How to Tackle Vendor Risk Hazards: Operationalizing Third-Party Risk Management in Today's Regulated Environment
With many organizations pushing outsourcing to its limits, regulators and standards bodies (e.g., MAS, OCC, BaFin, FCA, FedRAMP, BITS, NERC, NEI, ISO, PCI Security Council, AICPA, and Cloud Security Alliance) are increasingly putting an emphasis on having a strong and effective supplier risk management framework. Systems and process failures by third parties can have catastrophic reputational and operational consequences for an organization. It is crucial not only to have effective procedures for managing vendors and the risk they may expose you to, but also to safeguard your organization from third-party related control failures. As a result, organizations need to continuously monitor and manage vendor risks (operational, reputational, cyber / cloud) downstream in the supply chain. Assessing just your top 25 critical vendors is no longer sufficient.
See Also: 2017 Predictions on Data Security: Insights on Important Trends in Security for the Banking Industry
Register for this webinar and learn:
- What regulators are requiring in vendor governance, what is driving their actions, and what the future holds;
- How a top 10 global bank designed a vendor risk management framework and supporting operations / technology capabilities to support tens of thousands of risk owners and hundreds of thousands of supplier services in an increasingly regulated environment;
- How to implement a highly scalable, end-to-end vendor risk management framework that covers parallel workflows of onboarding of new vendors renewing vendor contracts, as well as and taking real-time business feeds (e.g., payment, reputational ) and business performance into account;
- Best practices around vendor risk management.
Did you ever count the number of vendors your organization uses to run your business operations? Even mid-sized companies easily exceed one hundred third-party vendors, including technology vendors, electricity, hosting, facilities, payment, and collection services providers. As a result, it is not surprising that when it comes to vendor risk assessments, most organizations focus only on a small subset, typically based on contract size. This practice is clearly outdated, considering the fact that cyber criminals are using the supply chain to access data from large, well-protected global organizations they wouldn't otherwise be able to compromise.
With their supply chain being targeted by cyber-attacks and advanced persistent threats, organizations face increased operational, compliance, reputation, strategic, and credit risks when engaging in third-party relationships. These risks are being compounded by the growing volume, diversity, and complexity of these outsourcing arrangements. On top of that, regulators have turned a keen eye to this development, enforcing stricter guidelines on how an organization must manage their third-party suppliers by requiring extending their practice of conducting regular risk assessments to include all of their suppliers, and - if possible - even supplier's suppliers.
The threat of data breaches, public scrutiny, and regulatory fines have put vendor risk management in the spotlight. Without proper oversight, and a framework to systemically capture, assess, and mitigate third-party supplier risks, your organization can be exposed.
Attending this webinar will enable you to:
- Understand what is driving regulation in this area and what you can expect to see in the future;
- Determine which areas you need to improve in order to lower risk factors with current vendors and during the selection process of new vendors;
- Benchmark your vendor risk management programs against those of the industry's leading financial institutions;
- Discover how to leverage best practice and hear the newest trends and strategies in vendor risk management and strategic outsourcing.
Attendees are sure to come away with the latest tools and techniques for improving the management of vendor risk in their organization.
You might also be interested in …