KYCC Strategies for Managing Third-Party Payment Processor (TPPP) and Third-Party Sender (TPS) Risk

Save this PDF as:
Size: px
Start display at page:

Download "KYCC Strategies for Managing Third-Party Payment Processor (TPPP) and Third-Party Sender (TPS) Risk"

Transcription

1 KYCC Strategies for Managing Third-Party Payment Processor (TPPP) and Third-Party Sender (TPS) Risk Dan Frechtling SVP Marketing & Chief Product Officer April 20, 2015 Steve Clendaniel Director of Risk Consulting

2 KYCC strategies for TPPPs and TPSs KYCC: TPPP: TPS: Toyota Production System Know Your Customer s Customer Third Party Payment Processor Third Party Sender

3 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions An additional level of intelligence is required

4 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions An additional level of intelligence is required

5 Regulation has become competitive sport FRB FDIC OCC FTC CFPB In the US, we now have the regulatory Olympics. (SVP Payments for top 5 US bank) In 2014 US and European banks paid ~$65B in penalties, 40% greater than 2013, the previous high, according to BCG McKinsey estimates that senior executives spend about 20 to 25 percent of their time on regulatory matters Sources: Wall Street Journal, Dec 2014; Bankdirector.com, Jan 2015

6 Regulatory pressure is rising 2013 March October November 50+ Banks subpoenaed by the government to examine their risk management processes

7 and rising 2014 March April May June

8 and rising 2015 March April

9 Regulatory pressure is unavoidable This is the business that we ve chosen and these are the rules you must follow in order to be able to stay in the game. If we want to continue to grow and to prosper we have to get A s on your report card in terms of compliance. If you get anything less than that, they ll shut down your growth. It s just not optional. Executive Vice President and Chief Risk Officer, Midsized Bank Source: G2 Web Services Research Study, March 2015

10 Regulatory pressure is unpredictable It s almost a crap shoot, right? So anybody could come in, a new regulator that wasn t here last year, and say, That s not how I look at it, or you need to beef this up, or I saw this other institution do this. I m recommending this for you So there is some concern, but it s almost uncontrollable. Vice President, Risk Management and Compliance, Midsized Bank Source: G2 Web Services Research Study, March 2015

11 Regulatory pressure is examiner-driven it s more the human nature from an examiner, or a specific examiner, let s say, in their opinion or what they ve seen in their travels versus a new regulation coming out and being a total shock to us. Vice President, Compliance, Midsized Bank Source: G2 Web Services Research Study, March 2015

12 TPPP and TPS regulations are changing In an ever changing regulatory environment, especially TPPP being newer, is - are the regulators going to change their requirements? I think there s a black hole in banking, especially with examination, whereby examination procedures and guidance say one thing, but we re also held to best standards and practices. Executive Vice President and Chief Risk Officer, Midsized Bank Source: G2 Web Services Research Study, March 2015

13 TPPPs and TPSs can be opaque to banks The level of challenge with respect to any vendor relationship to which the banking regulators are requiring us to increasingly know, vet, and to fully understand what s going on in that vendor s black box. Those are sorts of things that keep you up at night. Executive Vice President and Chief Risk Officer, Midsized Bank Source: G2 Web Services Research Study, March 2015

14 TPPPs and TPSs may lose banking relationships 10 years ago, you linked up with a vendor and you sort of relied on them to do the things- you did your own due diligence but it wasn t nearly the same sort risk assessment process that you go through today. And what we see it evolving to is one that is even much, much more invasive for the vendor. You are going to have to discontinue certain relationships. Executive Vice President and Chief Risk Officer, Midsized Bank Source: G2 Web Services Research Study, March 2015

15 Entire categories of TPPPs and TPSs are at risk What has occurred is a lot of the very large institutions based on a lot of guidance from regulatory agencies have sort of de-risked their portfolio. And so a lot of them for instance don t do any clients that are money service business or third party payment processors because that s what it seemed like the regulators wanted and it s just easier, rather than trying to interpret, to just avoid it. EVP and CEO, Midsized Bank Source: G2 Web Services Research Study, March 2015

16 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions An additional level of intelligence is required

17 Regulators have provided bulletins on TPPPs

18 FDIC and OCC offer guidance and a framework FDIC FIL FIL FIL OCC BULLETIN BULLETIN BULLETIN

19 All agree on principles: onboarding, ongoing

20 Guidelines: Onboarding Conduct due diligence commensurate with the level of risk and complexity of the 3 rd party relationship Strategies: check growth goals, current and proposed structures, quality initiatives, efficiency improvements, employment practices are consistent with bank s philosophy Compliance: licenses, expertise, controls, status with regulators and similar organizations Financials: statements, trends, pending litigation, fee structures Reputation: complaints, years of experience, reference checks, SEC & regulatory filings, websites

21 Guidelines: Onboarding Conduct due diligence commensurate with the level of risk and complexity of the 3 rd party relationship Principals: senior management, key employees, subcontractors Risk management: independence of audit function, policies for escalating audit findings, SOC reports, other standards (e.g. ISO) IS: SLAs and performance metrics, change management processes, ability to mitigate data breach vulnerabilities Resilience: disaster recovery and business continuity plans in event of service disruptions

22 Guidelines: Onboarding Conduct due diligence commensurate with the level of risk and complexity of the 3 rd party relationship Security: physical security, incident reporting HR: training, succession planning, holding employees accountable for compliance Subcontractors: geographic locations, due diligence and monitoring; conduct your own diligence, look for legally-binding indemnification Insurance: bond coverage for dishonest acts, liability coverage for negligence, hazard insurance for disasters

23 Best practices: Onboarding Conduct due diligence commensurate with the level of risk and complexity of the 3 rd party relationship Have a prohibited category list Check the merchant for fraudulent activity Identify what the merchant is selling, beyond MCC/NAICS/SIC code Analyze the merchant s online history of risk Analyze the merchant s website for suspicious activity or hidden goods Require the same due diligence of your TPPPs with their customers

24 Guidelines: Ongoing Performed periodically during the course of the relationship, particularly when considering a renewal of a contract. Onboarding Ongoing Compliance Financials Insurance IS Resilience Subcontractors Reputation Principals HR Remediation Agreements Confidentiality

25 Best practices: Ongoing Performed periodically during the course of the relationship, particularly when considering a renewal of a contract. Check for migration to prohibited categories Persistently monitor the merchant for changes in goods/services offered Monitor the merchant for fraudulent activity Adjust your oversight based depend upon the potential risks and the magnitude of the arrangement Require Third Parties to monitor their merchants according to your standards, and request regular reports

26 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions Onboarding Ongoing An additional level of intelligence is required

27 Risk Managers have responded by using new tools Onboarding Ongoing 1 2 Identity Verification Manual Credit/Asset Searches 3 4 Transaction Monitoring Manual spot Checks

28 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions Onboarding Ongoing An additional level of intelligence is required

29 1. Identity Verification Tools Good standard practice Complies with core BSA/AML guidance for due diligence & EDD Recommended for compliance with CIP rule of Patriot Act Many financial institutions do some kind of criminal background check which is only as good as the data store which they are checking against. Guy Huntington, Identity Management expert X Verification can be outmaneuvered by black hat applicants X Most effective when applicants disclose information that can be verified X Only as good as the data store : misses hidden merchant risk

30 2. Manual Credit/Asset Searches Consolidates separate data sources into one platform Valued by most regulators as highly credible sources Provides a sense of control and rigor Because it s manual it s inconsistently applied. Level of experience of the evaluator varies. (the process) is staff intensive Chief Risk Officer, Large Bank, Midwest X May produce better information about principals than merchants X Quality of the review fluctuates based on analyst s experience X Lacks automated scoring that can speed underwriting

31 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions Onboarding Ongoing An additional level of intelligence is required

32 3. Transaction Monitoring Important and necessary for compliance with OCC s CFR & , and FDIC s FIL & FIL Improving quality of data science means anomaly detection is faster and more accurate Alerts can provide evidence of suspicious activity or outright fraud Allows for triaging of suspicious transactions separate from normal transactions for further review All things being equal, preventative controls are always better than protective controls. X Most effective after fraud has struck X Miss leading indicators of fraud X Outsmarted by black hat applicants Chief Risk Officer, Midsized Bank, Southeast Source: G2 Web Services Research Study, March 2015

33 4. Manual Spot Checks Easy to start and modify, especially at low volumes Simple to explain to auditors Fewer technical black boxes are involved There are manual reports that we look at. There s a daily payment processing report and then we can look at them monthly, quarterly or annually it s a very manual, labor intensive process. Chief Risk Officer, Midsized Bank X Are rarely conducted X Require technology and training to spot changes X Hard to detect deceptive marketing practices X Lacks automated scoring that can speed underwriting

34 All four miss vital aspects of KYC Missing: Hidden merchant risk Direct evidence of illegal activity, patterns of fraud and compliance violations Links to illicit merchants, criminal fraud rings, hidden websites Conducting business with many FIs Missing: Automated scoring History of fraud, compliance missteps Technology-enabled analysts rather than labor Predictions such as poor reputation with consumers, leading indicators of future fraud and compliance violations

35 Individual risk merchant risk Survey of Dual Occupation Professionals: Should US firms offer gifts to gain a foothold in a new market if this violated federal law? As engineers, 90% disagreed As managers, 50% agreed When people switch hats, they often switch moral compasses. -Keith Leavitt, OSU faculty Source: Oregon State Research Study, May 2012

36 Can hidden merchant patterns be detected? I doubt you can do this. It sounds good, but the proof is in the pudding. Looking at years of merchant history is a real differentiator, a way of looking at the past as indicator of future activity. Our bank is not be able to dig as deep. Senior VP, 3rd Party Risk Mgt, Midsized Bank, Mid-Atlantic Source: G2 Web Services Research Study, March 2015

37 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions An additional level of intelligence is required Key elements Implementation

38 Key elements of merchant intelligence 1. Underlying merchants 2. Historical connections 3. Predictive modeling 4. Instant quantification 5. Risk-based approach 6. Rich reporting

39 1. Underlying merchants must be submitted Banks must obtain TPPP and TPS portfolios In totality Each new boarded customer

40 2. Merchant intel finds connections Random sample of many years of merchant history data Historical data provides access to deeper of level connections so we can better detect bad actors By using these known connections, Data Science can make better predictions of merchant violations

41 Connections: a case study Over $1MM of fraudulent charges from a company offering translation services Merchant 1 URL 1 Merchant ID 1 Acquirer

42 Connections: findings After network investigation was complete Merchant 83 Related URLs 56 Merchant IDs 32 Acquirers

43 Merchant relationship mapping Charting relationships throughout the payment value chain 43

44 3. Merchant intel enables predictive modeling Key data points: Public information 1. Blacklists and whitelists (OFAC, PEP, NABP, etc.) 2. Reputation data (aggregated from multiple sources) Proprietary information 1. Historical data on merchants and individuals 2. Past fraud and content violations 3. Connections between individuals and businesses Data science predicts likelihood of compliance violations or fraud

45 Predictive modeling: case study 1. UK bank onboards Merchant X and submitted portfolio for review 2. Vendor reports Merchant X as high risk after detecting likelihood of past fraud (2 of 5 data points matched previous bad actor) 3. Merchant X instantly began fraudulent activity, which was not immediately detected in transaction flow Limited Fraud Losses 655 ~ 33, UK bank terminated merchant, limiting fraud to 2% of typical loss Losses from Merchant X Typical losses Proprietary Data + Third Party Data = 99% accurate predictions that can reduce losses

46 4. Merchant intel can yield instant quantification Examples: G2 Compass Score Argos Risk Score Speed Most results <1 second Significantly reduces merchant onboarding time Integration Works in conjunction with your existing core platform solution and enhances existing processes Choice API provides seamless integration with in-house systems or 3 rd party platforms (ex. Zoot) Portal log in to access reports

47 Instant quantification: case study Applications a month Minutes per applications Hours per month ~ 10 full-time staff to review and process

48 3,000 New Applications Prelim Approval 1,830 Applications (61%) Needs Review 420 Applications (14%) Declined 750 Applications (25%)

49 Instant quantification: results Applications a month Minutes per application Hours per month 93% time savings

50 5. Merchant intel powers a risk-based approach

51 Risk-based approach: case study A US Bank faced additional scrutiny for inadequate KYC/KYCC policies. Risk managers lacked tools for effective TPPP oversight, and TPPPs were not adhering to regulations to the same degree the bank was.

52 Risk-based approach: solution The bank created a holistic TPPP oversight management program, including predictive merchant risk tools as the main ingredient. Predictive merchant scoring gave them a more comprehensive risk profile of their TPPPs and underlying merchants. The bank received praise by both external and internal auditors, and retained their merchant relationships and associated revenues.

53 6. Merchant intel can be richly reported Quick snapshot of categories of risk in your portfolio Benchmarking data to compare portfolio to the broader industry Continually evaluate your boarding process

54 Rich reporting: example Compare portfolio to rich database of risk information across the industry Helps to assess both positive and negative risk

55 Merchant intel for KYCC: summary 1. Underlying merchants 2. Historical connections 3. Predictive modeling 4. Instant quantification 5. Risk-based approach 6. Rich reporting

56 KYCC strategies for TPPPs and TPSs Risk officers face exceptional uncertainty Regulators have offered qualified guidance New tools present partial solutions An additional level of intelligence is required Key elements Implementation

57 Implementation Tips Partner with TPPPs and TPSs on implementation Pass on investments in tools and analysts Encourage (stipulate) third parties to implement beneficial systems and processes Learn from regulatory and association best practices OCC and FDIC guidelines CMS from TPPPA NACHA guidelines Build systems and processes incrementally Start with hosted web services Then integrate into in-house platforms via APIs

58 MERCHANT INTELLIGENCE FOR 3 RD PARTIES Reduce Regulatory Burden Decrease Risk Decide Faster

59 Thank you! Dan Frechtling Steve Clendaniel

Managing TPPPs and TPSs in the Current Regulatory Environment

Managing TPPPs and TPSs in the Current Regulatory Environment November 2015 Managing TPPPs and TPSs in the Current Regulatory Environment Prepared by: Jodie Ruby, Director Audience: This document is intended for managers, directors and executives who deal with business

More information

Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers.

Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers. Get In Tune With Third Parties: Finding the harmonies between Third Party Senders, Originators, and Customers. Marsha Jones President TPPPA Brent Siegel Vice President Argos Risk 1 1 AGENDA/OUTLINE Third-Party

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay

More information

To: Our Clients and Friends March 25, 2014

To: Our Clients and Friends March 25, 2014 Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors

More information

Executive Fraud Forum October 30, 2013

Executive Fraud Forum October 30, 2013 Executive Fraud Forum October 30, 2013 Payments Fraud Trends Mary Kepler, Director, Retail Payments Risk Forum, Federal Reserve Bank of Atlanta Judy Long, Executive Vice President, First Citizens National

More information

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014)

GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July 2014) Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Financial Institution Letter FIL-127-2008 November 7, 2008 GUIDANCE ON PAYMENT PROCESSOR RELATIONSHIPS (Revised July

More information

Identifying Key Risk Indicator

Identifying Key Risk Indicator PUERTO RICO PAYMENTS SYMPOSIUM Identifying Key Risk Indicator EPOCPR Services Agenda for Today Background History Regulators & Risk Management Let s have fun Regulators & Risk Assessment ACH Risks Categories

More information

AIM for Success and Effectively Manage High Risk Originators

AIM for Success and Effectively Manage High Risk Originators AIM for Success and Effectively Manage High Risk Originators Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay Brent Siegel Vice President, Argos Risk Disclaimer This presentation

More information

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management

More information

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Vendor Risk Management in the New Regulatory Environment. kpmg.com Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

Managing your community bank s ACH and demand draft risk By George F. Thomas

Managing your community bank s ACH and demand draft risk By George F. Thomas Payment Protocols Managing your community bank s ACH and demand draft risk By George F. Thomas Would anyone in their right mind attempt to drive a car blindfolded? Well, the answer would be an emphatic

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Third-Party Payment Processing and Financial Crimes March 14, 2012

Third-Party Payment Processing and Financial Crimes March 14, 2012 Third-Party Payment Processing and Financial Crimes March 14, 2012 Michael Benardo Chief, Cyber Fraud & Financial Crimes Section Division of Risk Management Supervision Federal Deposit Insurance Corporation

More information

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red

More information

Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008

Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008 Know Your Customer & Know Your Customer s Customers (KYCC) BITS ACH Fraud Risk Subgroup Presented by George Thomas November 19, 2008 Agenda Theme and Issue Types of Third Party Processors Risk from Third

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014

More information

one admin. one tool. Providing instant access to hundreds of industry leading verification tools.

one admin. one tool. Providing instant access to hundreds of industry leading verification tools. 2 7 12 14 11 15 8 16 10 41 40 42 19 49 45 44 50 48 47 51 46 52 53 55 54 56 57 67 68 1 5 39 43 58 71 81 82 69 70 88 25 29 23 26 22 3 21 28 4 6 32 30 38 33 31 37 34 35 36 63 59 64 60 62 61 65 72 73 66 74

More information

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management

Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management Who s Your Vendor? Secondary Market Compliance and Title Agent Vendor Management 2015 LBA Bank Counsel Conference Marx Sterbcow, Managing Attorney, Sterbcow Law Group The Bureau s Scrutiny of Vendor Management

More information

VENDORINSIGHTU P D A T E

VENDORINSIGHTU P D A T E VENDORINSIGHTU P D A T E November 12, 2013 COMPLIANCE VendorINSIGHT is the industry-leading solution for financial institutions offering the most features and capabilities for vendor risk monitoring. Ask

More information

Third Party Payment Processors Job Aid

Third Party Payment Processors Job Aid Third Party Payment Processors Job Aid This job aid is to be used by state institution examiners as a means to understand, identify, and assess the risks associated with institutions relationships with

More information

Payment Processor Relationships Revised Guidance

Payment Processor Relationships Revised Guidance Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:

More information

Compliance and Ethics at the Federal Reserve Bank of New York

Compliance and Ethics at the Federal Reserve Bank of New York Compliance and Ethics at the Federal Reserve Bank of New York Operational Risk and Internal Audit Course Marina Adams, Compliance Officer and AVP David K. Clune, Compliance and Ethics Officer Kevin White,

More information

Third-Party Risk Management: Busting Myths and Telling Truths

Third-Party Risk Management: Busting Myths and Telling Truths Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendor Compliance Management Series: Performing an Effective Risk Assessment Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must

More information

Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators

Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators Don t Originate in the Dark: Shine Some Light on Your Third-Party Senders and Their Originators This ACH risk management white paper examines the risks related to ACH transactions processed by Third-Party

More information

Knowing your customers and their customers and their customers and so on and so on

Knowing your customers and their customers and their customers and so on and so on Knowing your customers and their customers and their customers and so on and so on Identifying your Third-Party s and their Nested s This ACH risk management white paper provides an overview of ACH relationships

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Risk Management of Remote Deposit Capture

Risk Management of Remote Deposit Capture Federal Financial Institutions Examination Council 3501 FAIRFAX DRIVE ROOM 3086 ARLINGTON, VA 22226-3550 (703) 516-5487 http://www.ffiec.gov Background and Purpose Risk Management of Remote Deposit Capture

More information

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes

More information

Validating Third Party Software Erica M. Torres, CRCM

Validating Third Party Software Erica M. Torres, CRCM Validating Third Party Software Erica M. Torres, CRCM Michigan Bankers Association Risk Management & Compliance Institute September 29, 2014 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT

More information

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk

THE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top

More information

2014 Financial Services Industry Compliance Benchmark Study

2014 Financial Services Industry Compliance Benchmark Study 2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals

More information

ACH Operations Bulletin #2-2013

ACH Operations Bulletin #2-2013 ACH Operations Bulletin #2-2013 High-Risk Originators and Questionable Debit Activity March 14, 2013 EXECUTIVE SUMMARY Recent press reports have inaccurately stated that some Receiving Depository Financial

More information

EFT Industry and BSA/AML Dan Altman

EFT Industry and BSA/AML Dan Altman EFT Industry and BSA/AML Dan Altman Sr. IT and Risk Consultant Background Dan Altman, Sr. IT and Risk Consultant SHAZAM Internal Audit SHAZAM Secure o IT Exam, ACH Exam, BSA Exam, IT Consulting, Security

More information

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

O OCC BULLETIN OCC 2006-39. Automated Clearing House Activities. Risk Management Guidance

O OCC BULLETIN OCC 2006-39. Automated Clearing House Activities. Risk Management Guidance O OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Automated Clearing House Activities Description: Risk Management Guidance TO: Chief Executive Officers, Chief Risk Officers,

More information

FinTech Webinar Series: Vendor Management Principles

FinTech Webinar Series: Vendor Management Principles FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special

More information

ANTI-MONEY LAUNDERING FOR LENDERS

ANTI-MONEY LAUNDERING FOR LENDERS ANTI-MONEY LAUNDERING FOR LENDERS Ari Karen Offit Kurman akaren@offitkurman.com 240.507.1740 Bill Heyman Offit Kurman wheyman@offitkurman.com 301.575.0393 THE RATIONALE FOR THE NEW REGULATIONS The Financial

More information

Statement of Guidance: Outsourcing All Regulated Entities

Statement of Guidance: Outsourcing All Regulated Entities Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on

More information

A Cautionary Tale Plus Cross-Channel Risk

A Cautionary Tale Plus Cross-Channel Risk Dan Tobin A Cautionary Tale Plus Cross-Channel Risk IT Examiner Supervision, Regulation & Credit Dan.tobin@bos.frb.org Agenda A Cautionary Tale Shames-Yeakel v. Citizens Financial Bank Cross-Channel Risk

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Any business relationship between a bank and another entity, by contract or otherwise

Any business relationship between a bank and another entity, by contract or otherwise An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise

More information

Increasingly community banks are turning to

Increasingly community banks are turning to A system of ACH risk-management valves can help banks bypass the big loss By Jeanette A. Fox and Cary Whaley Increasingly community banks are turning to payments, specifically Automated Clearing House

More information

Fraud Risk Management Procedures

Fraud Risk Management Procedures Fraud Risk Management Procedures 1. Introduction KCE Electronics Public Company Limited ( KCE or the Company ) is committed to achieving the highest levels of business integrity, morals and transparency

More information

Growing Vendor Management

Growing Vendor Management V E N D O R M A N A G E M E N T P R O F I L E S E R I E S A Wh it e Pap e r by Ve n d or I NS I G HT an d C MPG, L L C Growing Vendor Management as a Sustainable Business Process with Automated Vendor

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

ACH Operations Bulletin #1-2014

ACH Operations Bulletin #1-2014 ACH Operations Bulletin #1-2014 Questionable ACH Debit Origination: Roles and Responsibilities of ODFIs and RDFIs September 30, 2014 Replaces ACH Operations Bulletin #2-2013 (Originally Issued March 14,

More information

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory

More information

You Can t Afford the Risks

You Can t Afford the Risks Anti-Money Laundering You Can t Afford the Risks Audit Tax Advisory The Risks Associated With AML/Sanctions Compliance Are Just Too Great to Ignore Continued increases in regulatory scrutiny and rigorous

More information

Electronic Transactions Association Guidelines on Merchant and ISO Underwriting and Risk Monitoring

Electronic Transactions Association Guidelines on Merchant and ISO Underwriting and Risk Monitoring TM MARCH 2014 Electronic Transactions Association Guidelines on Merchant and ISO Underwriting and Risk Monitoring DEVELOPED BY www.deanarich.com COUNSEL Venable LLP Jeffrey D. Knowles Ellen Traupman Berge

More information

Putting the Management Back in Vendor Management February 20, 2014

Putting the Management Back in Vendor Management February 20, 2014 Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan

More information

FDIC Updates Guidance on Payment Processor Relationships

FDIC Updates Guidance on Payment Processor Relationships February 2012 FDIC Updates Guidance on Payment Processor Relationships BY KEVIN L. PETRASIC In its recently issued Financial Institution Letter, FIL-3-2012, the Federal Deposit Insurance Corporation (

More information

Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper

Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper Third-Party Sender Case Studies: ODFI Best Practices to Close the Gap An ACH Risk Management White Paper This ACH risk management white paper examines three case studies related to Third-Party Sender Risk.

More information

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are

More information

Outsourcing in the Financial Services Industry: Finding Opportunities and Managing Risk. New York. OCC and FRB Guidance on Managing Third-Party Risk

Outsourcing in the Financial Services Industry: Finding Opportunities and Managing Risk. New York. OCC and FRB Guidance on Managing Third-Party Risk March 24, 2014 If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or your regular Skadden contact. Stuart D. Levi New York / 212.735.2750

More information

Safer food supply chains why assessments are great news for your business

Safer food supply chains why assessments are great news for your business Safer food supply chains why assessments are great news for your business Article By Vel Pillay, a food safety expert for LRQA America; and Cor Groenveld, Global Food Product Manager of LRQA and chairman

More information

MARKET CONDUCT ASSESSMENT REPORT

MARKET CONDUCT ASSESSMENT REPORT MARKET CONDUCT ASSESSMENT REPORT PART 1 STATUTORY ACCIDENT BENEFITS SCHEDULE (SABS) PART 2 RATE VERIFICATION PROCESS Phase 1 (2012) Financial Services Commission of Ontario (FSCO) Market Regulation Branch

More information

C2 Financial Corporation Anti Money Laundering Program and Suspicious Activity Reporting (AML Program)

C2 Financial Corporation Anti Money Laundering Program and Suspicious Activity Reporting (AML Program) C2 Financial Corporation Anti Money Laundering Program and Suspicious Activity Reporting (AML Program) Purpose: This program is being established and implemented by C2 Financial Corporation (C2) as an

More information

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting

Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Consulting and Professional Services Designing an Operational Risk Program for a Community Bank Stephan Salvador Managing Director, Risk Management Consulting Designing an Operational Risk Program for

More information

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready.

3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready. 3 rd Party Risk Management is Broken Critical Vendors Should be Exam-Ready. Abstract: Kudos to the FFIEC agencies efforts to bring more attention and effort to managing 3rd party risk. With so much focus

More information

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com

More information

Navigating Vendor Management Issues in Today s Regulatory Environment

Navigating Vendor Management Issues in Today s Regulatory Environment Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational

More information

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?

HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS

THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern

More information

The Role of Internal Audit in Risk Governance

The Role of Internal Audit in Risk Governance The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any

More information

Preparing for the HITECH September Deadline: Tips for Negotiating Effective Business Associate Agreements under HIPAA.

Preparing for the HITECH September Deadline: Tips for Negotiating Effective Business Associate Agreements under HIPAA. Preparing for the HITECH September Deadline: Tips for Negotiating Effective Business Associate Agreements under HIPAA July 29, 2014 Meet Today s Speakers James B. Wieland Principal, Ober Kaler jbwieland@ober.com

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

THIRD PARTY PAYMENT PROVIDERS

THIRD PARTY PAYMENT PROVIDERS THIRD PARTY PAYMENT PROVIDERS BY DARLIA FOGARTY, DIRECTOR OF COMPLIANCE & COO KNOWLEDGE. CLARITY. RELIABILITY. www.compliancealliance.com (888) 353-3933 THIRD PARTY PAYMENT PROCESSORS Third Party Payment

More information

Instructions for Completing the Information Technology Officer s Questionnaire

Instructions for Completing the Information Technology Officer s Questionnaire Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine

More information

Vendor Management Best Practices

Vendor Management Best Practices Vendor Management Best Practices Presented by: Raji Sathappan, MBA, CRCM, CISA, CAMS FMS East Coast Regional Conference September 2015 Certified Public Accountants Consultants Wealth Management Technology

More information

COMPLIANCE MANAGEMENT SYSTEM

COMPLIANCE MANAGEMENT SYSTEM COMPLIANCE MANAGEMENT SYSTEM Ensuring Your Bank Meets Regulatory Standards Overview of Compliance Exams Examination Purpose: Assess the quality of an institution s compliance management system (CMS) for

More information

Business Information Services. Product overview

Business Information Services. Product overview Business Information Services Product overview Capabilities Quality data with an approach you can count on every step of the way Gain the distinctive edge you need to make better decisions throughout the

More information

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control

Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control Bank Secrecy Act, Anti-Money Laundering, and Office of Foreign Assets Control Overview The Bank Secrecy Act (BSA) was created in 1970 to assist in criminal, tax, and regulatory investigations. The Financial

More information

Sample Financial institution Risk Management Policy 2011

Sample Financial institution Risk Management Policy 2011 Sample Financial institution Risk Management Policy 2011 1 Contents Risk Management Program...2 Internal Control and Risk Management Diagram... 2 General Control Environment... 2 Specific Internal Control

More information

Cloud Vendor Evaluation

Cloud Vendor Evaluation Cloud Vendor Evaluation Checklist Life Sciences in the Cloud Cloud Vendor Evaluation Checklist What to evaluate when choosing a cloud vendor in Life Sciences Cloud computing is radically changing business

More information

INSIDER TRADING POLICY

INSIDER TRADING POLICY INSIDER TRADING POLICY PURPOSE: U.S. federal securities laws prohibit the purchase and sale of securities at a time when the person possesses material, non-public information (positive or negative) concerning

More information

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

VIRGINIA ASSOCIATION OF COMMUNITY BANKS

VIRGINIA ASSOCIATION OF COMMUNITY BANKS VIRGINIA ASSOCIATION OF COMMUNITY BANKS Spring Internal Audit / Risk Seminar Presented by Lee G. Lester May 26, 2016 Regulatory Hot Topics > De-Risking > Marketplace Lending > Consumer protection initiatives

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin

More information

Attachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

Attachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment Attachment OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment The guidance below was issued by the Office of the Comptroller of the Currency (OCC)

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

EFFECTIVE MONITORING: MANAGING INQUIRIES, INVESTIGATIONS

EFFECTIVE MONITORING: MANAGING INQUIRIES, INVESTIGATIONS EFFECTIVE MONITORING: MANAGING INQUIRIES, INVESTIGATIONS AND THE REPORTING OF SUSPICIOUS ACTIVITY Managing the Inventory External Inquiries 1 314 (a) 2 314 (b) 3 Law Enforcement Inquiries Grand Jury Subpoenas

More information

BANK EXAMINERS MANUAL FOR AML/CFT RBS EXAMINATION

BANK EXAMINERS MANUAL FOR AML/CFT RBS EXAMINATION BANK EXAMINERS MANUAL FOR AML/CFT RBS EXAMINATION 1 Contents 1. EXAMINATION PROCEDURES ON SCOPING AND PLANNING 1..1 2. EXAMINATION PROCEDURES OF AML/CFT COMPLIANCE PROGRAM...3.. 3 3. OVERVIEW OF AML/CFT

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Third-Party Cybersecurity and Data Loss Prevention

Third-Party Cybersecurity and Data Loss Prevention Third-Party Cybersecurity and Data Loss Prevention SESSION ID: DSP-W04A Brad Keller Sr. Vice President Santa Fe Group Jonathan Dambrot, CISSP CEO, Co-Founder Prevalent Networks 3rd Party Risk Management

More information