related to third party risk management that we found interesting from this past week. There’s more on cybersecurity, fines, data breaches and more.

Recently, as part of our Venminder Thought Leadership series, I had the opportunity to speak with Mike Morris at Porter Keadle Moore (PKM). In this series we speak with the industry’s sought-after [...]

Read some top stories below related to third party risk management that we found interesting from this past week. There’s news on cybersecurity, words from the new FDIC director and even a cartoon [...]

This past week in the world of third party risk there have been interesting stories on a SEC enforcement action related to lack of cybersecurity preparedness, the OCC’s 2019 supervisory plans, [...]

Choosing a partner to help with your vendor risk management program is an important consideration and one that requires planning, research and effort. While companies say they’re the perfect [...]

Summer is officially over, and the leaves are changing for fall. But the leaves aren't the only thing changing right now - more and more fintechs are moving to Atlanta and making it their home, NY [...]

I often think of an internal audit as a helpful check-up – it's a great time to find areas that may be problematic before they become a big problem. Having had some very favorable internal audits [...]

With Hurricane Florence rolling through the U.S. this week, we're reminded to check in on ours and our vendor's disaster recovery plans. From everyone here at Venminder, we hope you're all staying [...]

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

We've put together the latest news on vendor risk management to keep you in the know. 

The Fed focuses on UDAP, you might see a new set of cybersecurity standards in the near future, US Treasury [...]

As a manager at a large organization, you rely on the efforts of an entire team of people. Since the financial crisis a decade ago, one thing has become abundantly clear from the regulators’ [...]

This week in third party risk related news: Chase Bank hit with downgrade as a result of improper third party risk management, cybersecurity remains a topic of focus, working with fintech [...]

Let’s face it – a very difficult part of vendor risk management, particularly in mid-sized organizations, is usually the vendor contract management process. Why exactly is that? Well, unless you [...]

An update on the OCC fintech charter, the latest in regtech, Merrill Lynch pays $8.9 million fine in SEC action with major third party implications, ECOA on third parties and more! Read below for [...]

Creating an effective third party risk management program takes a lot of work. There are a few critical elements to making certain your practices are robust and sustainable. Let’s look at 10 that [...]

The Securities and Exchange Commission, or SEC, oversees securities transactions, financial professional activity, mutual funds and more to protect investors, prevent fraud and deception and [...]

New enforcement actions and continued analysis of the CFPB changes and the fintech charter dominate this week’s headlines - read these stories and more below for this week's third party risk [...]

Outsourcing a product or service comes with a price tag. Whether you think of it as an expense or simply the cost of compliance, you may often find that the work of outsourcing, while falling in a [...]

This week's vendor management industry news includes analysis of the new fintech charter (some vastly different viewpoints), an article that reminds us that third party risk is not just a [...]

A great deal of news recently has followed the various congressional initiatives to “roll back” portions of the Dodd-Frank Act. In the latter portion of the second quarter, a bill passed and was [...]

As part of our Venminder Thought Leadership Series interview where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, [...]

This week in third party risk news, there have been a number of mishaps that seemingly could have been avoided with proper vendor risk management. Read below for notable lessons on verifying your [...]

I confess that I love to read the news. It’s a practice I learned early on at MBNA America. One of our executives, long before the days of internet news feeds and automated alerts, made a practice [...]

WIth a history of risk management failures, Wells Fargo can add another oops to the list - Wells is refunding "tens of millions” of dollars to customers for incorrect account charges. Read the [...]

Ever since the creation of the Consumer Financial Protection Bureau (CFPB), Unfair Deceptive or Abusive Acts or Practices (UDAAP) has become a very hot issue in regulatory enforcement. Many have [...]

Ongoing monitoring is one of the pillars of an effective vendor risk management process. All of the major regulatory guidance directs organizations to conduct ongoing monitoring on their vendors, [...]

In this week's third party risk related news, we've noticed that the need for a robust third party risk management program to combat cyber, financial, operational and reputational risks is still [...]

I'm often asked what sort of things a third party risk or compliance manager might be asked to have ready for an examination that's going to touch on third party risk management. Well, there's [...]

Check out this week's recommended vendor management related news articles. They include updates on PCI issues, more maneuverings at the CFPB, California and New York both weighing in on regulatory [...]

I’m often asked to discuss what comprises an effective vendor management program. While there are numerous things to consider, below I've listed 14 of the most important elements.

Vendor risk management (or third party risk management) is defined as a set of activities associated with identifying the risk posed with outsourcing a product or service and then taking all [...]

It seems that we can't go a week without mentioning another major NPPI breach, changes in enforcement actions or issues with regulatory compliance - and that's the case for the week of July 2 as [...]

We've talked a bit about the classic three lines of defense approach to compliance and risk management. It's an important concept in which the series of walls protect your organization, starting [...]

The need for vendor risk management best practices is at the forefront of the news this week - 60% of industry execs reporting they do not have a comprehensive vendor risk program in place. This [...]

As vendor risk management, also known as third party risk management or just vendor management, has become more important, there has been more regulatory guidance from all the major regulators [...]

Vendor risk management, also known as vendor management and third party risk management, has become much more important in recent years. Regulators, such as the SEC, have released more and more [...]

The Consumer Financial Protection Bureau (CFPB) has broad regulatory authority of the financial services industry and reminded everyone of the fact that they also could exercise direct supervisory [...]

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators, the NCUA included. We’ve seen [...]

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators. We have seen a groundswell of [...]

Read about PayPal acquiring HyperWallet and Blackhawk, what CFOs have to say about their systems and hackers, vetting emerging mobile technologies and more.

The Federal Financial Institutions Examination Council (FFIEC) and the Consumer Financial Protection Bureau (CFPB) both have broad regulatory authority over third party service providers. In fact, [...]

An analysis and opinion of SEC guidance on cybersecurity, what fintech companies can learn from banks, Mulvaney asks BCFP to consider 20% spending reduction, plus more - read these stories and the [...]

Let’s discuss building out a third party risk management program, aka a vendor management or vendor risk management program from the ground up. You’ve joined an organization that lacks any sort of [...]

The OCC recently released its semi-annual risk report for the spring of 2018. You can read the full report here.

For anyone who has been following the Office of the Comptroller of the Currency for [...]

The vast majority of this week's vendor risk related news stories cover regulatory reform and regulatory change. Read below to see which of the regulators continue to move forward with reform and [...]

I hope everyone had an enjoyable Memorial Day Weekend! We figured you were out enjoying warm weather with friends and family, barbecuing or taking a dip in the pool, so we put together some of the [...]

As part of due diligence, you should always check certain foundational items to make sure that you're doing business with a legitimate third party. One often overlooked opportunity is to do an [...]

You’ve heard time and time again about requests regarding your inventory of actively managed vendors. Pause and think for a moment about the concept “actively managed vendors” – that means there’s [...]

This week in third party and vendor risk related news, we've seen a wide variety of topics. A major financial services company lied to regulators and falsified documents, the CFPB's future [...]

With GDPR implementation fast approaching, we've seen a spike in related stories. Read below for GDPR in one simple chart, 5 big GDPR impacts, a short 3 minute video on GDPR, along with articles [...]

One of the most difficult parts of third party risk management - or perhaps the most anxiety-laden – is the idea of being exam ready at all times. To do so, one needs to figure out what the [...]

Cybersecurity was a hot topic for vendor risk management news this week. A lot of our trusted news sources are writing about the state of cybersecurity in 2018. In addition to cybersecurity, below [...]

I was at the NAFCU Conference and talked to quite a few risk managers during the time there. Nearly every one of them said they have had a major change of heart as to how closely they should be [...]

We're already in the first week of May - this year has gone by rather quickly. In the first four months of 2018, we've shared the many changes in vendor risk management emerging in the news. BUT, [...]

The week of April 23 has been a big one for vendor risk related news. Headlines include: CFPB changed their name and confirms consumer complaints are going private, Wells Fargo was slapped with a [...]

Hardly a week goes by that we don’t learn of some new major breach, incident or some emerging cybersecurity threat. Think Swift attacks, Equifax or Yahoo. It seems no one is immune from [...]

Have you heard - the CFPB could start hiding consumer complaints, Mortgage Bankers Association says cyber crimes are getting nastier and nastier (and they have examples to prove it!) and even the  [...]

I know it seems like third party risk management is getting more attention than it needs. I say that having been involved with various facets of vendor management for much of my 28 years in [...]

This week's third party risk related news stories cover a variety of topics - bank regulatory actions are at a historic low, Congress back in session and perhaps ready to look at regulatory [...]

Whether you know it or not, you need to be a news-hound in third party risk management. This helps you stay informed and educated. 

Check out the latest stories in the world of third party risk for the past week - an update on regulatory relief, the compliance costs that are hurting rather than helping consumers, whether or [...]

Like many others, you may find the introduction of spring to be a great time to do some spring cleaning. While you’re dusting off the shelves and clearing the clutter it may not hurt to [...]

Read below for the FFIEC's opinion on exam modernization, the CFPB teaming up with the FTC,  possible regulatory relief for community banks, fintech companies in Arizona, the FDIC announces [...]

A risk assessment should not include just the inherent risk or residual risk with the vendor. In order to complete a robust assessment, both inherent risk and residual risk levels should be [...]

Read about the latest Wells Fargo enforcement action, what a less aggressive CFPB could mean for Fintech companies, the major third party implications on illegal debt collection, what Regtech is [...]

From a best practices perspective, did you know there is a distinct difference between a critical vendor and high risk vendor? It’s common to see these two vendor types grouped as one, however [...]

While there is not as many shocking news stories this week, there are, however, some interesting bits of news on data breaches, threats to the banking system, perspective from the new OCC head and [...]

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

• Wells Fargo is in trouble again
• SEC hits [...]

A lot went on in the world of third party risk management this week - some of the top news stories include:

• Regulators are cracking down on Fintech and brokerage companies
• SEC weighs in on [...]

Unfair, Deceptive or Abusive Acts or Practices (UDAAP) is an area of intense focus by regulators at the moment. Since the creation of the Consumer Financial Protection Bureau (CFPB), there has [...]

This week in third party risk news, articles cover topics like:

• Updates with the CFPB
• Security and fraud cyber attacks cost the U.S. economy how much? The number is astounding!
• Efforts the U.S. [...]

One of my most exciting lessons in the world of compliance was that we could actually take credit for doing the job well or for investing in education.

Compliance and third party risk management [...]

This week in third party risk management news:

• Want to voice your opinion on CFPB regulation through enforcement action? Now you can - they're seeking input from the public.
• Legal analysis of the [...]

Vendor management and its requirements have grown significantly over the past several years. There is now increased attention to subservice providers (fourth parties) and expectations around [...]

What's new in third party risk management this week? Read below to find out the progression of the OCC's proposed Fintech charter, what Mulvaney is doing regarding the CFPB, a possible OCC and [...]

I was asked at a speaking engagement what I felt was the most difficult part of third party risk management. My answer, quite cumbrous, was “all of it”.

The week of Jan 29 saw some really amazing headlines. The CFPB seeks public input on its processes and enforcement actions, new debt collection rules with third party implications and now they [...]

I will admit I was surprised to learn that even the largest companies may have third party risk sitting on the corner of ONE person’s desk. Worse yet, it is often times just ONE FACET of a busy [...]

This week brings all sorts of BIG news from CFPB, OCC and the Federal Reserve affecting third party risk. The new director for the CFPB unleashes some significant changes in process and the OCC [...]

One of the things I pride myself on is being highly organized (is it a problem if my socks are arranged alphabetically by color?). In the ever-hectic world of a third party risk manager, you’re [...]

Read below for the most important news articles in third party risk for the week of January 15, 2018. There’s lots of articles this week on the challenges in financial institutions – whether it’s [...]

Regulatory guidance is clear – you must keep your senior management team and the board informed on developments in the third party risk management program, particularly on activities related to [...]

This week in the world of third party risk management, several resources take a stab at 2018 predictions and we again hear about the importance and increased role of of cybersecurity. The concept [...]

We all know the importance of getting regular checkups on our health. It’s a great way to proactively address any potential problems before they become a crisis. Well, third party risk management [...]

New year, new vendor management news. If this week’s news is any indication, we’re in for a wild and wacky year! 

We’ve got lots more CFPB news (the current head of NCUA may be named as the [...]

Exercise more, lose a few pounds, adopt a new hobby and spend more time with family and friends are all common New Years Resolutions.

Instead of losing weight for 2018, we've decided to focus on [...]

It's the last week of the year and the vendor management news hasn't stopped. This week's headlines reflect back on 2017 and outline priorities for 2018. Not surprisingly, enforcement actions, [...]

Writing a risk assessment document for the first time or the thousandth time can be a daunting task. People often struggle with how much there is to consider.

So, let’s narrow the focus and go [...]

Top stories in vendor management related news for the week of December 18, 2017 include:

• New York cracks down on data issues following Equifax
• CFPB is stopping its exams while they figure out how [...]

He’s making a list, he’s checking it twice, is your vendor naughty or nice? The regulators are comin’ to town… 

We've collected vendor management news articles from the past week starting with December 11, 2017. A few top ones are:

• 3 things to consider in vendor risk management
• An update on the battle over [...]

Vendor management and its requirements have grown significantly over the past several years. There is now increased attention to subservice providers (fourth parties) and expectations around [...]

This week in the world of vendor management was all about the changes in the regulators’ leadership and the ongoing power struggle at the CFPB, with a side order of data breach and proposed [...]

At the conclusion of any examination or audit, there are always some open items. No one truly enjoys having a detailed re-hashing of areas of concern, but it’s an important conversation to have.

[...]

This week’s vendor management news is dominated by the change in the leadership at the CFPB, UDAAP action and a new head at the OCC. Check out more of the important third party risk related news [...]

I’m often asked about termination clauses in contracts. Unfortunately, if you’re in the middle of an existing contract and decide you “want out”, your options may be limited, depending on how much [...]

Third party risk news for the fourth week of November brought us some interesting headlines - here's what to expect in this week's Staying On Top of Vendor Management News:

• If you haven't heard [...]

We’re thankful for our company, our customers and our ever-growing set of products and services. As we pause to spend Thanksgiving time with our families and friends, we thought it would be a good [...]

Some weeks there’s lots of news; some weeks there’s big news – this week, there’s simply lots and lots of big news.

Let’s look at some of the massive headlines:

• The CFPB director is stepping [...]

A common question we hear is “How do we know what the examiners will ask related to vendor risk management?” It’s one that does not lend itself to an exact and easy answer. However, there are many [...]

This week once again reminds us that keeping up with third party risk management news is a very important best practice. Here are some of the top stories:

• An exerpt from Chairman Hensarling's [...]

In light of Halloween, we've got some spooky third party risk management news to share with you this week.

• Back from the dead - first national bank charter approved since the financial crisis
• [...]

Vendor management doesn't always go smoothly and sometimes can get quite frightening. So, in the spirit of Halloween, I have 7 vendor management nightmares to share with you. Ensure you take the [...]

Fortunately, there hasn't been anything too crazy happening in the world of third party risk this past week. There are still some good articles to read though to keep you updated! Check them out [...]

"The first thing we do, let's kill all the lawyers" is a well known quote from Shakespeare’s Henry VI Part 2.  I was an English major, so I read a lot of Shakespeare and I don’t particularly agree [...]

Third party risk news for the week of October 16 that you need to know:

• Oversight on FinTech companies is tightening up
• Are you a smaller bank? You might be experiencing higher regulatory costs [...]

On September 28, 2017, the Office of the Comptroller of the Currency (OCC) released BankFiscal Year 2018 Bank Supervision Operating Plan, aka, NR 2017-113. Thanks for the acronym fun… but what [...]

Learn what's new in vendor risk management from the week of October 9 - there have been some real eye openers. We've put together a list of resources that cover a variety of important topics, [...]

Learn what's new in vendor risk management from the week of October 2. We've put together a list of resources to check out. 

It’s been an interesting week – topics include:

• OCC dangles idea of [...]

Your third parties should be ranked as Critical or Non-Critical for business disruption and ranked High, Medium or Low on all regulatory items.

This week in third party risk news, we are reminded of the importance of proper due diligence, reputation risk, examination preparedness and more vendor management best practices. Read the [...]

A fundamental question people often wrestle with is, “what constitutes appropriate vendor due diligence?” Or, “what are vendor due diligence reviews”?

Headlines in third party risk from this past week, the week of September 18, covered a variety of mishaps from which we can all learn. Read the articles below for how you can avoid issues with [...]

As you may have seen this week in the news, the first of the Apple Pay contracts are up for renewal; if you haven’t seen it, here’s a handy link to the article. 

Keeping up with the latest news in third party risk is important for your vendor management program. This past week - week of September 11 - has been especially eventful. Make sure to check out [...]

If you’ve done much due diligence work, you’ve certainly noticed that many vendors incorporate here in Delaware (well, technically, I live in southeastern Pennsylvania but have worked for most of [...]

Keep up with the latest news in third party risk. We've put together a list of resources for the week of September 4 to help keep you updated.  

I’ve seen on Facebook and Twitter those amusing things where you list what you wish you could tell yourself 20 years ago, i.e., sharing the benefit of experience with a less experienced YOU. 

[...]

If you’re like me, you receive dozens of emails – perhaps hundreds of tweets – from various news feeds. It’s easy to lose track of them all but it's important to at least glance through them. 

Here's a list of important vendor risk management articles from this week - week of August 21, 2017.

There is an old saying that goes, “an ounce of prevention is worth a pound of cure”.  Meaning the cheapest way to fix a problem is often to simply prevent it from occurring. Perhaps there is no [...]

What's new in vendor risk management for the week of August 14, 2017? We've put together a list of resources to check out.

The optimist sees the glass as half full; the pessimist sees the glass as half empty; the engineer sees a waste of too much glass; the compliance officer sees it as potential shattering and [...]

You're aware of the importance of staying up to date with industry news. Learn what's new in vendor risk management for the week of August 7, 2017. We've put together a list of resources to check [...]

When I’m not at work, you’ll most likely find me on my bicycle. Some might argue that I am cyclelogically obsessed with bicycling (see what I did there?). One sure thing every cyclist knows is [...]

You know how important it is to stay updated with regulatory news. Learn what's new in vendor risk management from the week of July 24. We've put together a list of resources to check out. 

You need to know the business impact risk of your vendors. Once you know that, you can figure out how they play into your financial institution’s business continuity plan. A way to start is to [...]

This week, we’re at the NAFCU Risk Conference in beautiful Denver, Colorado. For me, attending conferences, whether as a presenter or as an interested participant, is always exciting.

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

[...]

If you had an examination starting tomorrow, would you be ready? If one of your critical third parties announced it was ceasing business, would you be prepared? If there’s a big data breach at one [...]

The creation and issuance of vendor management regulatory guidance takes quite a while – the process from start to finish can take months or even years. Meanwhile, the evolution of mobile [...]

Vendor management should have its own department or group inside your financial institution. A best practice, perhaps even a fundamental expectation, is that third party risk management should be [...]

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

As a professional in third party risk management, you probably hear the term service level agreement or SLA for short. Make sure you understand what they are. To help, we'll go through a few basic [...]

As we’ve mentioned before, one of the challenging issues in third party risk management is staying up-to-date on news and changes occurring in the financial services regulatory world. It’s [...]

The examiner is coming, the examiner is coming!

DON'T PANIC! Seriously, there’s no need if you’re running a well-managed program. Let’s go through some of the key things you’ll want to do to plan [...]

Vendor ongoing monitoring is required by all of the major regulators as a fundamental practice in third party risk management. So, why is it often overlooked? What happens if you fail to monitor [...]

Extra extra! Read all about it! Last week, the Office of the Comptroller of the Currency issued Bulletin 2017-21 –Frequently Asked Questions to Supplement OCC Bulletin 2013-29.

We thought it might [...]

In the past, we covered that the board needs to be involved in your vendor management program and how to figure out if they're involved enough. We also covered important points on what vendor [...]

Today, companies merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to [...]

In the story, “The Purloined Letter” by Edgar Allan Poe, one of the key themes was thatthe most obvious things are often hidden in plain sight – we just manage not to see them. The same is true of

As you may already know, I’m a cyclist. So, typically, I log a few miles every morning before work, amuse the neighbors by posting pictures of my ride on Facebook and generally enjoy rolling along [...]

If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through [...]

It can be tempting to cut corners when handling third party risk management at your institution. 

When I was a few years younger, I used to love to race in criterium style races… for those of you [...]

Enforcement action – for anyone involved in risk management, that term can give you an upset stomach. Why? An enforcement action typically means large problems and potentially hefty fines. They [...]

There's a question I get asked often - "Why must I risk rate EVERY one of my vendors?" Many times at conferences and in follow up to webinars, this is a popular question, because I think it drives [...]

One of the real regulatory hot buttons over the past few years is around UDAAP – Unfair, Deceptive, or Abusive Acts, or Practices. There have been numerous UDAAP violations with some pretty [...]

The OCC came out with new guidance on January 24, 2017 - they published the supplemental examination guide for third party risk management, titled OCC Bulletin 2017-7. So, if you’re at a credit [...]

A topic we hear a lot at industry conferences and webinars is the maturity of your vendor management program. What exactly does this mean? Let's go through that now...

If you don’t read anything else this week on vendor management, read this! Recent studies by Protiviti and Crowe Horwath show that vendor risk management maturity has improved significantly, but [...]

On March 13, 2017, as the East Coast of the US was awaiting the latest snowpocalypse or snowmageddon, really big news broke related to vendor management – D+H was acquired and will be merged with [...]

How are financial institutions handling vendor management for 2017? After surveying over one hundred people, we have good and bad news to share, data to back it up and how to make the bad news [...]

There are times when even the best of relationships fall apart. But, there's also usually plenty of early warning signs. So, let's look at a few of them related to your vendors – these are just a [...]

On Tuesday, January 24, 2017, the Office of the Comptroller of the Currency issued new regulation - Bulletin 2017-7. It's supplemental guidance on the approach examiners must take when reviewing [...]

How often do you check your oil in your car? The air pressure in your tires? Do you take your car in for routine maintenance? Or do you ignore everything until a warning light appears on the [...]

You should prepare for an exam before you're officially given notice of it. There are items to have ready ideally 3 or 4 months before any potential exam window.

With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.

I was recently at a [...]

A few weeks ago we discussed the importance of senior management and board involvement regarding vendor management. How do you know if you're following the OCC Bulletin 29-2013 guidance and OCC [...]

I anticipate that there will be quite a few changes looming in the new year - 2017. Some examples include change of Dodd-Frank, increased pro-bank feel, change of examination cycle and [...]

2016 – the year of third party risk and cybersecurity. As 2016 winds down, we should look back and think about what we’ve seen this year. There have been many extraordinary events in the world of [...]

I was recently asked what a MRA is and what it really means. Well, if you’re a compliance officer at a financial institution, that acronym is enough to send a shiver down your spine.

Just as the leaves changing or the geese migrating herald the change of seasons, things change for companies as well. And, if those companies are a critical third party of yours, you need to be [...]

If you’re a senior manager or a member of a board of a financial institution, you must be directly involved in many things, including vendor management. If there was any doubt about that, the OCC [...]

While I may not be entirely thankful for the heightened state of today’s regulatory environment, I am thankful that we live in a time of innovation and, therefore, have helpful tools to assist in [...]

Reporting to senior management and/or the board is not just a good practice; it’s actually a requirement of regulatory guidance. So, what should you prepare in terms of a report?

The simple answer is “yes”. If they fall within the scope of your third party risk management program – and remember, your scope should be well documented on who is included and, just as [...]

Here's a classic dilemma – what happens when a vendor simply won’t give you the documents you need to complete due diligence? Do you stand up and walk out on them? Usually not... but you do need [...]

Vendor management doesn't always go smoothly, and sometimes can get quite frightening. In the spirit of Halloween, check out these 17 vendor management horror stories followed by ways to stop or [...]

We have exciting news! Have you heard? Yesterday, we launched our new educational video series - Third Party Thursdays. Every Thursday, we will post a new video that will focus on a different area [...]

One of the most important and challenging parts of working in risk management is staying out of the news – that’s always a good goal, not to be in the news in a negative way. But equally [...]

You’re getting ready to do business with a huge industry leader. Why, there’s no need to try to do the usual due diligence, is there? They have to be safe.

I mean, they’re never going to give us [...]

You’ve probably updated your organization chart for your bank or credit union's compliance and third party risk management teams. You’ve likely had to explain it to Human Resources or go to senior [...]

Anyone who knows me knows I have a few obsessions – I’m cyclelogically obsessed with my bicycle and I am an absolute NASA-nut (thanks to Twitter and NASA Social for taking me to some really great [...]

On Aug 22, 2016, the FDIC released the Summer edition of its Supervisory Insights Journal. Okay, officially, it was FDIC Financial Institution Letter 57-2016, but that’s too much of a mouthful, so [...]

Unfortunately, there’s no magical solution to getting your staff up to speed and keeping them there. There’s no handbook or vendor management Bible, and even the best guidance only gets somewhat [...]

We were recently asked if there is a certain size threshold at which an institution should or should not consider outsourcing. The discussion led to a lot of thoughts – but when it came down to [...]

No serious cyclist would ever dream of riding their bicycle without wearing a helmet. Personally, having been hit by a car twice while cycling, I probably should wear a helmet every time I talk [...]

I was very fortunate when I worked in a bank; I generally always got the support and investment that I needed to run a third party risk management program.

Talking to my colleagues throughout the [...]

Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!

What in the world is a fourth party [...]

Why do I want to go into a relationship thinking about the exit?

It does seem counter-intuitive, I suppose. You're all excited about signing up this great new provider who is going to help solve [...]

You’re excited to be working with a terrific new vendor. Let's go through the process.

You’ve done your due diligence, written a thorough risk assessment, gotten it approved by your risk committee [...]

Why do we do due diligence?

There is always the natural tension between wanting to get to market with a good idea or new service provider and the need to do your homework and make sure the [...]

Okay, I’ll admit it – there are always certain companies that I admire and are my favorites to do business with. 

I won’t name names, but as you read this, hopefully you can identify ones of your [...]

Of all of the areas of third party risk management, perhaps the most difficult is handling contracts effectively. Whether it’s negotiating, tracking or simply finding all of them, contracts can be [...]

Anywhere your company is spending money for a product or service, well, that’s a vendor of some sort. As part of your vendor management, you need to start by knowing who exactly your vendors are. 

Not all due diligence should be rated equal

Due diligence should always be risk-based and tailored to the appropriate risks represented by the third party relationship. Lots of the items collected [...]

Since Prince’s passing, the lyrics to his song “1999” kept coming to mind, which then triggered me to think about how vendor management has changed from then to now.

You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data. 

A little over ten years ago, I was leaving MBNA America following an acquisition by Bank of America. 

I really hadn’t searched for a job in nearly 20 years, so I wasn’t quite sure where to start.

[...]

Using Excel for your vendor management can make the data cumbersome for you to manage and difficult for your examiner to read. So why are you still using those spreadsheets?

It's time to move on! [...]

Vendor management has been around for years. Having a firm grasp on the companies with whom you are doing business is not new, but the regulatory expectations continue to evolve and grow.

Whether [...]