third-party provider – Compliance Guru • FFIEC Guidance

Are You Ready for the New BCM Handbook?

Take the Quiz

Moving Beyond the ACET: Next Steps

Get a Copy

Role of the Information Security Officer

Get a Copy

By Tom Hinkel | In Hot Topics

Vendor Management in 3 Parts. Part 2 – Risk Assessment (or, “will they or won’t they?”)

In Part 1 I said that vendor management, just as any other risk management endeavor, consists of 3 basic phases; Identify the risk Assess the risk, and Control the risk I also discussed why risk identification was a more difficult task today because of the “access to data” question, and also because “data” includes not just NPI, but confidential […]

By Tom Hinkel | In From the Field

Guru Briefs – OCC on Cybersecurity & MRA’s, FFIEC on Cybersecurity Assessments

(NOTE: Guru Briefs are short takes on recently released regulatory activity. They are not a detailed analysis, but designed to draw attention to the Guru’s initial impressions.) In this edition: The OCC has been particularly active on the regulatory front lately, and even non-OCC institutions may want to pay attention, as the head of the OCC […]

By Tom Hinkel | In Hot Topics

Vendor Management in 3 Parts. Part 1 – Risk Identification (or, “do they or don’t they?”)

Service provider oversight (aka vendor management) is undoubtedly the hottest hot-button item on the regulator’s agenda right now, and for good reason. For one thing, regulators know that the vast majority of financial institutions outsource at some point, in fact recent studies put the number of FI’s that either transmit, process or store information with […]

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources