Latest Discussions

It sounds like you are off to a great start here. However, as I am not a licensed insurance provider, I would suggest, if possible, consulting with the firm that provides insurance to your organization to get a professional opinion regarding which types ...

Apologies in advance for the very long answer but to answer these questions, it is important to understand the purpose of a Certificate of Insurance (COI) and differentiate between a Policyholder, a Certificate holder, and an Additional Insured. · ...

Hello, We also obtain COIs from all of our vendors, regardless of criticality levels. It's important they have the correct insurance for whatever may happen, even down to the custodians or folks that take care of the plants in the office. ...

This message was posted by a user wishing to remain anonymous It's a standard third party program requirement for Moderate and higher third parties in our Program. Additionally, for low risk vendors who do work on site, the facilities manager verifies ...

This message was posted by a user wishing to remain anonymous Our organization focuses on collection and review of COI's for our highest risk third parties, with some consideration currently about including medium risk as well. There should be consideration ...

This message was posted by a user wishing to remain anonymous Hello everyone, Looking for some insight regarding what your organization's requirements in terms of requesting Certificate of Insurance (COI) from your vendor. Currently, we request ...

This message was posted by a user wishing to remain anonymous We are looking at redoing our criteria for when and how we do 3rd party risk assessments from an Information Security perspective. The standard items such as those with sensitive data will ...

On top of your normal due diligence practices performed on critical vendors, those supplying devices such as ATMs introduce additional risks. Not only are you concerned about the overall practices of the organization, but you also have to assess the design ...

Jonathan, thank you so much for that. Its extremely helpful! ------------------------------ Shelly Chase VP Operational Risk ------------------------------

Our external ACH Audit firm recently asked about due diligence on Fedwire. I almost want to lump them into the Utilities providers since you really do not have a choice if you want to send wires. You could use a Correspondent, but then the Fed is the ...

Gene, You bring up such a good point. Because the FedNow service is an elective specific service (cash settlement) then yes it should be treated as a third party. That means full due diligence and all. In my quick research, I couldn't find any substantial ...

This message was posted by a user wishing to remain anonymous Hi All, I am working on creating a questionnaire for vendors & business owners that will determine the kind of insurance that will be required based on the vendor type. This would be added ...

Hilary, I would like to put a bit of a spin on your answer to see if you think it is the same. The Fed now offers FedNow, a real time cash settlement service between participating financial institutions. This is elective and not required. I ...

This message was posted by a user wishing to remain anonymous Our credit union is about the same size as your bank, and I am the Vendor Management department, within the Legal department. We have a Risk Rating Questionnaire that is required to be ...

Hi there, For quite some time, excluding government agencies from your TPRM scope has generally been acceptable. Now that the new Interagency Guidance on Third-Party Relationships: Risk Management has been issued, it's reasonable to question whether ...

This message was posted by a user wishing to remain anonymous Hi, When collecting and reviewing Insurance certificates: How important is your institution being named as Additional Insured or Certificate Holder? Do you evaluate the contract in ...

This message was posted by a user wishing to remain anonymous Hello, Community Bank $2B. TPRM is central (just me). The relationship owners are responsible for completing the inherent risk assessment, facilitate due diligence document collection, ...

Like Melissa, I am also from a credit union (1.5B) and am a department of one. I created a New Vendor Form, which the Vendor Owner (Business Unit) completes, so I can get the vendor owner properly loaded in our system. I then work with the vendor, by ...

This message was posted by a user wishing to remain anonymous $18Bil Community bank Hybrid program with Line 1 responsible for preforming and recording: inherent risk, ongoing due diligence, and performance assessments. Third party risk is Line 2 ...

This message was posted by a user wishing to remain anonymous Good Morning fellow TPRM practitioner! Yes, our first line is engaged and participates in the due diligence process. They are not responsible to conduct it, but they have to produce evidence ...