2018 did not deliver the highly anticipated sweeping regulatory reform – sure, it nibbled at the edges with a break in the exam cycle for well-managed organizations under $3 billion and changes for the largest banks, but in terms of things that deliver actual day to day relief – there was nothing of note. In fact, with all of the focus on cybersecurity, the world of third party risk management is more convoluted than ever. So, what do we have in store for 2019?
7 Regulator Expectations
Here are the regulator expectations that I foresee:
- Cybersecurity and data protection should be sound business practices at your organization. With the rise in data breaches, cybersecurity and data protection initiatives will be a focus and expectations and requirements will only increase.
- The OCC will place focus on their new Fintech charter requirements. That being said, there is still some pushback from other regulators and state agencies regarding if this charter should be enforceable.
- GDPR, effective as of May 2018, should be understood and necessary protections should be in place to assist with compliance. GDPR is an EU regulation; however, if you process any EU data you should implement GDPR practices at your organization. Similarly, the state of California introduced privacy and data protection standards of their own.
- Organizations continue to reference relevant regulatory guidance and follow the pillars of vendor management when managing risk and vendor relationships. The 6 pillars include:
- Vendor selection
- Risk assessment
- Due diligence
- Ongoing monitoring
- Contract management
- Review the recent enforcement actions and look for elements that may be present in your own practices.
- Invest in education and training. Conferences and webinars help you stay up to speed with best practices and industry analysis.
- Develop training protocols for the front-line managers who deal with your vendors every day to be certain they understand their roles and where the handoffs should occur between the vendor and your third party risk management efforts.
2019 will be a year of intense regulatory focus – preparing now is important!
Evaluate your vendor's regulatory risks ahead of time. Download this infographic to get started today.