Vendor Management For Financial Institutions: Addressing Outsourcing Risks
Vendor Management For Financial Institutions: Addressing Outsourcing Risks
Vendor Management is one a regulatory hot-button - a key focus of examinations. Register for this webinar to learn:
Legal requirements for ensuring sound vendor security practices
The risks involved with outsourcing
How to mitigate those risks
How to ensure the vendor complies with regulatory responsibilities
How to demonstrate to regulators that you are in compliance when someone else possesses your data

Background

Both the FDIC and NCUA have identified Vendor Management as a key factor in upcoming examinations, turning up the heat on financial institutions to understand how critical data is secured when in the hands of third-party service providers.

This webinar presents the key points of what financial institutions should know about the risks involved with entrusting business processing, operations and data handling to third parties.

Outsourcing is becoming commonplace, particularly with many top financial, health care, tax reporting, and credit reporting companies. When you entrust vendors with your institution's confidential data, you are placing all control of security measures for your organization's data completely into their hands. That trust cannot be blind. Many recent security incidents have resulted from inadequate security practices within outsourced organizations handling another company's customer or employee data.

Many banks and other financial institutions provide products and services though arrangements with third party vendors. When appropriately managed, these third-party arrangements can assist institutions in attaining strategic objectives. Understanding the importance of managing the potential risks that can exist with these arrangements is important. Does your financial institution's examiner have vendor management program oversight on their list of issues to ask you about during your next examination?

Before a prospective service provider is identified, it is essential the institution's management have a clear understanding of the requirements and expectations they are seeking to meet. FFIEC's Guidance, "Risk Management of Outsourced Technology Services," shows how a comprehensive risk assessment should consider how the outsourcing arrangement will support the institution's objectives and strategic plans and how the relationship with the service provider will be managed. The next step in the process involves conducting due diligence to evaluate a service provider to determine its ability, both operationally and financially, to meet your institution's needs.

Leading this webinar will be Rebecca Herold, an information, security, privacy and compliance analyst, and author. Herold will explain to attendees when you outsource critical data processing, operations and management activities, you must take action to stay in charge of your own business data security and minimize your business risks. You must hold your vendors to strict security standards. In many instances, the standards applied to vendors will be more stringent than your institution's internal security requirements.

Following the presentation attendees of this session will have an opportunity to hear questions asked of the presenter as well as listen to vendor management compliance concerns from financial services organizations throughout the country.



Around the Network