Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.
  • What is third-party due diligence? To begin with, it’s an essential element of managing third-party risk . Well-executed third-party due diligence can help your organization be confident they're entering (or maintaining) a relationship with a legitimate company with a good reputation.
  • The third-party risk management (TPRM) process involves the design, development, implementation, and maintenance of a comprehensive framework. This framework often has complex and interdependent processes, with multiple stakeholders . Small TPRM teams and large vendor inventories only add to the complexity and work effort.
  • Stay up-to-date on the latest vendor management news happening this month. Check out the articles below to stay in the know.
  • Monitoring your vendor’s financial performance is more important than ever. Things like soaring inflation and banking failures are shining a spotlight on economic instability, which can impact your vendor’s financials and ultimately bring more risk to your organization. If you discover that your vendor’s financial health is declining , you may be facing some unintended consequences.
  • Sometimes, third-party risk management (TPRM) professionals can forget that implementing vendor controls is often a two-way process. Vendor controls will have certain objectives that are only achievable through something called complementary user entity controls (CUECs). A good way to think of CUECs is by comparing them to the safety features of a car. Seatbelts are designed and manufactured by the car maker with the objective of protecting drivers and passengers. However, this objective can only be met if the seatbelt is being used correctly. The CUEC in this scenario would be the proper use of the seatbelt.
  • You're probably at least somewhat familiar with the activities in third-party risk management. Whether you're collecting due diligence from your vendors or monitoring their performance, there's a lot to do to protect your organization from third-party risk on an ongoing basis.
  • Cloud service providers have been around for some time, and many organizations are becoming more reliant on these types of vendors. While cloud technology isn't new, it can be challenging to assess cloud service providers if you don't understand the basics. To help you evaluate cloud providers, let's examine a few key considerations.
  • As a credit union employee, you may wonder if OCC and FDIC guidance regarding third-party risk management is relevant to your organization. After all, the National Credit Union Administration (NCUA) already offers third-party risk management (TPRM) guidance such as Letter 07-CU-13 . Is it necessary to stay informed of other regulations that may not apply directly to your specific type of financial institution? The short answer is yes!
  • Throughout the years, U.S.-based agencies have typically led the way when it comes to third-party risk management (TPRM) regulations. As of May 1, 2023, Canadian Federally Regulated Financial Institutions (FRFIs) are now expected to comply with the TPRM guidelines published by the Office of the Superintendent of Financial Institutions (OSFI). The aptly-titled Third-Party Risk Management Guideline is well-organized and follows many of the same principles that have been previously established by U.S. agencies such as the FDIC and OCC.
  • Shopping around for the perfect vendor management software can be quite an ordeal. There’s a lot to consider with all the different features, configurability, and pricing that will meet your organization’s needs. Plus, you can’t forget about the expertise and training that will really optimize your vendor management program. A software provider that has subject matter experts on staff will be vital as they assist with your daily questions and due diligence analyses.
  • There are a lot of steps that go into the initial due diligence process and ongoing monitoring of a vendor. One of the first things you’ll do is to request the vendor’s SOC reports, which may include both SOC 1 and SOC 2. Not only do you need these SOC reports from your vendors, but also from your critical subservice organizations , known as your fourth parties. After you receive these reports, it helps to understand some red flags that may indicate potential issues with your vendors.
  • On May 1, First Republic Bank became the latest regional bank to fail, following Silicon Valley Bank and Signature Bank, which collapsed less than two months ago.
  • In the world of third-party risk management, vendor data breaches continue to dominate headlines. Healthcare and the financial services industries are frequent targets because of the abundance of sensitive data they handle. However, any organization that uses vendors can be impacted by a data breach and expose consumer data.
  • Colleges and universities are experiencing a perfect storm of financial issues: less student revenue due to the pandemic, fewer donations due to the economy, funding cuts from state and federal sources, and the lingering threat of inflation and recession. As a result, higher ed administrators are facing unprecedented budget shortfalls and operational challenges. To stay afloat, higher ed institutions are increasingly outsourcing operational functions.