Who you choose to do business with can pose a very real risk for your company and your clients in many different areas, including operational risk, reputation risk, credit risk, compliance risk, strategic risk and many others.
In order to mitigate and lower the level of risk a vendor poses, you should implement strong risk management practices that monitors and manages their performance.
We recommend that you:
Centralize the data on your third parties to efficiently manage, monitor and risk assess your third parties.
Our industry experts and certified team can become your cost-effective staff augmentation answer.
Cybersecurity has the attention of all regulatory bodies who have called on you to address the risk through appropriate due diligence and ongoing oversight and monitoring.
It’s important that you can demonstrate that you are taking proactive steps to identify and mitigate potential areas of weakness otherwise you face enforcement actions or high fines.
Want to learn more?
The current gold standard for third party risk management is OCC Bulletin 2013-29 accompanied by its more recent updates in the form of Bulletins 2017-7 and 2017-21.
Regardless of whether you are regulated by the OCC, it is encouraged to follow for industry's best practices and recommendations in your program.
Have a policy, program and procedures in place for third party risk management
Complete and maintain due diligence on your vendors, including ongoing monitoring
Ensure you use the due diligence information you have collected to analyze and make decisions on