1 (888) 836-6463 CONTACT US
Brokerage- bng.png

Securities & Brokers


In the SEC's exam priorities, there is a strong focus on anti-money laundering (AML) and cybersecurity - both directly related to areas of vendor management.

Why Venminder

SEC Vendor Management Expectations

To the SEC, third party risk management is a vital part of the compliance framework they expect to see in their regulated institutions and, since third parties can represent a very wide swath of activities, the SEC claims broad authority.   

The SEC is fairly prescriptive in how it suggests that vendors are managed as we have seen in the risk alerts and, while they don’t provide a straightforward simple definition of a vendor or clarify who should be included or excluded in the current examination priorities report, they do offer broad and informative guidance on selecting, managing and regulating vendor activities through interpreting their own vendor communication plan. 

Whether you are a registered broker-dealer, investment company or investment adviser, here are 4 ways to respond:

  • Strengthen your oversight of third parties - including due diligence, contract management, risk assessments and more
  • Review your compliance procedures
  • Have a well-documented plan
  • Stay educated in enforcement actions

How We Help

who we help 2


Centralize the data on your third parties to efficiently manage, monitor and risk assess your third parties.

Learn More
who we help 1

Outsourced Services

Our industry experts and certified team can become your cost-effective staff augmentation answer.

Learn More
who we help 3


One size does not fit all. Whether you are a small or large organization, our solutions  can be customized to your specific needs.

Learn More

Hot Button Issue
SEC Vendor Cybersecurity Concerns

The SEC has sat at the forefront of cybersecurity concerns for some time – in 2017, they were among the first to ring the alarm bells on the WannaCry ransomware attacks and their statements in the report indicate they will be looking for evidence that you, as a regulated entity, have taken appropriate steps.  

In August of 2017, the SEC also issued a Risk Alert packed with observations on the role of vendor management and cybersecurity and noted the appropriate steps that institutions should be employing to properly oversee their vendors. A copy of that report can be found here that reinforces that the regulators in the financial services industry all generally share the same concerns over the need for heightened vendor management practices.  


“We will continue to prioritize cybersecurity in each of our examination programs. Our examinations have and will continue to focus on, among other things, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.”  

SEC 2018 Examination Priorities Report 

By running a successful vendor management program you are

Taking steps to protect your firm and your customers
Can avoid being on the receiving end of enforcement actions or large fines
Mitigating vendor risk and ultimately protecting your reputation
hero bng purple
Request a Demo