Hello Everyone and thank you for joining me today for our Third Party Thursday podcast. My name is Branan Cooper and I'm the Chief Risk Officer here at Venminder. Can you believe it’s been nearly 20 years since we were concerned with Y2K? Can you still hear the tune to Prince’s 1999 rolling around in your head? Oh my, how quickly time flies. During today’s podcast we will discuss vendor management expectations for 2019.
In a year of so much change, as we’ve seen in 2018, it’s very difficult to predict what tomorrow has in store, much less what next year has in mind for all of us.
However, looking into the lessons of the past few years, there are some 2019 certainties:
- Cybersecurity is going to be a hot topic for the foreseeable future. Data breaches seem to pop up nearly every day. Some of these are staggering in scope and others simply remind us that we need to be ever-vigilant and watch anyone with even tangential access to our protected data.
- Regulatory requirements are increasing. Look no further than the March 2019 requirements spinning out of the 2017 New York Department of Financial Services cybersecurity directives. By the end of the first quarter, you’ll need to have the same data protection standards in place at your third parties and that’s a herculean task!
- With all of the discussion around changes at the CFPB and regulatory reform, none of it trickles down in the form of immediate relief to weary compliance officers, particularly as it pertains to third party risk management. For those things that have changed, let’s remember that change in either direction – less requiring or more requiring – involves a lot of work and stress in trying to manage multiple moving targets and board expectations.
- The OCC released its new fintech charter requirements just a few months ago and as we wait to see who will jump at the opportunity, there’s already pushback from the state agencies and other regulators as to whether the OCC has the authority to issue such a charter. Also, keep in mind, for those who choose to apply for the charter, they'll have to have a rigorous approach to third party risk management, just like the national banks with an OCC charter.
- The mid-term elections may, or may not, shake up the political landscape. Either way, reform takes time and there are far bigger issues brewing that will take up the legislative agenda rather than even considering regulatory roll back requirements on consumer protection regulations or third party risk management.
- The advent of GDPR and similar legislation in California introduces strict new data standards, much of which has yet to be vetted through an examination cycle or even through daily application of the new standards or investigations of who may or may not be in compliance. This means if the first item above didn’t put you on notice already, to the extent that you’re doing business in Europe, California or even New York, information security needs to be atop your priorities.
- Finally, the more things change, the more they stay the same – what that simply means, in this era of constant change, we are still seeing a consistent ratcheting up of regulatory expectations in third party risk management, not a decrease. Don’t let the news headlines distract you, rather let them inform you. Third party risk management, in all its various requirements, is still going to be a very important issue for the industry in the new year.
There you have it – seven 2019 vendor management expectations. I hope you found this podcast helpful. Again, I’m Branan Cooper, Chief Risk Officer at Venminder. If you haven’t already done so, please subscribe to our Third Party Thursday series.