FINANCIAL SERVICES FLASH REPORT

Save this PDF as:

Size: px
Start display at page:

Download "FINANCIAL SERVICES FLASH REPORT"

Transcription

1 FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin ( the Bulletin ) titled Third-Party Relationships. The Bulletin, which rescinds guidance previously issued in 2000 and 2001, 1 updates the OCC s published expectations regarding how national banks and federal thrifts are expected to identify, mitigate and monitor the risks associated with vendors and other third parties with which the institutions do business. This Flash Report: Discusses OCC in the context of recent economic and regulatory issues the financial services industry has faced. Highlights some of the key requirements of the Bulletin, with emphasis on those provisions that go above and beyond previous guidance. Shares our insights regarding the unique challenges these new guidelines will create for financial institutions, and offers practical ideas to help address those challenges. Background Myriad regulatory standards and expectations related to third-party management have been in place for years. Financial institutions have long had programs to manage risks associated with third-party relationships, focusing on areas such as privacy/information security, protection of the bank s intellectual property, and the third party s business continuity/disaster recovery practices, among others. Financial services organizations traditionally place more emphasis on due diligence when a new third party is engaged and rely on protections set forth in their third-party contracts. Typically, there is less active oversight throughout the life of the third-party relationship, and any ongoing third-party risk management activities are undertaken in silos, rather than on a consolidated, enterprisewide basis. However, events tied to the global financial crisis are changing this paradigm significantly. For example, as foreclosure volumes spiked during the onset of the crisis in 2007, many institutions found that thirdparty foreclosure attorneys, property preservation firms and other service providers had improperly handled cases assigned to them. This led to multiple regulatory enforcement actions and settlements requiring mortgage servicers to improve their risk management efforts, including third-party oversight practices. Also, the Consumer Financial Protection Bureau (CFPB), established as part of the Dodd-Frank Act, now has responsibility for administering various consumer protection laws that previously were within the purview of the OCC and other federal agencies. Since assuming its authority in July 2011, the CFPB has published its own mortgage servicing standards with significant new service provider oversight 1 OCC AL and Bulletin , respectively.

2 requirements, and issued other bulletins related in whole or in part to third-party management (e.g., and ). In addition, the CFPB has taken numerous public enforcement actions against credit card lenders and other financial service providers that were based in large part on activities performed by or in cooperation with their third-party service providers. The CFPB also is exercising its authority to supervise service providers that participate in offering consumer financial products CFPB examinations and investigations have led to public enforcement actions against both the service providers and the banks with which they partnered. Meanwhile, facing increased pressure to cut costs and find new sources of revenue, financial institutions continue to expand the number and types of their third-party relationships in the form of traditional outsourcing of additional bank processes as well as increased use of joint marketing arrangements, including offering add-on products through third-party business partners. In light of the evolving risks financial institutions and their customers face related to growing reliance on third parties, the OCC recognized the need to strengthen the third-party relationship standards it first issued 13 years ago. Which Financial Services Institutions Are Affected? By definition, the Bulletin only strictly applies to national banks and federal savings associations. However, it should be noted that OCC Bulletin historically was viewed as the most allencompassing standard issued by any of the regulatory agencies with respect to third-party management. As such, it was commonly considered a de facto standard across the industry. Additionally, the current regulatory environment is one in which no regulatory agency wants to be seen as taking a softer line on supervision than its peers, so we expect similar guidelines to be issued by other agencies as well. As a result, banks of all types should examine the Bulletin closely and assess its relevance to their operations. What Does OCC Bulletin Say? A brief comparison of to could lead one to conclude that there are very few differences. The old and new standards broadly cover the same topics, with both viewing third-party risk management as a lifecycle and setting forth the expectation that banks identify and manage third-party risk from the time the arrangement is contemplated, to selection and onboarding of third parties, and then throughout the active life of the relationship. Similarly, most of the major risk domains included in , such as Legal and Regulatory Compliance, Financial Condition, and Information Security, are addressed in as well. However, it would be a mistake to view simply as a reframing of existing guidance. As the layers of each lifecycle stage and type of risk are peeled back, it becomes clear that establishes significantly more detailed and prescriptive standards than existed previously. Put simply, takes what up until now would have been considered best-in-class leading practices, adopted by relatively few firms to date, and makes those the new universal standard for the entire national bank industry. Key aspects of OCC include: A refreshed view of the Risk Management Life Cycle in the third-party oversight context, as displayed in the following graphic: Protiviti 2

3 The concept of critical activities in which third parties are involved, requiring more comprehensive and rigorous oversight and management of third-party relationships that are subject to this standard Critical activities defined as significant bank functions (such as payments, clearing, settlements or custody), as well as those activities that expose the bank to significant risk in the event of third-party failures, could have a significant impact on bank customers, require a significant resource investment on the part of the bank to manage, and/or could not easily be replaced with another third party or in-sourced if the particular relationship in question had to be terminated. One area of risk covered in both the historical and new standards is the need to consider legal, regulatory and reputation risks prior to initiating a new third-party relationship. The following table provides a comparison of how the OCC s expectations related to this topic have evolved: OCC Requirements At the outset, banks should identify the strategic purposes, benefits, legal aspects, costs and risks associated with the third-party activity, including reputational risks if the standards associated with the activity or product differ from those customarily employed by the bank. Banks should involve their compliance management function in the due diligence and monitoring process when third-party products or services present significant risk to regulatory compliance. OCC Updates Before entering into a third-party relationship, senior management should develop a plan to manage the relationship. The management plan should be commensurate with the level of risk and complexity of the third-party relationship and should assess the extent to which the activities are subject to specific laws and regulations (e.g., privacy, information security, Bank Secrecy Act/Anti-Money Laundering [BSA/AML], fiduciary requirements). Protiviti 3

4 Internal auditors, compliance officers and legal counsel could help to analyze the risks associated with the third-party relationship and establish the necessary control and reporting structures. Due diligence should involve a thorough evaluation of all available information about the third party, and may include: Business reputation, complaints and litigation (by checking references, the Better Business Bureau, state attorneys general offices, state consumer affairs offices and, when appropriate, audit reports and regulatory reports); Qualifications, backgrounds and reputations of company principals to include criminal background checks, when appropriate. The bank should consider the following during due diligence: Evaluate the third party s legal and regulatory compliance program to determine whether the third party has the necessary licenses to operate and the expertise, processes and controls to enable the bank to remain compliant with domestic and international laws and regulations. Check compliance status with regulators and self-regulatory organizations as appropriate. Evaluate the third party s depth of resources and previous experience providing the specific activity. Assess the third party s reputation, including history of customer complaints or litigation. Determine how long the third party has been in business, its market share for the activities, and whether there have been significant changes in the activities offered or in its business model. Conduct reference checks with external organizations and agencies such as industry associations, Better Business Bureau, Federal Trade Commission, state attorneys general offices, state consumer affairs offices and similar foreign authorities. Check U.S. Securities and Exchange Commission or other regulatory filings. Review the third party s websites and other marketing materials to ensure statements and assertions are in line with the bank s expectations and do not overstate or misrepresent activities and capabilities. Determine whether and how the third party plans to use the bank s name and reputation in marketing efforts. As should be clear from this comparison, establishes significantly more specific guidelines in this area, particularly the expectation that each applicable law and regulation to which the new relationship will be subject is mapped prior to contract, and that the bank independently review the third party s legal and regulatory compliance program. Numerous other examples exist throughout , especially in areas such as review of the third party s internal audit and training programs, consideration of contract termination risks, expectations related to the bank s board of directors in third-party risk management, and the bank s oversight of subcontractors used by the third party. Action Steps and Other Points to Consider Naturally, all institutions will need to do a gap assessment between their current practices and the standards now set forth in , and adjust their third-party risk management programs accordingly. In Protiviti 4

5 support of that effort, we ve summarized below a few of the unique dynamics and challenges the banking industry will face in this area: Dueling regulatory guidelines OCC concludes with an appendix listing other OCC guidelines applicable to third-party risk management. This list includes nine (9) separate releases under the Comptroller s Handbook, two (2) alerts, two (2) news releases, 37 bulletins, four (4) advisory letters, and one (1) banking circular. For good measure, the OCC also highlights two (2) FFIEC Handbooks related to third-party management. Daunting as they are to begin with, these lists do not include relevant standards issued by other regulatory agencies, such as the aforementioned CFPB regulations and bulletins, FDIC FIL , SEC guidance and enforcement actions related to use of third parties for specific activities such as fair value pricing, and countless others. The burden grows heavier still for multinational institutions doing business in the United States, which must comply with most or all of the requirements mentioned above along with similar standards issued by the authorities in their home countries or other jurisdictions in which they do business. Very few institutions have inventoried all applicable third-party management standards comprehensively and performed an assessment of how effectively the firm s current practices address them both individually and collectively. Considering the significant changes likely to result from on its own, now is an opportune time to make sure your program not only meets the recent OCC guidance, but also all other relevant standards issued by other agencies with jurisdiction over your institution. Building third-party inventories In our experience, many institutions are still struggling to develop and maintain a complete, up-to-date listing of all third parties with which the firm does business. Some firms keep separate lists by line of business and/or service type using different platforms and tools. Others have a good handle on their vendor list at an enterprise level (often validated using accounts payable information), but do not have a comprehensive listing of other third-party business partners, such as joint marketing arrangements. As regulatory burdens in this area continue to grow, they will be increasingly impossible to manage without confidence that a complete list of third parties exists as a starting point. Establishing such an inventory often requires a dedicated and time-consuming consolidation and cleansing effort with participation of multiple corporate functions and lines of business. Related to the comment above, institutions are often unable to identify consistently all of the various services provided by a particular vendor across all lines of business within the enterprise. Even if a master vendor listing exists, for example, it will often contain duplicate entries showing different trade names for what is ultimately a single third-party provider, and/or contain only the original and not all current services the third party provides, etc. These types of data integrity issues represent a significant barrier to being able to assess comprehensively the risk posed by a particular vendor and determine whether they should be considered critical under the new guidelines. Once complete lists of third parties and the services they provide have been developed as of a point in time, institutions should ensure their enhanced third-party lifecycle management programs developed under include effective change control mechanisms to maintain these lists on an ongoing basis. Need for unified risk assessment activities OCC and many other third-party management standards either require risk assessments or advocate a risk-based approach to managing third-party exposure. However, as noted above, many institutions still assess thirdparty risks by domain (e.g., information security, consumer protection, etc.) or by the particular type of service provided to a single line of business, and are unable to identify or report on the aggregate types and levels of risk posed by a particular third party across the enterprise. This approach can not only cause material risks to go undetected or be underrated, but also introduces significant inefficiencies and duplication of effort, as multiple functions across the enterprise request, analyze and document their review of the same information from the same vendors over and over again in a disconnected fashion. As financial institutions are already Protiviti 5

6 challenged to comply with what seems like an unlimited number of new requirements using a limited amount of resources, there is significant value in finding areas like this in which personnel currently assigned to unproductive tasks can be reallocated to performing the new activities that now must be developed. Roles and responsibilities As risk assessment and other third party-related processes are rationalized, many institutions are taking a fresh look at how accountability for these activities is distributed across the organization. Particularly in light of more specific OCC expectations for independent reviews of individual critical vendors as well as the third-party risk management process as a whole, it will be increasingly important to have clear delineation of roles and responsibilities in order to avoid duplicative efforts and preserve the independence of functions that must perform testing activities. As it relates to reviews of individual vendors, many firms are exploring how they might establish centralized functions at the second line of defense (usually either within operational risk or compliance) or their supplier management/procurement organization to perform these tasks. As these types of functions are built, organizations must ensure their mandate is clear relative to that of the day-to-day monitoring and oversight activities performed by the owners of the vendor relationships at the first line. Second-line functions may also struggle to make sure they have the right level of expertise in specialized risk areas such as technology and information security, antimoney laundering and consumer compliance. This is a particular challenge in the face of what is currently an unprecedented level of demand for these same skill sets in other areas of the bank, and across the industry as a whole. Generally speaking, most organizations are performing (or will perform) the independent review of the overall third-party risk management program at the third line of defense within the internal audit function, often supplemented initially by subject-matter experts on a co-sourced basis. Key areas of focus for internal audit should include completeness of the third-party universe, definitions of and processes to assess third-party risk and identify critical vendors, and the quality and depth of initial due diligence and ongoing oversight activities (including, especially, seeing that weaknesses identified with respect to particular vendors are properly escalated and completely resolved in a timely manner). Need to rationalize number of vendors If our problem statement is that each individual vendor relationship now requires more time and resources to oversee than the institution can afford, one obvious solution is to reduce the number of third parties your firm does business with in order to enhance oversight of the surviving providers. This is another point in favor of developing a complete view of all services provided across the enterprise by a particular third party, as it can help to identify opportunities to move additional services to providers that have already been risk Protiviti 6

7 assessed, are subject to existing oversight programs and consistently deliver high-quality levels of service. It is important, however, to balance these consolidation efforts with the risk highlighted in of over-dependence on particular service providers that could not be replaced easily or inexpensively. The need for shared assessments For a few risk domains and service provider categories, there already exist broadly accepted standards for the vendors themselves to engage independent reviews of their operations, which can then be shared with all of the interested clients of those vendors, eliminating the need for redundant reviews of the same functions by each client. Examples of these types of reviews include the SSAE 16 assessment standard (which replaced SAS 70 reviews) and Payment Card Industry audit requirements. We are aware of efforts underway to expand these solutions into other risk domains, such as standardized shared assessments for mortgage foreclosure attorneys. Although these initiatives must clear numerous hurdles privacy and information sharing restrictions, difficulty among all interested parties in agreeing on appropriate scope and coverage, questions about whether the results will be accepted by all appropriate regulators, etc. their necessity in the new environment is clear and we expect them to continue to gain interest and support. Impact on vendor organizations and their cost structures Although we ve focused primarily on how banks will respond to the new guidance, it s important to recognize that these heightened expectations will have at least as large and probably a larger impact on the third parties with which the banks do business, particularly critical vendors. At a minimum, third parties should expect a lengthier and more involved contracting process, with the need to disclose more detail than ever before about their internal control practices. Third parties will also need to support more regular and intrusive audits during the life of the relationship. Perhaps even more significantly, many third-party vendors will find that their own risk management systems require considerable enhancements to meet the new expectations of their bank clients and the regulators that supervise them. These enhancements, of course, will not be free in terms of the people required to build and execute them, potential lengthening of transaction cycle time as control checkpoints are added, investments in technology required to provide improved automated controls and reporting, etc. Together with an increased desire on the part of banks to reduce the number of third parties with which they do business, we see these combined factors driving a significant wave of consolidation within the bank service provider industry. Third parties will need to grow to a size that provides the critical mass necessary to implement the infrastructure and controls now expected. The increased cost of providing these services in a better-controlled manner, coupled with reduced competition as a result of consolidation, will result in higher fees being passed along to the financial services industry itself. These trends were already apparent in many areas (such as mortgage servicing), and are likely to be accelerated by the new OCC guidance. The cost/benefit analysis of outsourcing And that leads to our final point of consideration. Although and other historical guidelines have highlighted the need for institutions to analyze the benefits, costs and risks associated with partnering with third parties, few institutions maintained objective, robust models to do this for all (or even all critical) third parties. OCC adds more specific expectations in this regard, but even if it did not, the financial impact of all of the other dynamics above should be good cause for organizations in the banking industry to enhance their capabilities in this area on their own. When the increased costs of upfront due diligence and ongoing oversight are considered, banks may find it is more appropriate to continue to self-service activities that otherwise might have been outsourced. Similarly, increased regulatory scrutiny of joint marketing arrangements in general (and areas like add-on products, in particular) is already changing the risk-reward calculus for these types of programs, and the fact that the regulatory bar related to them is now being raised yet again will continue that trend. Protiviti 7

8 Summary OCC establishes game-changing expectations for third-party relationships. Financial institutions will need to be ready to provide evidence that a thoughtful, comprehensive third-party relationship program has been designed and implemented. Those banks that have established clear roles and responsibilities for risk management across the enterprise, invested in robust operational controls and technology platforms to assess, manage, and report on the effectiveness of these efforts, and can appropriately analyze the costs, risks, and benefits of existing and proposed third-party relationships will have significant advantages in the new environment. For all banks, though, the old adage that you can outsource the process, but you can t outsource the risk has never been more true. About Protiviti Protiviti ( is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000 and FORTUNE Global 500 companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. Contacts Carol Beaumier Tim Long Cory Gunderson Matthew Moore Michael Brauneis Protiviti Inc. An Equal Opportunity Employer. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Vendor Risk Management in the New Regulatory Environment. kpmg.com Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Finalizes Its Heightened Standards for Large Financial Institutions September 15, 2014 Transforming Heightened Expectations to Minimum Standards On September 2, 2014,

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top

More information

Any business relationship between a bank and another entity, by contract or otherwise

Any business relationship between a bank and another entity, by contract or otherwise An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.

More information

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are

More information

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

To: Our Clients and Friends March 25, 2014

To: Our Clients and Friends March 25, 2014 Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors

More information

Compliance Risk Management Survey A Point of View

Compliance Risk Management Survey A Point of View FINANCIAL SERVICES Compliance Risk Management Survey A Point of View July 2014 kpmg.com Compliance Risk Management Survey A Point of View 3 Introduction As the financial crisis unfolded, regulators looked

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

Third-Party Risk Management: Busting Myths and Telling Truths

Third-Party Risk Management: Busting Myths and Telling Truths Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com

More information

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner

More information

Essential Elements of FFIEC Vendor Due Diligence

Essential Elements of FFIEC Vendor Due Diligence Essential Elements of FFIEC Vendor Due Diligence Essential Elements of FFIEC Vendor Due Diligence Overview of the Whitepaper This CBIZ Credit Risk Advisory Group whitepaper was written for lenders, financial

More information

WHITE PAPER THIRD PARTY MANAGEMENT: FUNDAMENTALS

WHITE PAPER THIRD PARTY MANAGEMENT: FUNDAMENTALS THIRD PARTY MANAGEMENT: FUNDAMENTALS by Linda Tuck Chapman Sponsored by Third Party Management Fundamentals Third Party Management isn t new, but its importance is growing in every industry and the financial

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

Community Banking. Cross-collateralization: Handle with care. A D V I S O R Summer 2012. Managing outsourcing risks. How to carry a millionaire

Community Banking. Cross-collateralization: Handle with care. A D V I S O R Summer 2012. Managing outsourcing risks. How to carry a millionaire Community Banking A D V I S O R Summer 2012 Managing outsourcing risks Wealth management programs How to carry a millionaire Bank Wire Cross-collateralization: Handle with care Cross-collateralization:

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay

More information

The New Third-Party Oversight Framework: Trust but Verify kpmg.com

The New Third-Party Oversight Framework: Trust but Verify kpmg.com Financial Services Regulatory Point of View The New Third-Party Oversight Framework: Trust but Verify kpmg.com The New Third-Party Oversight Framework: Trust but Verify 1 Financial services regulatory

More information

Managing Regulatory Compliance and AML Risk in a Virtual Currency World

Managing Regulatory Compliance and AML Risk in a Virtual Currency World Managing Regulatory Compliance and AML Risk in a Virtual Currency World Issue When you first think of virtual currency (also known as digital currency), the video gaming industry may be what first comes

More information

Supporting Effective Compliance Programs

Supporting Effective Compliance Programs October 2015 Supporting Effective Compliance Programs The Oversight Roles of the Board Audit and Risk Committees in Regulatory Compliance By Paul Osborne, CPA, CAMS, AMLP, and Peggy Sepp, CIA To be effective,

More information

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red

More information

FinTech Webinar Series: Vendor Management Principles

FinTech Webinar Series: Vendor Management Principles FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special

More information

Putting the Management Back in Vendor Management February 20, 2014

Putting the Management Back in Vendor Management February 20, 2014 Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan

More information

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and

More information

30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC)

30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC) 30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC) have issued extensive new guidance to financial institutions about the use of third parties to perform functions

More information

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago

More information

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendor Compliance Management Series: Performing an Effective Risk Assessment Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must

More information

9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99 20/20 Vision for Vendor Management & Oversight 2013 WBA Technology Conference September 17, 2013 Ken M. Shaurette, CISSP, CISA, CISM, CRISC, IAM Director IT Services Disclaimer The views set forth are

More information

2014 Financial Services Industry Compliance Benchmark Study

2014 Financial Services Industry Compliance Benchmark Study 2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals

More information

CFPB Consumer Laws and Regulations

CFPB Consumer Laws and Regulations General Principles and Introduction Supervised entities within the scope of CFPB s supervision and enforcement authority include both depository institutions and non-depository consumer financial services

More information

Risk Management of Remote Deposit Capture

Risk Management of Remote Deposit Capture Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture

More information

Washington Update. Payments News from our Nation s Capital. October 2014. Contents. CFPB Finalizes Two Rules Related to International Money Transfers

Washington Update. Payments News from our Nation s Capital. October 2014. Contents. CFPB Finalizes Two Rules Related to International Money Transfers Washington Update Payments News from our Nation s Capital October 2014 Contents CFPB Finalizes Two Rules Related to International Money Transfers $25 per Issue $200 Annual Subscription Authors: Craig Saperstein

More information

Remarks by. Thomas J. Curry Comptroller of the Currency. Before a Meeting of CES Government. Washington, DC April 16, 2014

Remarks by. Thomas J. Curry Comptroller of the Currency. Before a Meeting of CES Government. Washington, DC April 16, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before a Meeting of CES Government Washington, DC April 16, 2014 Good afternoon. It s a pleasure to finally be here with you. I had very much hoped

More information

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

VENDORINSIGHTU P D A T E

VENDORINSIGHTU P D A T E VENDORINSIGHTU P D A T E November 12, 2013 COMPLIANCE VendorINSIGHT is the industry-leading solution for financial institutions offering the most features and capabilities for vendor risk monitoring. Ask

More information

Vendor Due Diligence from Lenders

Vendor Due Diligence from Lenders ALTA BEST PRACTICES Vendor Due Diligence from Lenders ALTA HAS A SOLUTION FOR YOUR ORGANIZATION Wells Fargo supports ALTA s Best Practices, and considers them to be guidelines for sound business practices

More information

Regulatory Practice Letter February 2014 RPL 14-05

Regulatory Practice Letter February 2014 RPL 14-05 Regulatory Practice Letter February 2014 RPL 14-05 CFPB Nonbank Supervision of International Money Transfer Providers Proposed Rule Executive Summary The Consumer Financial Protection Bureau (CFPB or Bureau)

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Even Retailers and Consumer Products Manufacturers Must Manage Compliance with the U.S. Foreign Corrupt Practices Act and Other Anti-Bribery Laws May 3, 2012 Recent reports of alleged

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT The Volcker Rule: The End of Proprietary Trading? October 13, 2011 This week in the United States, the Federal Reserve Board, the Office of the Comptroller of the Currency,

More information

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014) Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory

More information

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes

More information

#socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations

#socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations #socialmediarisk Social Media and Consumer Marketing for Financial Services Organizations Social media has created significant opportunities for organizations to connect with their customers and the overall

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT Federal Deposit Insurance Corporation Approves Two Living Will Rules September 27, 2011 On September 13, 2011, the Federal Deposit Insurance Corporation (FDIC) approved

More information

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)

More information

P&G Banking A D V I S O R Fall 2014

P&G Banking A D V I S O R Fall 2014 P&G Banking A D V I S O R Fall 2014 SWOT analysis is solid armor for lenders Uncover risks among your business loan customers 5 tips for a successful succession plan Bank Wire Regulators raise the bar

More information

Servicing s Pain Points

Servicing s Pain Points C o v e r R e p o r t : Te c h n o l o g y Servicing s Pain Points BY J O H N G U Z Z O Historic changes are occurring in the servicing business. Not least among the many changes that have occurred in

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust

More information

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements isl Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements DataGuardZ White Paper Forti5 BNP Paribas [Pick the date] What is the history behind FFIEC compliance?

More information

Effective AML Model Risk Management for Financial Institutions: The Six Critical Components

Effective AML Model Risk Management for Financial Institutions: The Six Critical Components August 2012 Effective AML Model Risk Management for Financial Institutions: The Six Critical Components A White Paper by John A. Epperson, Arjun Kalra, and Brookton N. Behm Audit Tax Advisory Risk Performance

More information

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection Statement of the Office of the Comptroller of the Currency Provided to the Subcommittee on Financial Institutions and Consumer Protection Senate Committee on Banking, Housing, and Urban Affairs Shining

More information

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship THE 4 TH NATIONAL CONFERENCE ON OUTSOURCING IN FINANCIAL SERVICES NEGOTIATING, MANAGING & TERMINATING OUTSOURCING RELATIONSHIPS WHILE ENSURING REGULATORY COMPLIANCE Renaissance Mayflower, Washington, DC

More information

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA

FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. CALIFORNIA DEPARTMENT OF FINANCIAL INSTITUTIONS SAN FRANCISCO, CALIFORNIA ) ) In the Matter of ) ) CONSENT ORDER BANAMEX USA ) CENTURY CITY, CALIFORNIA

More information

Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003. Summary of Final Rule

Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003. Summary of Final Rule Identity Theft Red Flags & Address Discrepancies under the FACT Act of 2003 Summary of Final Rule On November 9, 2007, the Office of the Comptroller of the Currency ( OCC ), Federal Reserve Board ( Board

More information

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management

More information

Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction

Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Guidelines for Financial Institutions Legislative Compliance Management (LCM) Date: July 2004 Introduction Regulatory risk is the risk of non-compliance with applicable regulatory requirements. For the

More information

Community Banking. Regulators raise the bar on outsourcing relationships. A D V I S O R Fall 2014

Community Banking. Regulators raise the bar on outsourcing relationships. A D V I S O R Fall 2014 Community Banking A D V I S O R Fall 2014 SWOT analysis is solid armor for lenders Uncover risks among your business loan customers 5 tips for a successful succession plan Bank Wire Regulators raise the

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT The Fourth European Union Anti-Money Laundering Directive July 2015 The Fourth European Union (EU) Anti-Money Laundering Directive (Fourth Directive) was approved by the

More information

Asset Management. Comptroller s Handbook. Comptroller of the Currency Administrator of National Banks

Asset Management. Comptroller s Handbook. Comptroller of the Currency Administrator of National Banks AM- Comptroller of the Currency Administrator of National Banks Comptroller s Handbook 20 AM Asset Management Asset Management UOperations and Controls Table of Contents Asset Management Operations and

More information

Validating Third Party Software Erica M. Torres, CRCM

Validating Third Party Software Erica M. Torres, CRCM Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT

More information

FRB Issues Final Credit Score Disclosures Rule. Final Retail Foreign Exchange Rules. HUD Updates RESPA Regulation. August 2011

FRB Issues Final Credit Score Disclosures Rule. Final Retail Foreign Exchange Rules. HUD Updates RESPA Regulation. August 2011 is intended to keep you informed of regulatory changes in advance of their effective date so your institution can have the necessary policies, procedures and processes in place to be compliant at the time

More information

Navigating Vendor Management Issues in Today s Regulatory Environment

Navigating Vendor Management Issues in Today s Regulatory Environment Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational

More information

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

New CFPB mortgage servicing rules present significant challenges for mortgage servicers New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Is Department of Justice Dismissal of Morgan Stanley Case a Litmus Test for Corruption Risk Compliance? November 1, 2012 In April 2012, a former Morgan Stanley managing director

More information

OCC BULLETIN OCC 2001-47

OCC BULLETIN OCC 2001-47 OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Third-Party Relationships Description: Risk Management Principles TO: Chief Executive Officers of National Banks, Federal

More information

New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers

New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers CT Representation Services New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL OFFICE OF FOREIGN ASSET CONTROL COMPLIANCE REVIEW Report #OIG-06-09 December 18, 2006 William A. DeSarno Inspector General Released By:

More information

THIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one.

THIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one. THIRD PARTY SUPPLIER RISK MANAGEMENT Meeting Emerging Financial Services Regulatory Requirements By Joseph Yacura, ISG Director www.isg-one.com INTRODUCTION U.S. and Canadian financial services companies

More information

Avoiding Buyer s Remorse with AML Monitoring Software. Implementing Effective and Efficient AML Transaction Monitoring Systems

Avoiding Buyer s Remorse with AML Monitoring Software. Implementing Effective and Efficient AML Transaction Monitoring Systems Avoiding Buyer s Remorse with AML Monitoring Software Implementing Effective and Efficient AML Transaction Monitoring Systems Overview A well-designed transaction monitoring program is an important pillar

More information

Financial services regulatory compliance. Changing demands require the right perspective

Financial services regulatory compliance. Changing demands require the right perspective Financial services regulatory compliance Changing demands require the right perspective The role of compliance is being elevated as regulatory demands increase. Compliance leaders are facing the greatest

More information

2014 Trends in the Insurance Industry

2014 Trends in the Insurance Industry 2014 Trends in the Insurance Industry Introduction Changes in the insurance industry historically move at a slow and steady pace, yet in recent years, by industry standards, they have become increasingly

More information

6/8/2016 OVERVIEW. Page 1 of 9

6/8/2016 OVERVIEW. Page 1 of 9 OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))

Regulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM)) Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose

More information

Servicing Issues Update

Servicing Issues Update September 2014 Servicing Issues Update Regulatory Developments 1. Future Rulemaking. CFPB has indicated that it is reviewing its mortgage servicing regulations and may issue additional amendments and clarifications.

More information

WHITE PAPER Third-Party Risk Management Lifecycle Guide

WHITE PAPER Third-Party Risk Management Lifecycle Guide WHITE PAPER Third-Party Risk Management Lifecycle Guide Develop and maintain compliant third-party relationships by following these foundational components of a best-practice assessment program. Third

More information

Outsourcing has become a critical component of financial institutions management

Outsourcing has become a critical component of financial institutions management Skadden Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or call your regular Skadden

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-14-034 Not Sufficiently Documented April 21, 2014 Office of Inspector General Department of the Treasury Contents Audit Report Background... 2 Results of Audit... 4 OCC Has Updated Guidance

More information

Third Party Relationships

Third Party Relationships 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B D INTRODUCTION AND PURPOSE Background Yes/No Comments 1. Does the credit union maintain a list of the third party

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Importance of the Consumer Financial Protection Bureau

Importance of the Consumer Financial Protection Bureau Importance of the Consumer Financial Protection Bureau The aftermath of the financial crisis affected millions of Americans. The U.S. economy was devastated as companies crumbled, homeowners lost their

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Transparent Government Demands Robust Data Quality

Transparent Government Demands Robust Data Quality Transparent Government Demands Robust Data Quality Federal initiatives to strengthen transparency and accountability require agencies to improve data quality practices W H I T E P A P E R Table of Contents

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Customer Data and Reputational Risk in the Pharmaceutical Industry

Customer Data and Reputational Risk in the Pharmaceutical Industry 1 Customer Data and Reputational Risk in the Pharmaceutical Industry Sensitive Data: A Chain of Trust Organizations of all types, from banks to government agencies to healthcare providers, are taking steps

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

How Lenders Manage Third Party Vendor Compliance for Field Services. Whitepaper

How Lenders Manage Third Party Vendor Compliance for Field Services. Whitepaper How Lenders Manage Third Party Vendor Compliance for Field Services Whitepaper November 2014 Contents Introduction Current Compliance Issues New Law, New Rules The Software Powering the Solution The Value

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT New Internal Control Requirements for Companies with Operations in India November 9, 2015 In the aftermath of major global financial frauds, several countries enacted legislation

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES

More information

Anti-Money Laundering

Anti-Money Laundering Bank Secrecy Act and Anti-Money Laundering FDIC Atlanta Region s Regulatory Conference Call March 20, 2014 2 Speakers Assistant Regional Director Timothy Hubby Special Activities Case Manager Danielle

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information