FFIEC Authentication Guidance: What Your Vendors Won't Tell You (Unless You Ask)
So, you've met with your key vendors and conducted a gap analysis of areas that need to be addressed prior to January 2012 to conform to the FFIEC Authentication Guidance. But how do you know if a specific vendor is sharing with you a complete picture of preparedness? Some vendors are upfront on their capabilities and limitations. However, many simply lack the expertise to understand the challenges that come with working with financial institutions. It's important to go into vendor relationships fully informed, even with the data they might not want to tell you freely. Join our vendor management expert, who will share these 'dirty little secrets,' including:- Does your vendor outsource the work they're doing for you to a fourth-party service provider - particularly overseas?
- Does the vendor employ fulltime employees only, or does it also hire temporary workers, (contractors) who may be allowed to work remotely?
- Is the potential loss resulting from a data breach greater than the vendor's contractual liability plus the vendor's total net worth?
See Also: From Basic to Brilliant: Transforming Compliance with Advanced Screening Practices
The entire FFIEC Guidance series:
- FDIC on Understanding and Complying with the 2011 Update
- FFIEC Authentication Guidance: How to Prepare for Your Next Exam
- FFIEC Authentication Guidance: Essential Questions You Need to Ask Your Vendors
- FFIEC Authentication Guidance: What Your Vendors Won't Tell You (Unless You Ask)
- Customer Education: Developing a Program That's Effective and Meets Regulators' Expectations
- FFIEC Authentication Guidance: How to Create a Layered Security Strategy
- Vendors' Guide to the FFIEC Authentication Guidance