Latest Discussions

This message was posted by a user wishing to remain anonymous What insurance are you all asking of your marketing firms that are posting on social media for your FI?

This message was posted by a user wishing to remain anonymous We are currently FDIC regulated but going through the process to become OCC Chartered.

This message was posted by a user wishing to remain anonymous May I please ask who your regulator is?

This message was posted by a user wishing to remain anonymous Both Title companies and Appraisers are excluded from Third Party Risk inventory. This is how we document our reasoning in policy. • Title Companies. The customer and the seller (if ...

This message was posted by a user wishing to remain anonymous Title Company & Appraisers are included in our VM program. 1) We do complete an initial due diligence review and onboarding and they are also part of our ongoing due diligence review. ...

This message was posted by a user wishing to remain anonymous Hi everyone 😊 We're evaluating whether Title Companies and Appraisers should be included in our vendor management program, and I'd appreciate hearing how other banks are ...

Good Morning I am seeking information from other financial institutions regarding the provision of performance feedback to title companies involved in loan origination. Our internal efforts include a Lean Six Sigma Green Belt in Title Defect ...

This message was posted by a user wishing to remain anonymous We're currently working to refine our Exempt / Out ‑ of ‑ Scope vendor definition and governance framework and want to ensure clarity and consistency. I'm specifically looking for credit ...

@Alesha Briley - wonderful use of the 3LOD and its breakdown. Agree with conclusion (practical approaches). While 3LOD is "replaced" with continuous risk management, it was the universal awareness of everyone's role related to risk, accuracy, completeness, ...

Hi Dora! I have worked at two small banks and one mid-to-large non-depository mortgage lender in compliance and fair lending, so I am using those institution experiences for my answer. 3 Lines Structure At each institution: Second ...

That usually comes to a Third Party Risk Assessment in place. Regularly impose a TPRA to your third parties should help here.

Hi, This should be addressed using a risk-based approach. The initial request for a SOC 2 report is typically driven by the inherent risk posed by the vendor, based on scoping factors such as data access, system access, regulatory impact, and the criticality ...

Hi! If you're looking for another resource, Ncontracts has a checklist for Managing Your Vendors' AI Risk . It includes areas to ask about on vendor questionnaires and other useful info.

This message was posted by a user wishing to remain anonymous We think of "critical" in terms of impact - what would happen to our operations if something happened with this vendor? An example: If the electricity went out, that would have a huge impact ...

This message was posted by a user wishing to remain anonymous Thank you for your input, Jennifer!

This message was posted by a user wishing to remain anonymous We added an AI section to our existing questionnaire. These are the questions we are asking: 4. Artificial intelligence (AI) 4.1 Does the product(s)/service(s) your ...

I am looking to benchmark how other institutions structure their fair and responsible banking fair lending review function within three lines of defense model. Do you house Fair Lending within the second line of defense, and if so, how independent ...

This message was posted by a user wishing to remain anonymous Hi everyone! We are starting to onboard new vendors who offer AI capabilities. With that said, I need to create an AI Questionnaire for these vendors to answer. I know Venminder has their ...

This message was posted by a user wishing to remain anonymous We request COIs as part of the onboarding due diligence process and the ongoing DD process. One of the Risk SMEs reviews these to ensure coverage is adequate.

We use first a materiality assessment of 7 questions that include- Will this vendor access borrower or employee confidential data? Will this vendor have major impact on our ability to operate our business? Are there significant internal resources needed ...