The California State Legislature recently completed a data privacy/data security two-step by passing two new laws with significant third party risk management implications for a broad collection of companies. In late September, California enacted what some are...
Regulations
The Clock is Ticking …It’s Time to Focus on Maturing Vendor Risk Management Programs
Tick Tock. It’s that time of year again. Summer’s heat waves are retreating, school is in session, and budget planning is well underway for 2019 and beyond. Each year organizations typically take focused time during Q3/Q4 to evaluate their strategic plans; monitor the...
The World is Looking to the US for Third Party Risk Guidance
As more organizations here in North America and overseas increasingly utilize third party vendors with a global presence to perform critical functions, process key transactions and provide exposure to sensitive proprietary information, those organizations with mature...
Shared Assessments in 2014: A Good Year with So Much Ahead
It has been an exciting time to participate in the Shared Assessments Program. Looking back at 2014, it has been a good, active year, with the rollout of our Certified Third Party Risk Professional (CTPRP) certification, our kick-off of the annual Vendor Risk...
Whither Bank Regulation: Are We There Yet?
The prevailing law addressing bank security is the Bank Protection Act of 1968. In 1978 the operative regulation implementing the Act was Regulation P.
How to Respond to the Regulation Avalanche
As follow up to my previous blog on how the avalanche of regulation can stifle innovation in banks and credit unions, I wanted to share some ideas to start the discussion on organizational steps that you can take to enhance the risk and compliance culture. Maturing...
A New Ice Bucket Challenge for FIs
While last week my news feeds on social media showed an avalanche of humorous ice bucket challenges, it sparked a comparison to me of the recent Avalanche of Regulation Infographic published by the American Bankers Association (ABA). The burden of regulatory...
OCC Releases Guidance on Third Party Relationships (OCC 2013-29)
Yesterday the OCC released its long awaited Guidance on Third-Party Relationships (OCC 2013-29). Notably, this Guidance, posted below, rescinds OCC Bulletin 2001-47, “Third-Party Relationships: Risk Management Principles,” and OCC Advisory Letter 2000-9, “Third-Party...
CFPB Ups the Ante on Third Party Risk Management
With its broad focus on consumer protection, the Consumer Financial Protection Bureau ("CFPB") is holding companies directly responsible for the actions of their service providers. Responding to consumer complaints about unfair and/or deceptive practices the CFPB has...
Consumer Protection and 3rd Parties
Why should a Third Party Service Provider (TPSP) care about consumer protection regulatory issues? Because your client cares and your client’s examiner and regulator cares. Examiners and regulators are holding financial institutions accountable for the actions of...