Reputation risk and corporate ethics are top of mind for Boards of Directors and Executive Management. However, expectations for financial service organization’s “compliance manners” are getting a makeover in responsible business conduct based on a recent bulletin from the Consumer...

Although it seems as if the Payment Card Industry Data Security Standard (PCI DSS) was launched yesterday, the standards organization was in fact created in 2006 to consolidate and better promulgate the major credit card organizations’ then overlapping data security...

The FDIC Advisory Committee on Community Banking meeting in July 2013 included an extensive discussion of the responsibility of banks in ensuring their vendors consistently meet privacy and other information security regulations and requirements. ((Established in May 2009, the Advisory...

Managing your suite of regulatory compliance programs today requires a game day strategy to keep all the moving parts working together to achieve the end goal of meeting the external regulators expectations. While financial institutions can prepare for examination reviews...

Booz Allen Hamilton released their Top 10 Financial Services Cyber Risk Trends for 2013. They did a great job on identifying trends and provide a bit of insight into what is happening in the field, while providing some advice and...

The need to go beyond calendar based assessments. The frequency of vendor risk assessments is generally driven by the level of risk associated with the type of services provided by the vendor. A good approach for companies to follow is...

Compliance regulations are increasingly dictating the choices that businesses are making regarding revenue generation strategies across all sectors. As a result, strategies that focus on revenue streams are being directly impacted by the cumbersome technicalities of meeting the legal and...

The Department of Homeland Security (DHS) presented its 3rd Annual “Building Resilience through Public-Private Partnerships”,conference on July 30-31, in Washington D.C.  Third party risk issues were discussed in depth around three themes:  emergency management/preparedness, campus resilience, and cybersecurity. Welcoming remarks...

In 2005, the Shared Assessments program was born to serve the financial services industry and its major service providers. The intent was to achieve economies of scale by sharing the expense and time in conducting on-site assessments.  A group representing...

With its broad focus on consumer protection, the Consumer Financial Protection Bureau ("CFPB") is holding companies directly responsible for the actions of their service providers. Responding to consumer complaints about unfair and/or deceptive practices the CFPB has handed out over...

Why should a Third Party Service Provider (TPSP) care about consumer protection regulatory issues? Because your client cares and your client’s examiner and regulator cares. Examiners and regulators are holding financial institutions accountable for the actions of their TPSPs through...

I find it interesting that most people look at security frameworks as an either/or proposition. Should I use SOC2 or ISO-27001 or FedRAMP? I think the better question is how can I use multiple different security frameworks to my advantage?...