-
Ask the Guru: Do We Need to Perform a review on a New Vendor in a Foreign Country?
Hey Guru! Our institution works with a third-party that has recently engaged with a company in a foreign county to begin assisting them in taking care of our institution’s IT matters. Do we need to perform a review on this new foreign third-party? When evaluating this situation, the first step is to understand the parties…
-
FFIEC Updates (and Greatly Expands) the Management Handbook
This latest update to the IT Examination Handbook series comes 11 years after the original version. And although IT has changed significantly in the past 11 years, the requirement that financial institutions properly manage the risks of IT has not changed. This new Handbook contains many changes that will introduce new requirements and new expectations…
-
Ask the Guru: Vendor vs. Service Provider
Hey GuruI recently had an FDIC examiner tell me that we needed to make a better distinction between a vendor and a service provider. His point seemed to be that by lumping them together in our vendor management program we were “over-analyzing” them. He suggested that we should be focused instead only on those few…
-
Vendor Due Diligence and Oversight – Why Attending Conferences is Important
Examiners are increasingly focused on your vendor management efforts, and expect you to utilize every opportunity to more effectively manage the relationship. Attending user groups and user conferences can be a very effective way to connect with and influence critical vendors, while simultaneously educating yourself on your existing products as well as new and emerging…
-
7 Cloud Vendor Deal Breakers for Financial Institutions
With all the recent focus on vendor management in general, and cloud vendors in particular, there has been a lot of discussion about changing regulatory requirements and best practices. For the most part, cloud vendors must adhere to the same due diligence, contract, and monitoring guidelines as any other vendor However there are a few…