Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 

Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • What New York’s Cybersecurity Regulation Means for Your FI in 2026

    2 days ago
    When New York State’s cybersecurity regulation (23 NYCRR Part 500 ) took effect in 2017, it changed how financial institutions (FIs) talked about cybersecurity. Multi-factor authentication wasn’t standard. Asking vendors detailed questions about encryption, incident response, or subcontractors felt excessive — sometimes even uncomfortable.

  • The SEC’s Regulation S-P Vendor and Incident Response Requirements

    2 days ago
    New amended SEC Regulation S-P requirements for broker-dealers, investment companies, and advisers are already in effect for larger firms (December 3, 2025) and will extend to smaller firms in 2026 (June 3, 2026). While broker-dealers, investment companies, and registered investment advisers (RIAs) have always been responsible for protecting consumers' private information, Reg S-P extends that responsibility to third-party service providers, requiring financial firms to increase oversight of vendors with access to protected information. Covered firms must establish an incident response plan addressing unauthorized access or use of customer information. If a breach occurs, firms must notify affected customers within 30 days of discovering the incident. This notification requirement applies regardless of whether the unauthorized access originates from the financial firm itself or from any of its third-party vendors handling sensitive customer information. If your firm is falling behind on compliance requirements or is unsure where to start, now is the time to take steps to protect your clients' information by strengthening your third-party risk management program and ensuring your vendors implement proper controls and report data misuse. After all, your vendors’ risk is your firm’s risk, too.

  • January 2026 Vendor Management News

    2 days ago
    Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.

  • Mortgage Sellers and Servicers: Will You Be Ready to Comply with Freddie Mac’s AI Requirements by March 3?

    8 days ago
    If you’re selling or servicing loans to Freddie Mac and artificial intelligence (AI) or machine learning (ML) shows up anywhere in your process — underwriting automation, document intelligence, chatbots, fraud detection, income calculation, payment processing, borrower outreach — you have a deadline: March 3, 2026. Freddie Mac updated its Seller/Servicer Guide in March 2025, adding a new section addressing the governance of AI and machine learning. That change was formally announced later in Bulletins 2025-16 and 2025-17 , issued in December 2025, which established March 3, 2026 as the effective date for compliance. This isn’t guidance, and it isn’t optional. It’s a requirement — and it changes how mortgage sellers and servicers are expected to oversee AI-enabled vendors and tools across the entire loan lifecycle, from origination to servicing.

  • Top 5 Takeaways from the SEC’s 2026 Exam Priorities

    9 days ago
    The SEC’s 2026 Examination Priorities are here. Legacy obligations, including fiduciary standards of conduct, still matter. But 2025 surfaced new requirements and opportunities that demand attention. From vendor management to cybersecurity preparedness to AI governance, examiners are zeroing in on how wealth management firms and registered investment advisers (RIAs) implement and document their compliance programs — not just whether policies exist on paper.

  • What is AI Auditing and Why Does It Matter?

    11 days ago
    Artificial Intelligence (AI) is no longer just a sci-fi buzzword — it's here, real, and transforming how businesses operate.

  • How to Run a Successful BCP Tabletop Test: Exercises and Top Tips

    one month ago
    Knowing when and how to run a business continuity plan (BCP) tabletop test isn’t just about checking a box — it’s what ensures your team is ready when a real crisis hits. In my 30+ years in business continuity, I’ve seen the impact of successful tabletop testing. In one session, a client realized their “mobile branch” backup plan was just an empty trailer with no equipment or connectivity. In another example, IT discovered it was short 75 VPN licenses — months before COVID forced everyone to work from home. These weren’t minor details; they were gaps that could have left these financial institutions (FIs) unable to operate during a real crisis. Tabletop testing forces your organization to answer tough questions, uncovering blind spots you’d otherwise never see, so you can fix them before they become real problems. But how exactly does a tabletop test work? What are the essential elements? Let’s dive in.

  • December 2025 Vendor Management News

    one month ago
    Stay up to date on the latest vendor risk management news happening this month. Check out the articles below.

  • What is Data Poisoning? AI Impact, Examples and Best Defenses

    one month ago
    Data poisoning is a cyberattack where attackers manipulate or corrupt training — often involving artificial intelligence (AI) systems — to undermine model performance and security. Recent research shows that poisoning as little as 7-8% of training data can cause significant failures. As AI becomes integral to daily operations, data poisoning is emerging as a critical risk. For financial institutions that rely on AI for credit decisions, fraud detection, and compliance monitoring, even small manipulations can distort outcomes, expose sensitive data, and spark regulatory or reputational fallout. To stay ahead of evolving threats, organizations must strengthen defenses, safeguard data, and continuously refine their cybersecurity practices.