The California State Legislature recently completed a data privacy/data security two-step by passing two new laws with significant third party risk management implications for a broad collection of companies. In late September, California enacted what some are...
Tick Tock. It’s that time of year again. Summer’s heat waves are retreating, school is in session, and budget planning is well underway for 2019 and beyond. Each year organizations typically take focused time during Q3/Q4 to evaluate their strategic plans; monitor the...
As more organizations here in North America and overseas increasingly utilize third party vendors with a global presence to perform critical functions, process key transactions and provide exposure to sensitive proprietary information, those organizations with mature...
It has been an exciting time to participate in the Shared Assessments Program. Looking back at 2014, it has been a good, active year, with the rollout of our Certified Third Party Risk Professional (CTPRP) certification, our kick-off of the annual Vendor Risk...
The prevailing law addressing bank security is the Bank Protection Act of 1968. In 1978 the operative regulation implementing the Act was Regulation P.
As follow up to my previous blog on how the avalanche of regulation can stifle innovation in banks and credit unions, I wanted to share some ideas to start the discussion on organizational steps that you can take to enhance the risk and compliance culture. Maturing...
While last week my news feeds on social media showed an avalanche of humorous ice bucket challenges, it sparked a comparison to me of the recent Avalanche of Regulation Infographic published by the American Bankers Association (ABA). The burden of regulatory...
Yesterday the OCC released its long awaited Guidance on Third-Party Relationships (OCC 2013-29). Notably, this Guidance, posted below, rescinds OCC Bulletin 2001-47, “Third-Party Relationships: Risk Management Principles,” and OCC Advisory Letter 2000-9, “Third-Party...
With its broad focus on consumer protection, the Consumer Financial Protection Bureau ("CFPB") is holding companies directly responsible for the actions of their service providers. Responding to consumer complaints about unfair and/or deceptive practices the CFPB has...
Why should a Third Party Service Provider (TPSP) care about consumer protection regulatory issues? Because your client cares and your client’s examiner and regulator cares. Examiners and regulators are holding financial institutions accountable for the actions of...