Third Party Thursday

DECEMBER 12, 2019

4 Big Third Party Risk Management Updates from 2019

Podcast: Play in a new window | Download

Now that the year is coming to an end, it’s a good time to reflect on the big events that happened with third party risk management in 2019. Use the lessons and guidance learned this year to help your organization be more successful with vendor management in 2020.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Podcast Transcript

Hi – my name is Josh with Venminder. joshua-cooper-headshot-CIRCLE

In today’s podcast, you’re going to learn what we feel were some of the big things that happened in 2019.   

Every day our team of experts assist companies of all sizes and industries with third party risk management. We stay abreast of all the changes and evolvement.

There was a lot that happened in 2019, but today we’re going to cover four:

  1. First, data breaches continued to impact the industry with massive ones like the Capital One breach that affected more than 100 million people. It was a reminder to heighten our awareness and implement appropriate cybersecurity best practices as well as adequately evaluate our vendors’ cybersecurity architecture and breach notification plan.

  2. Second, in 2019, regulators focused heavily on transparency and clarity. Just take the Consumer Financial Protection Bureau or CFPB into consideration. The CFPB promised to define “abusive” in UDAAP. It’s still a work in progress, but it’s been an industry request for a while now so it’s great to see some movement. Look for this trend to continue in 2020.

  3. Third, leadership changes at major regulators were in full swing. This was most apparent at the CFPB and Federal Reserve. Be sure to stay up-to-date and aware so that you can make any needed changes to your vendor management program. Remain ahead of the game and be ready for more changes in 2020.

  4. And fourth, the extended exam cycle was fully implemented. So, if you’re a well-managed organization with under $3 billion in assets, then you likely qualified for the extended examination cycle from 12 months to 18 months. However, as a best practice and friendly reminder, remain consistent internally. Continue to do what you’ve been doing. Don’t step back and let vendor management tasks slip through the cracks just because the examiners won’t be arriving at your doorstep as frequently.

There you have it. Some of the big 2019 third party risk management updates.

Thanks for tuning in; catch you next time!


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.