Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Stay up-to-date on the latest vendor management news. Discover information to help improve or keep your third-party risk management program fresh. Below we've listed some notable articles to check out.
  • Vendor management reporting to the board and/or senior management isn’t only a best practice used to inform and drive action, but it’s also a regulatory requirement. Guidance such as OCC Bulletin 2013-29 and FDIC FIL-44-2008 outline these reporting responsibilities.
  • Six months after the Biden Administration released the May 2021 cybersecurity Executive Order, the Cybersecurity & Infrastructure Security Agency (CISA) officially launched their Cybersecurity Incident & Vulnerability Response Playbooks . The playbooks are to be used by federal civilian agencies as well as contractors or other organizations that work on behalf of these agencies. Though the private sector is not in scope of these procedures and guidelines, organizations will greatly benefit from staying informed of cybersecurity standards, which may be used as a benchmark for your own environment as well as your third-party vendors.
  • Just when you thought you had a handle on your vendor management program, auditors and examiners have started inquiring about something else in recent years - your fourth-party vendors.
  • Vendor risk management can feel overwhelming when considering the number of interrelated requirements, processes and tasks that go into onboarding and managing a single vendor. Take those efforts and multiply them by the number of vendors in your organization, and the ability to accomplish even a minimum standard of effective vendor risk management can be challenging even for the most seasoned vendor risk managers.
  • Outsourcing to a vendor typically creates tangible benefits for an organization and should also create benefits for the vendor. The best business relationships are those that provide gains for both parties. Unfortunately, some organizations maintain that they should have the upper hand over their vendors at all times.
  • Performing due diligence on your third parties is an essential part of managing third-party risk. Your organization must be confident that they’re entering a relationship with a legitimate company with a good reputation. Moreover, when the risks are escalated, you must be sure that your third party has the necessary controls to mitigate the inherent risks of providing the product or service. Failure to validate both the company and the controls can lead to all sorts of problems, including financial loss, regulatory fines, harm to your reputation and brand and negative impacts on your operations or your customers.
  • Vendor risk is a broad term covering several distinct types of risks to your organization and its customers due to your outsourced vendor relationships and the products or services provided. Understanding the nature of these risks and identifying them is an essential component of effective vendor risk management.
  • As the end of the year approaches, reflecting on 2021 as we prepare for 2022 seems fitting. From a vendor management perspective, 2021 has been both a continuation and expansion of the risks and the challenges that radically changed "business-as-usual" worldwide in 2020. Nearly two years later, we’re still amid the challenges of a global pandemic and it’s become increasingly clear that the “new normal” of 2021 had its share of unique lessons to teach us.
  • Stay up-to-date on the latest vendor management news. Discover information to help improve or keep your third-party risk management program fresh. Below we've listed some notable articles to check out.
  • As a new year draws closer, it’s time to start making resolutions for your third-party risk management (TPRM) program. With 2022 around the corner, it’s a great time to review your program for any needed improvements and consider how to achieve and maintain your TPRM goals.
  • It’s common to be confused on the difference between a vendor contract and a service level agreement. In general, both documents are established to ensure that certain things occur during a vendor relationship. However, each document serves a more specific purpose. Read on to learn more about how to differentiate between vendor contracts and service level agreements.
  • Every organization has vendors. Some require only a handful, and others need hundreds or thousands to operate. The way these vendors are managed varies greatly and vendor risk management programs tend to evolve over time. No matter the organization's size or vendor risk management maturity, automation makes a huge difference in saving time and money and improves consistency for repetitive tasks.
  • At first glance, the term “vendor management program” may seem a bit vague and complicated. In a broad sense, this term refers to the set of tools, processes, workflows, rules and guidelines to ensure that vendor relationships provide the intended benefits to the organization without bringing excessive risk or causing harm. Throughout the vendor relationship, there are important activities, including identifying suitable vendors, pricing and contract negotiations and relationship management. When an organization outsources a product or service to a third party or fourth party, controlling costs, maintaining quality and managing risk are essential considerations.
  • Vendor management is a complex set of processes that requires the involvement of many people within an organization, including its board of directors and senior management. Not only is it a sound business practice, but it’s also a regulatory requirement. The OCC’s Bulletin 29-2013 is just one of the guidelines that emphasizes the need for senior management and board involvement within vendor management. However, it should be noted that this guidance could be replaced with the Proposed Interagency Guidance on Third-Party Relationships: Risk Management , which was jointly proposed by the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).