Managing your suite of regulatory compliance programs today requires a game day strategy to keep all the moving parts working together to achieve the end goal of meeting the external regulators expectations. While financial institutions can prepare for examination reviews...
Booz Allen Hamilton released their Top 10 Financial Services Cyber Risk Trends for 2013. They did a great job on identifying trends and provide a bit of insight into what is happening in the field, while providing some advice and...
The need to go beyond calendar based assessments. The frequency of vendor risk assessments is generally driven by the level of risk associated with the type of services provided by the vendor. A good approach for companies to follow is...
Compliance regulations are increasingly dictating the choices that businesses are making regarding revenue generation strategies across all sectors. As a result, strategies that focus on revenue streams are being directly impacted by the cumbersome technicalities of meeting the legal and...
The Department of Homeland Security (DHS) presented its 3rd Annual “Building Resilience through Public-Private Partnerships”,conference on July 30-31, in Washington D.C. Third party risk issues were discussed in depth around three themes: emergency management/preparedness, campus resilience, and cybersecurity. Welcoming remarks...
In 2005, the Shared Assessments program was born to serve the financial services industry and its major service providers. The intent was to achieve economies of scale by sharing the expense and time in conducting on-site assessments. A group representing...
With its broad focus on consumer protection, the Consumer Financial Protection Bureau ("CFPB") is holding companies directly responsible for the actions of their service providers. Responding to consumer complaints about unfair and/or deceptive practices the CFPB has handed out over...
Why should a Third Party Service Provider (TPSP) care about consumer protection regulatory issues? Because your client cares and your client’s examiner and regulator cares. Examiners and regulators are holding financial institutions accountable for the actions of their TPSPs through...
I find it interesting that most people look at security frameworks as an either/or proposition. Should I use SOC2 or ISO-27001 or FedRAMP? I think the better question is how can I use multiple different security frameworks to my advantage?...
Remember this: Edward Snowden Worked for a Third-Party Vendor. While it remains uncertain what exactly Mr. Snowden shared with other nations, we do know this: he wasn’t authorized to disclose classified information. Some may believe he is a hero, others...
Santa Fe Group Consultant and Shared Assessments Program Director, Brad Keller, was recently interviewed by John DiMaria, Product Marketing Manager, BSI Management Systems. Brad, along with members from BITS and the Financial Services Roundtable, share their perspective on the recent...
Shared Assessments member Prevalent Networks, announced the release of their flagship solution, Prevalent Vendor Risk Manager (PVRM), which leverages Shared Assessment content for controls-based assessment, schedule regular vendor risk evaluations, and obtain risk scoring per vendor against a set standard....
