Latest Discussions

  • Posted in: Risk Assessments

    Hello all, I am also very interested to learn what others are doing related to new mortgage appraisal bias. Thank you! ------------------------------ Kind regards, Cherry Jacobs, CTPRP AVP, Corporate Third-Party Risk Manager | Glacier Bancorp, ...

  • Posted in: Exams or Audits

    Typically, the Regulators will want to know all of the FI's critical or material vendors. These could be vendors that have access to NPI, such as customer information, or employee information. Vendors that represent a portion of an FI's income, or expenditure. ...

  • Profile Picture

    Mortgage Appraisal Bias Risk Assessment

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hello All, I am very new to the role of Third Party Risk Manager and still learning where I can find the best information. We are looking to implement a new mortgage appraisal bias risk ...

  • For other sources, there is Colorado law on consumer protections for AI that passed; as well as recent concerns of Microsoft Re-Cast taking snapshots of everyone's screens on tablets and PCs that are stored locally, but supplemented by a CLEAR TEST database ...

  • The above mentioned third party vendors: D. Third-Party Vendors Insurers retain responsibility for understanding any tools, EDCIS, or AIS used in underwriting and pricing for insurance that were developed or deployed by third-party vendors and ...

  • Hi Mark, Looking at some of the financial firms, has anyone looked at the proposed AI industry letter of January 2024 from NY DFS Superintendent Harris? https://www.dfs.ny.gov/industry_guidance/circular_letters/cl2024_nn_proposed Proposed Insurance ...

  • Profile Picture

    RE: Report of Examination

    Posted in: Exams or Audits

    This message was posted by a user wishing to remain anonymous Good morning, How do you determine which vendors are examined by regulators in the Banking and financial industry? Do mortgage servicer get examined? Health care Insurance companies? ...

  • Have you taken a look at Our commitments to advance safe, secure, and trustworthy AI - Microsoft On the Issues It refers you to the NIST AI Framework that has a RMF Playbook that might help.

  • As a reminder, I have an open item on here asking if anyone has developed an AI policy that they would be willing to share? I know it's early, especially for the financial services industry (I work for a community bank); however, I was hoping that ...

  • Posted in: Risk Assessments

    If you have a well-structured vendor agreement should outline the steps to be taken by both parties in the event of a data breach. This is crucial for ensuring both parties understand their responsibilities and can act swiftly and effectively to mitigate ...

  • Profile Picture

    RE: Assessing Breached Vendors

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous To avoid issues in getting information regarding a breach, your MSA should include a breach notification requirement as well as, post incident report. It will be up to you to define the content ...

  • Posted in: Risk Assessments

    Hi David, Thanks for bringing this up. Here are a few questions that come to mind.. Some are leading questions where we expect more details or even questions from the vendor, especially when it is indirect -- they were okay, and what did they do ...

  • Posted in: Risk Assessments

    We also ask something to the effect of this: Is the scope of this project in the same environment as the cyber incident? We had a vendor a couple of weeks ago that had an incident in May of 2023, but the scope of the engagement with our company was ...

    1 person likes this.
  • Profile Picture

    RE: Assessing Breached Vendors

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Not sure if this is done as part of the relationship but generally forensic analysis is done. I would recommend asking for a copy of the report when it's available. Some will provide the ...

  • Profile Picture

    Offshore Vendors

    This message was posted by a user wishing to remain anonymous Hi, This question relates mainly to mortgage lenders. The Fannie Mae vendor management self-assessment asks if you have "additional controls" in place to manage offshore third parties. ...

  • Posted in: Risk Assessments

    We are in the process of developing a questionnaire for vendors that have been a victim of a cybersecurity attack. After we're informed of the attack on the vendor we want to get a questionnaire to them, and then add that vendor to our risk register. ...

    2 people like this.
  • Hi, As a matter of fact we are! We have had all of our mission critical vendor owners follow-up with their vendors regarding AI. We are asking the same questions you have listed as well as: Is PII involved with AI? Future plans with ...

  • Hello all. Our organization is now implementing the use of AI in our risk questionnaires. Primarily, the source used for the AI tool, whether it is internal or external. For example, an AI chatbot on a helpdesk product uses AI. Does this chatbot pull ...

  • Have you started asking your vendors about their use of AI? If yes, what are the questions you are asking? These are questions we are considering asking: Are you using Artificial Intelligence in any aspect of the products or services you provide for ...

  • Thanks all USAA Classification: Internal