(270) 506-5140 CONTACT US
Best Practices

What the Regulators Will Expect in 2019 Vendor Management

Jan 16, 2019 by Branan Cooper

2018 did not deliver the highly anticipated sweeping regulatory reform – sure, it nibbled at the edges with a break in the exam cycle for well-managed organizations under $3 billion and changes for the largest banks, but in terms of things that deliver actual day to day relief – there was nothing of note. In fact, with all of the focus on cybersecurity, the world of third party risk management is more convoluted than ever. So, what do we have in store for 2019?

7 Regulator Expectations

Here are the regulator expectations that I foresee:

  1. Cybersecurity and data protection should be sound business practices at your organization. With the rise in data breaches, cybersecurity and data protection initiatives will be a focus and expectations and requirements will only increase.

  2. The OCC will place focus on their new Fintech charter requirements. That being said, there is still some pushback from other regulators and state agencies regarding if this charter should be enforceable.

  3. GDPR, effective as of May 2018, should be understood and necessary protections should be in place to assist with compliance. GDPR is an EU regulation; however, if you process any EU data you should implement GDPR practices at your organization. Similarly, the state of California introduced privacy and data protection standards of their own.

  4. Organizations continue to reference relevant regulatory guidance and follow the pillars of vendor management when managing risk and vendor relationships. The 6 pillars include:
    • Vendor selection
    • Risk assessment
    • Due diligence
    • Ongoing monitoring
    • Contract management
    • reporting

  5. Review the recent enforcement actions and look for elements that may be present in your own practices.

  6. Invest in education and training. Conferences and webinars help you stay up to speed with best practices and industry analysis.

  7. Develop training protocols for the front-line managers who deal with your vendors every day to be certain they understand their roles and where the handoffs should occur between the vendor and your third party risk management efforts.

2019 will be a year of intense regulatory focus – preparing now is important!

Evaluate your vendor's regulatory risks ahead of time. Download this infographic to get started today.



Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog