Latest Discussions

Hi there, Data aggregators are those that collect data from a variety of sources and present data in a summarized format for a specific purpose. The process of aggregating financial data involves gathering information from several sources about a consumer's ...

This message was posted by a user wishing to remain anonymous GM ThinkTank I am doing some research re Resellers (vendors who sell other vendors products (e.g., security services, archiving, transaction platforms, collaboration platforms etc..). I ...

This message was posted by a user wishing to remain anonymous Does anyone have an exit plan template they can share? We're developing exit plans for our most critical vendors and want to first draft a template we can use to ensure we have standard components ...

Hi Aaron, This is so helpful, thank you so much! I truly appreciate your help! Have a wonderful day! Audrey

Hi - Not sure if this might be of interest or not, but I got an email a couple days ago about a webinar that is related to Gifts & Entertainment, so thought I'd share the info, just in case it might be helpful. From your description of the situation, ...

For your consideration: The customer and the seller (if applicable) select the title provider. As a lender, we are required to provide a list of available providers in the area, as part of TRID. The disclosure indicates this is not an endorsement of ...

Hello. This category/domain is especially prevalent in Financial Industry regulation. With respect to your Third Party vendors, the start of visibility to Concentration would be via Inherent Risk Assessment. I've seen organizations successfully assess ...

This message was posted by a user wishing to remain anonymous When it comes to title companies, how do you assess, measure, monitor and manage risk? Can title companies be "carved out"? Thanks!

Many organizations establish minimum coverage amounts by product or service type and risk level. In addition to basic liability and professional errors and omissions coverage, your organization may decide that all vendors that access, process, transfer, ...

If your organization employs freelancers, it must consider the risks involved. Certainly, the risks related to a graphic designer are lower than that of a freelance data engineer who may be altering code or accessing your data. Many individual graphic ...

I have been tasked with the assignment of identifying which of our vendors should be considered "Data Aggregators and other Customer-Permissioned Entities" as outlined in the FDIC FIL-55-2021 Guidance Section 9. Does anyone have a clear explanation as ...

Our company is looking at various platforms for our contract management program. We currently have no central repository for our vendor contracts due to lack of a procurement team, and all contracts are handled by department directors. I'm wondering ...

Technically, complying with CCPA doesn't require adding a new policy, instead it requires that your PRIVACY POLICY is updated so that it provides notice to customers of what you will be doing with their data, and how they can contact you to amend or remove ...

This message was posted by a user wishing to remain anonymous The core of your question seems to be a corporate culture issue. If people are accepting gifts that your policy overtly prohibits, the message to your company is "I'm not following this rule ...

Does anyone have a CCPA policy template they're willing to share? Happy if it has redacted company information. Our sister company just acquired an additional bank, thus pushing into the category for CCPA and I would love to provide some examples being ...

This message was posted by a user wishing to remain anonymous We have a similar gift policy, and it even extends to employees giving gifts to other employees (especially supervisors), and our limit is $25. There are several options you could try, though ...

One item that we identified for audit firms, especially those that issue audit opinions, is to request a copy of their Peer Review letter. The AICPA requires all firms that Issue audit/assurance opinions to have a Peer Review conducted. That would give ...

I would suggest that you request the CPAs "Peer Review Report" and the acceptance letter by the AICPA/State Board of Accountancy. The AICPA requires that the reviewing firm review at least one of your service auditors SOC reports.

This message was posted by a user wishing to remain anonymous Our Information Security Officer asked me to do a due diligence on the audit firms that audited our third party vendors SOC report. So, my question is whether we should do a due diligence ...

This message was posted by a user wishing to remain anonymous How do other financial institutions determine what Insurance coverage limits are acceptable for a vendor? Is it by risk rating? By product type?