Third Party Thursday - September 5, 2024
As the fall weather is impending, grab your favorite pumpkin or cinnamon flavored beverage and get cozy! Read through recent vendor risk management news, resources, community conversations, and upcoming webinars below.
The FFIEC issued a new booklet to set expectations regarding acquisition planning and execution, governance and risk management, and maintenance and change management practices. The regulator also announced its Cybersecurity Assessment Tool will be sunset in August 2025. There are best practices to follow to comply with Canadian privacy laws, such as auditing vendors to verify compliance.
A vendor providing services to radiology practices was breached, recently notifying 411,037 people. Ransomware-as-a-Service continues to be a threat. Learn the benefits of AI in third-party risk management and keep these important considerations in mind prior to signing an AI vendor contract. Read on to learn more about what is happening this week in third-party risk management.
Infographic: Benefits and Best Practices of Mid-Term Vendor Contract Reviews
Blog: When to Request a Vendor SOC 1 vs SOC 2 Report
Press Release: Ncontracts acquires Venminder via Hg buyout
Infographic: Understanding a Vendor Risk Appetite Statement
Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit www.thirdpartythinktank.com to register and sign in.
Bank Secrecy Act (BSA) Model Validation: "My midsize community bank is considering switching BSA/AML transaction monitoring vendors. The vendor hasn't had an independent review of their internal system. I suggested we move ahead with the vendor and get our own validation within 6 months. Is it okay to proceed this way or is the validation really something we should get prior to making the switch?" Help Answer
Contract Exceptions: "What method is used to formally track exceptions from a third-party agreement? We have a playbook on hand to use, but for third-party agreements, if there is a refusal on a certain clause, how does it get tracked?" Help Answer
Exit Plans: "Do you maintain formal exit plans for all your vendors? We've included the requirement in our procedures and are now starting the task of actually completing the plans. If you do have documented exit plans, do you have a template?" Help Answer
The Difference Between Inherent and Residual Vendor Risk
Vendor risks are always present, and you can never completely eliminate them, but it's possible to reduce the likelihood, occurrence, severity, and impact of those risks through solid risk management practices and controls. In this session, we'll discuss what inherent and residual risks are, how to determine them, and more.
September 17, 2024 | Basic | 11am ET | Register Now
How to Classify Who Is a Critical Vendor
It's essential to have clear criteria to identify who your critical vendors are, as it's not only a best practice, but a regulatory requirement. In this session on vendor criticality, you'll learn the basics of how to identify your critical vendors and some tips on how to manage them effectively.
September 24, 2024 | Basic | 2pm ET | Register Now
Staffing Your Third-Party Risk Management Program
Third-party risk programs often struggle with understaffing, hindering their ability to function optimally. In this session, we'll discuss the factors your organization must consider to appropriately staff your TPRM function, as well as cover topics such as program scope, employee skills and experience, and more.
October 15, 2024 | Intermediate | 2pm ET | Register Now
Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.