Regulations

 View Only

Welcome to the Regulations Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to stay abreast third-party risk industry guidance, updates, ask questions, discuss pending regulatory changes, or seek advice. Note: You will need to Sign In to join in the discussions and access resources. 

About Industry Regulations: It’s always a good idea to keep any eye on the most recent and stringent regulatory guidance to stay compliant and ensure you're doing everything you should in third-party risk management. Regulatory guidance and best practices evolve regularly. Therefore, not only should you be reviewing your own prudential regulator’s guidance, but you should also review other regulatory guidance. This will help ensure you meet industry standards and best practices in third-party risk management.

Latest Discussion Posts

  • Great question! Implementing Executive Order 14117 in Third-Party Risk Management Programs Executive Order 14117 introduces specific national security risks related to data-sharing with foreign adversaries that extend beyond the basic sensitive ... More

  • Hello! There is a new rule finalized earlier this month, attaching the link below. Do you see this rule impacting your TPRM program? If so, how do you plan to address it in the risk review process? https://therecord.media/biden-admin-finalizes-rule-to-block-sale-of-bulk-data-to-adversaries ... More

  • I just want to add the guidance doesn't state there is no expectation to perform due diligence on third parties subcontractors. You should evaluate the risk to your organization, and apply mitigation as appropriate. For Gene's organization that mitigation ... More

  • In the scenario you describe, I agree. If your platform or solution is required to integrate with another, you should be completing a level of due diligence on them. For example, I would expect security checks, pen tests etc. There should still be a ... More

  • The new Interagency Guidance (FDIC, OCC, Fed) issued in June 23 clarifies that they do not expect us to perform due diligence around our third-party's subcontractors, but expect us to have a very good understanding of what oversight is performed by the ... More

Polls