Authorities on Risk Assurance

The Shared Assessments Blog

Apple Pay – And Dynamic Payment Tokens

Published on September 12, 2014 By | Posted in: Payments, Tokens

Although Apple’s payments announcement on Tuesday was not a surprise, the platform’s mechanics were largely unknown before Tim Cook’s on-stage introduction at the Flint Center in Cupertino. Cook set the context for Apple’s payments vision quite accurately: “Most people that have worked on this have started by focusing on creating a business model that was […]

How to Respond to the Regulation Avalanche

Published on September 8, 2014 By | Posted in: Compliance, Regulations, Regulatory Compliance, Risk

As follow up to my previous blog on how the avalanche of regulation can stifle innovation in banks and credit unions, I wanted to share some ideas to start the discussion on organizational steps that you can take to enhance the risk and compliance culture. Maturing the processes internally, requires education – and while that […]

Payment Tokens and Standards, Again

Published on September 4, 2014 By | Posted in: News

The last couple of months have seen a more focused and public discussion between merchants and banks about how the standards that will underlie payment tokens should be crafted. An oversimplified summary of positions would suggest that merchants want an ISO based standards development process which would allow for a more inclusive participation and more […]

A Primer on Vendor Classification

Published on August 28, 2014 By | Posted in: Guidance, Newsletter, Risk, Risk Management

With the publication of OCC Bulletin 2013-29 as well as numerous recent breaches involving vendors a perfect storm of awareness has arisen not only in the financial services industry but many others as well. The inevitable result will be an emphasis within organizations on better management of the inherent risk realized from utilizing services from […]

New OCC Guidance: Merchant Processing Guidance Highlights Third Party Risks

Published on August 28, 2014 By | Posted in: Guidance, News

OCC issues revised guidance (OCC Bulletin 2014-41) on Merchant Processing as regulators continue to increase focus on third party risk. In their revised guidance the OCC stresses the need for expanded due diligence of third party card processors. The guidance reinforces the OCC’s concept of managing third party service providers throughout the entire vendor lifecycle […]

A New Ice Bucket Challenge for FIs

Published on August 26, 2014 By | Posted in: Compliance, Dodd-Frank, Regulations, Regulatory Compliance

While last week my news feeds on social media showed an avalanche of humorous ice bucket challenges, it sparked a comparison to me of the recent Avalanche of Regulation Infographic published by the American Bankers Association (ABA). The burden of regulatory compliance is dousing the fires of creativity and customer loyalty in banking. How Regulations […]

PCI Security Standards Council Focuses on Third Party Risks

Published on August 12, 2014 By | Posted in: News, Security, Standards

Confirming the need for stringent third party risk assessments, the PCI security standards council issued a guidance this week focusing on the need to thoroughly assess third party service providers who store, process or transmit cardholder data. The PCI Guidance underscores and reinforcing Shared Assessments’ position that because third party service providers are under increasing […]

Evolution of Contract Compliance

Published on August 11, 2014 By | Posted in: Compliance

Part IV of a IV part series As Shared Assessments Program Chair, Linnea Solem stated in part 3 of this four part blog series, Regulators Expectations for Third Party Risk Management, this blog will be focusing on the evolution of contract compliance with third parties given today’s regulatory landscape. Of course, as the old saying […]

Holistic Information Security – People, Process and Technology

Published on August 6, 2014 By | Posted in: Data Breach, Information Security, PHI

The attention to People and Process is lagging far behind In reviewing the recent plethora of data breach stories, I am beginning to see a pattern here. While many companies answer to breaches with more and more technology, it appears that they are ignoring what may be the real root cause…….People and Process. Case in […]

Assurance Processes to Address Fourth Party & Subcontracting Risks

Published on July 29, 2014 By | Posted in: Forth Party Risk, Risk, Subcontractor Risk

Part III of a IV part series In part II of the four part blog series, Regulators Expectations for Third Party Risk Management, I focused on governance and oversight structures for each phase of the third party relationship lifecycle. Today, I am going to take a deeper dive into managing fourth party and subcontracting risks […]

Shared Assessments Logo Iron Mountain
Shared Assessments Logo zywave
Shared Assessments Logo dtcc
Shared Assessments Licensee AON
Shared Assessments Licensee-Brainshark
Shared Assessments Licensee TD Ameritrade
Shared Assessments Licensee ControlCase
Shared Assessments Licensee Bank of the West
Shared Assessments Licensee Identity Theft 911
Shared Assessments Licensee Protiviti
Shared Assessments Licensee ZS logo
Shared Assessments Licensee Pivot Point Security
Shared Assessments Logo cvs
MetricStream logo
Shared Assessments Logo pwc
Shared Assessments Licensee-Copytalk
Shared Assessments Logo radian
Shared Assessments Licensee redtail
Shared Assessments Logo usbank
Shared Assessments Logo tsys
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Program licensee Enode logo
Shared Assessments Logo Deluxe Corp
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Licensee Telerex
Early Warning Logo
Shared Assessments Licensee BWise
Shared Assessments Licensee ctg
Shared Assessments Licensee LTD Financial Services
Shared Assessments Logo yodlee
Shared Assessments Logo sei
Shared Assessments Logo first data
Shared Assessments Licensee Pro Teck
Shared Assessments Logo Lerner Sampson & Rothfuss
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Power Advocate
Shared Assessments Licensee Lockpath
Shared Assessments Licensee RSA
Shared Assessments Logo Deloitte
Ellie Mae Logo
Viewpoint Logo
Agio Logo
Shared Assessments Licensee Caanes
Shared Assessments Logo jpmorgan
Aujas Information Risk Services Logo
Online Business Systems logo
Shared Assessments Licensee White Hat
trusted integration logo
Shared Assessments Program licensee Nice logo
el paso electric logo
Shared Assessments Licensee BSI
Shared Assessments Licensee Rsam