Authorities on Risk Assurance

The Shared Assessments Blog

Vendor Risk Management – Keeping Our Eyes on What Matters Most

Published on October 23, 2014 By | Posted in: News, Risk Management, Third Party Risk Management

I’d like to make a bold statement: vendor risk management is easy. Step 1: Use contracts to set expectations, secure audit rights and transfer liability. Step 2: Conduct an assessment to determine if expectations are being met. Step 3: Remediate any issues identified during the assessment. This is very straightforward work. If this work is […]

Whither Bank Regulation: Are We There Yet?

Published on October 14, 2014 By | Posted in: Regulations, Security

The prevailing law addressing bank security is the Bank Protection Act of 1968. In 1978 the operative regulation implementing the Act was Regulation P.

Healthcare Breaches Take Another Little Piece of My Heart

Published on October 6, 2014 By | Posted in: Data Breach, Healthcare, HIPAA, PHI

I was recently in the car listening to Janis Joplin’s “Take Another Little Piece of My Heart,” and it triggered a conversation I had a while ago with a banking executive regarding the similarities and differences between financial and health data breaches. While we agreed that financial breaches – on the surface – appear to […]

No Secrets: Reporting Obligations of HIPAA Business Associates

Published on September 29, 2014 By | Posted in: Business Associate, HIPAA, Newsletter

Once upon a time, privacy and information security were an afterthought during contract negotiations. But breach notification has fundamentally changed the process, causing organizations to become increasingly concerned with their service providers’ privacy and security practices. Breach reporting time periods and breach indemnification costs can be the most hotly contested provisions in a contract negotiation. […]

Goodwill’s Third Party Due Diligence… “And it Makes Me Wonder”

Published on September 23, 2014 By | Posted in: Data Breach, Third Party Risk

Like everyone else glued to the media outlets this past week regarding the Home Depot breach I was softly sobbing to myself “here we go again” particularly after I just made a visit and a purchase with my credit card. However, this discussion isn’t about the Home Depot breach, but rather a less-than recent breach […]

Apple Pay – And Dynamic Payment Tokens

Published on September 12, 2014 By | Posted in: Payments, Tokens

Although Apple’s payments announcement on Tuesday was not a surprise, the platform’s mechanics were largely unknown before Tim Cook’s on-stage introduction at the Flint Center in Cupertino. Cook set the context for Apple’s payments vision quite accurately: “Most people that have worked on this have started by focusing on creating a business model that was […]

How to Respond to the Regulation Avalanche

Published on September 8, 2014 By | Posted in: Compliance, Regulations, Regulatory Compliance, Risk

As follow up to my previous blog on how the avalanche of regulation can stifle innovation in banks and credit unions, I wanted to share some ideas to start the discussion on organizational steps that you can take to enhance the risk and compliance culture. Maturing the processes internally, requires education – and while that […]

Payment Tokens and Standards, Again

Published on September 4, 2014 By | Posted in: News

The last couple of months have seen a more focused and public discussion between merchants and banks about how the standards that will underlie payment tokens should be crafted. An oversimplified summary of positions would suggest that merchants want an ISO based standards development process which would allow for a more inclusive participation and more […]

A Primer on Vendor Classification

Published on August 28, 2014 By | Posted in: Guidance, Newsletter, Risk, Risk Management

With the publication of OCC Bulletin 2013-29 as well as numerous recent breaches involving vendors a perfect storm of awareness has arisen not only in the financial services industry but many others as well. The inevitable result will be an emphasis within organizations on better management of the inherent risk realized from utilizing services from […]

New OCC Guidance: Merchant Processing Guidance Highlights Third Party Risks

Published on August 28, 2014 By | Posted in: Guidance, News

OCC issues revised guidance (OCC Bulletin 2014-41) on Merchant Processing as regulators continue to increase focus on third party risk. In their revised guidance the OCC stresses the need for expanded due diligence of third party card processors. The guidance reinforces the OCC’s concept of managing third party service providers throughout the entire vendor lifecycle […]

Viewpoint Logo
Shared Assessments Logo dtcc
Ellie Mae Logo
brinqa-logo-web
Shared Assessments Logo radian
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Bank of the West
Shared Assessments Licensee Power Advocate
Shared Assessments Licensee LTD Financial Services
Online Business Systems logo
sti-logo-web
Shared Assessments Logo Lerner Sampson & Rothfuss
Shared Assessments Program licensee Nice logo
Shared Assessments Logo Iron Mountain
ProcessUnitybanner
Shared Assessments Logo sei
MetricStream logo
Shared Assessments Licensee Pro Teck
Shared Assessments Licensee redtail
booz-allen-logo-web
Early Warning Logo
Shared Assessments Licensee Rsam
Shared Assessments Licensee Lockpath
fis-logo-web
Shared Assessments Licensee White Hat
Shared Assessments Program licensee Enode logo
Shared Assessments Logo Bank Of New York Mellon
NationalStudentClearinghouse
Agio Logo
advance-america-logo-web-2
Shared Assessments Logo usbank
Shared Assessments Licensee Protiviti
Shared Assessments Logo yodlee
Shared Assessments Licensee Telerex
continuity-logic-logo-web-2
Shared Assessments Licensee ZS logo
Shared Assessments Logo jpmorgan
Shared Assessments Licensee ControlCase
Shared Assessments Logo first data
Shared Assessments Licensee ctg
dealogic-20logo-high-20res_165x100x72_web
GT_logo_165x100x72_web
Genpact-logo-web
Shared Assessments Licensee Identity Theft 911
Shared Assessments Licensee Caanes
Shared Assessments Licensee RSA
FreedomMortgage_165x100x72_web
prevalent-logo-web-2
Shared Assessments Licensee-Brainshark
kpmg-logo-web-2
el paso electric logo
Shared Assessments Logo pwc
PCV-logo-web
evault-logo-web-2
waynecounty_logo_165x100x72_web
ez-shield-logo-web-2
Shared Assessments Licensee TD Ameritrade
Shared Assessments Licensee-Copytalk
Shared Assessments Logo tsys
Shared Assessments Program licensee Churchill & Harriman logo
CRIF Logo
Shared Assessments Licensee AON
Shared Assessments Licensee BSI
Shared Assessments Licensee BWise
Shared Assessments Logo Deloitte
Shared Assessments Licensee Pivot Point Security
Shared Assessments Logo zywave
trusted integration logo
veracode-logo-web
intralinks-logo
Shared Assessments Logo Deluxe Corp
Aujas Information Risk Services Logo