Unanswered

Help Answer the Unanswered Questions
Advise. Network. Collaborate. 

This community provides a space where professionals in the industry can access third party risk management resources, and more importantly, interact with each other through discussion boards. You’re able to network, share stories, ask questions, receive feedback from others to help overcome your own challenges and more. 
  • Profile Picture

    Quantitative Risk Models

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous We use a qualitative risk model to support our Vendor Management Program (VMP) today. There are various benefits to this but we are considering the use of a quantitative model as well to ... More

    2 people like this.
  • Posted in: Risk Assessments

    We are working on beefing up our enterprise level risk management. That includes working on risk assessing ACTIVITIES versus just the vendor/product. Does anybody else assess risk at an activity level with an actual answered assessment? More

  • Profile Picture

    HIPAA Reviews

    This message was posted by a user wishing to remain anonymous Hello all, How is everyone handling HIPAA reviews with third parties who will not share their HIPAA documentation via your TPM Portal? With current state, onsite reviews aren't happening. ... More

  • Profile Picture

    Settlement Service Providers, no contractual relat ...

    This message was posted by a user wishing to remain anonymous Non-bank lenders: Do you track in Venminder or perform due diligence of any kind on settlement service providers that you list (but have no contractual relationship with yourself). Thoug ... More

  • Profile Picture

    vendors and cloud software assessment (AWS)

    This message was posted by a user wishing to remain anonymous As more vendors are hosting software in the cloud, are information security analysts requesting for a connection into the vendor's cloud environment? i.e. a connection would allow verification ... More

    1 person likes this.
  • Good Morning Think Tank Members, Curious if anyone has a good slide show/info piece that they can share for the "sales side" of Vendor Requests? Looking for material that will help explain Vendor Management high-level for the sales side of the house ... More

    2 people like this.
  • We currently utilize RSA Archer as our system of record for our Vendor Management Risk Program. Understanding, there is an API between Venminder's software and Archer, we are looking to enhance our relationship with Venminder and begin using their software. ... More

    1 person likes this.
  • Profile Picture

    Compliance Risk

    This message was posted by a user wishing to remain anonymous How does everyone handle Compliance Risk? Our program is designed to identify and assess general Compliance Risk associated with new and existing Third Party engagements. We want to review ... More

  • Profile Picture

    OCC Bulletin (last week)

    Posted in: Regulations

    ​​The OCC last week issued an updated set of FAQs for the 2013-19 bulletin dealing with TPRM. Even if you are not an OCC regulated institution, they are part of the FFIEC and I have regarded them as the 'thought leaders' among the other agencies on third-party ... More

  • Profile Picture

    Vendor Security Questionnaires

    Posted in: Exams or Audits

    This message was posted by a user wishing to remain anonymous ​At my present company we have had issues with new vendor applications/software coming into our environment and not vetted properly which caused a audit finding to be issued by Internal audit. ... More

  • Profile Picture

    Uae Central Bank regulations for Financial Institu ...

    Posted in: Regulations

    This message was posted by a user wishing to remain anonymous Dear All, could anybody tell me which are regulated activities in a UAE bank as per central bank regulations.If a courier company is onboarded by the bank which does delivery for customer ... More

  • Posted in: Regulations

    ​Hi everyone. I wanted to share this link to a recent speech from Federal Reserve Governor Michelle Bowman, in which she talks about how the Fed can help community banks in managing its third parties more efficiently, and also the need to update FRB guidance ... More

    5 people like this.
  • Profile Picture

    Annual Report - overall condition and performance of ...

    This message was posted by a user wishing to remain anonymous Recent audit is asking us to ensure the annual report to the board sufficiently addresses the scope and detail regarding vendor oversight activities. Including overall condition and performance ... More

  • Hi all, we are hiring a vendor management analyst at Banc of California. Job # 20000033 ​or search "vendor." Apply online at https://bancofcal.taleo.net/careersection/ex/jobsearch.ftl?lang=en More

  • Does anyone use Net Promoter Score as a data point for their supply base? Or do you use an internal measure for customer sentiment (e.g. internal users of product/services?​ More

  • Profile Picture

    CIS Controls questionnaire

    Posted in: Risk Assessments

    This message was posted by a user wishing to remain anonymous I am looking for a questionnaire to use based off of the CIS controls. Does know if such a questionnaire exists? Thanks More

  • Profile Picture

    Risk Assessments

    Posted in: Risk Assessments

    Good Afternoon, My company is in the process of rolling out our TPRM program. The SIG Lite questionnaire is utilized here to send to our vendors. Being an insurance company, we have numerous law firms we have as third-parties, and we also consider our ... More

  • Profile Picture

    Data Feeds to Financial Institutions

    This message was posted by a user wishing to remain anonymous ​​I work for a brokerage service. Our firm offers data feeds of our broker customers to financial institutions (i.e., banks, credit unions). These are common customers between the two organizations. ... More

  • Posted in: Contract Management

    ​​Does anyone have a good template agreement for janitorial services that they can share? More