It became clear that regulators were paying serious attention to vendor risk management during FNB Bank’s 2013 examination, says Wes Spencer, the bank’s Chief Information Officer. Although the community bank, headquartered in Mayfield, Kentucky, had always received high marks for its vendor management program, management knew it needed to do even more.
“The Target breach really opened everyone’s eyes to the importance of knowing your vendors. The examiners wanted us-and all financial institutions-to apply a very rigorous and methodical risk-based approach to vendor management,” he explains.
The bank’s board of directors tasked Wes with responsibility for creating a multi-disciplined approach to vendor risk management.