Unanswered Questions

  • Profile Picture

    Labeling or categorizing remediation plans?

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Hello Community! Have any other firms explored categorizing or assigning labels/groupings to types of remediation plans? Today we leverage (Control, Policy, and Management Action) and are ... More

  • Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous I have posted before and have received valuable data and insights and hoping someone can assist re this challenge. Does anyone have contract, industry type, provisions that you can share ... More

  • Posted in: Exams or Audits

    To my community bankers, how is your organization handling the above requirement internally? We are still having some healthy debates internally on which category of vendors fall into this requirement. The requirement states, " significant computer-security ... More

  • Profile Picture

    Questions for Residual risk assessments

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous Good morning. We are revamping our vendor management program. I'm looking for some questions that others ask when doing a residual risk assessment filled out by the owner of the vendor or ... More

    1 person likes this.
  • Hi everyone, Hope all well! I remember there was a discussion happened sometime bk for creating a group of Third party risk management professionals from Non Banking sector.If the group is made please can someone add me in it.Thanks! Regards, Paya ... More

  • Profile Picture

    Request For Proposal Template

    This message was posted by a user wishing to remain anonymous Do any of you have a generic template for requesting RFP's? More

  • Posted in: Regulations

    Hi All I would like to understand how the below policy can be implemented for Third parties, what is the current practise. https://www.legislation.gov.uk/ukdsi/2015/9780111138847#:~:text=Section%2054%20of%20the%20Modern,by%20the%20Secretary%20of%20State ... More

  • Hi All, As you are aware, many vendors have portals that we log in to for the various services they provide. Some have Private Individual Informaton of our members/customers, some do not. Some have Multi Factor Authentication to access them and some ... More

  • Profile Picture

    Reg E: Requiring Autopay on Debt Settlements

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous I wanted to gather some thoughts from this community regarding Regulation E and recurring autopay. Abundantly aware a bank cannot require borrowers to set up recurring autopay on a loan. ... More

  • Profile Picture

    RPF

    Posted in: Contract Management

    Good Evening! Does anyone have any examples of RPFs you have in place and use? Thanks! More

  • Profile Picture

    New Low Risk Vendor Sample Questionnaire

    This message was posted by a user wishing to remain anonymous I am wondering if any one has a sample of a good questionnaire to create for when we are onboarding a new Low Risk vendor in venminder? Any information that you can shared will be greatly ... More

    3 people like this.
  • This message was posted by a user wishing to remain anonymous We have a customer that contracted with a third party to obtain security risk assessments from all the customer's technology vendors. We are one of their technology vendors so we just received ... More

    1 person likes this.
  • Profile Picture

    Wire confirmation/call back systems

    Posted in: Contract Management

    This message was posted by a user wishing to remain anonymous I work in a consulting type role and support various Private Equity firms with best practices around vendor management (and other operational topics). One of these firms has about 8,000 vendors ... More

  • It seems that the majority of people that are active on this forum work at banks. Working at a FinTech company that supports banks by providing a Mobile Banking Platform, our regulations and requirements (and possibly best practices) are different. ... More

  • Good morning. A public comment period is open for proposed SEC rules to enhance cybersecurity programs. It appears SEC follows path of NY DFS risk-based Cybersecurity requirements, but this time for investment firms, advisors and business development ... More

  • This question was also posted in 2020 but I am hoping for some additional input We are trying to determine the best way to find negative news stories, pending lawsuits, etc. on our Critical/High vendors. I would love to hear: (1) what you are using ... More

    1 person likes this.
  • This subset of third party relationships came to my attention and I'm still preforming discovery on the details. If your institution is involved in this sort of activity with SBA deals, I'd be interested in your approach regarding SBA-CDCs. Inventoried ... More

  • Profile Picture

    Credit Union Sponsoring Organizations

    This message was posted by a user wishing to remain anonymous ​​Hello, The following questions are directed to people working for the Credit Unions. Do you perform any due diligence on Sponsoring Organizations. If you do, what information you ask ... More

  • Posted in: Regulations

    Enforcement alert! The OCC has just fined Wells Fargo $250M because of its failure to comply with a 2018 consent order. You may recall that the 2018 order cited deficiencies in Wells Fargo's risk management program. As part of the 2018 order, the OCC ... More

  • Profile Picture

    Using a GRC Tool for TPRM

    This message was posted by a user wishing to remain anonymous Does anyone in this community utilize LogicGate as their GRC tool and operate their TPRM program using that system? We are in the early stages of trying to stand up our program and I've run ... More