Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Due Diligence/Risk Mitigation for Video Platforms

    Posted 07-28-2022 10:35 AM
    Our financial institution utilizes Youtube to make videos available to our customers. They explain how to use our mobile app and provide other updates as available. What is the general opinion on the risk behind this activity? I doubt that platforms such as YouTube or Vimeo would provide due diligence information. I wanted to see what others are doing at their institution in regards to due diligence and risk mitigation. Thank you in advance,

    Matthew Mauldin, ARM, CRVPM - Risk Management Specialist

  • 2.  RE: Due Diligence/Risk Mitigation for Video Platforms

    Posted 07-28-2022 12:57 PM

    So long as you aren't broadcasting or storing NPI with these social media outlets, I don't see much need to do much Due Diligence on them.


    The content is intended to be public.

    If Vimeo or YouTube vanished tomorrow, your business would, I suspect continue just fine.


    I suppose, to satisfy questions, run them through a regular Due diligence questionnaire like you would a new vendor and see what rating they come up with.


    The only risk I forsee there, unless you signed on for a high $$ contract with them, is reputational risk.

                    That's not really enough to do more than the initial review, note that you did it, and put it into a pigeonhole at the lowest tier your policy allows [assuming it comes up that way].


    This is, in my mind, similar to risk rating a rate sheet that is available in the bank branch lobby- it has information on it, but it is publicly available, and so has minimal risk.

                    Or, what do you risk rate the local radio station or newspaper or billboard advertisers? These are essentially the same bucket, I believe. Treat YouTube the same way.







    David Howe, CCUFC

    Chief Information Officer