ERM Archives - Compliance Education Institute

Realigned Your Vendor Management Program Lately? The Effects and Benefits of a Global Paradigm Shift

As a company that specializes in 3rd Party Risk Management education & training, automated solutions, and consulting, we witnessed the pandemic cause many institutions to scramble to identify their vendors, search for contracts, wonder about their vendors’ capacity and resilience, business continuity plans, and financial viability during this unprecedented time. Those who felt they were not [...]

Mick Kless2021-06-08T07:59:51-04:00June 8th, 2021|3rd Party Risk, Business Continuity, ERM, Governance, GRC, Risk, TPRM, Vendor Management|0 Comments

Vendor Management Resolution 2021: Don’t Let This Happen To YOU!

December 30, 2020 Mick Kless, CEO A while back, one of our community bank clients selected a new automated vendor management solution from a well-known vendor in the industry. The client and vendor will remain nameless for confidentiality purposes. My direct client contact was the Vendor Program Manager who was also a part of the Accounts [...]

Mick Kless2020-12-30T15:09:23-05:00December 30th, 2020|3rd Party Risk, Compliance, ERM, TPRM, Vendor Management|0 Comments

Compliance Education Institute Teams with Fortrex Technologies to Provide Document Assessment Services

New Strategic Partnership Announcement Compliance Education Institute and Fortrex Technologies, LLC partner to deliver comprehensive services May 1, 2019 – Furthering their dedication to provide comprehensive third party risk management (TPRM) services, Compliance Education Institute and Fortrex Technologies, LLC, are pleased to announce our new strategic partnership. Compliance Education Institute provides comprehensive, detailed, and practical [...]

Mick Kless2019-05-01T10:59:50-04:00May 1st, 2019|3rd Party Risk, Audit, Business Continuity, Compliance, ERM, Governance, Risk, TPRM, Vendor Management|0 Comments

NY DFS Cybersecurity Regulation: Are your 3rd Party Controls in Place Before the Hammer Drops?

With the March 1, 2019 deadline looming for complying with NY’s Cybersecurity regulation, the NY DFS must be licking its chops at the prospect of imposing fines. Actually, I’m sure they really hope that all covered entities are up to snuff and have sent in their signed certifications or exemptions. “Signed certifications or exemptions?” you ask. [...]

Mick Kless2019-02-11T13:07:45-05:00February 11th, 2019|3rd Party Risk, Audit, BCP, Business Continuity, Compliance, ERM, Governance, GRC, Information Security, Risk, Vendor Management|0 Comments

3rd Party CryptoCurrency Risk & Controls: Hot Wallets? Cold Wallets? Standards? Insurance?

February 5, 2019 Copyright 2019 Compliance Education Institute If you’re considering or have already taken the plunge into cryptocurrency as an asset or a viable form of payment or value, then you’ve likely engaged a 3rd party as a repository or an exchange. Like any other vendor managing our deposits/transactions/assets, we must certainly be concerned about [...]

Mick Kless2019-02-05T10:20:38-05:00February 5th, 2019|3rd Party Risk, Audit, ERM, Governance, Risk, Vendor Management|0 Comments

You’re Not Too Small for Multiple Lines of Defense

Classic risk management employs 3 lines of defense. But there's also a possible 4th line when it comes to regulatory issues, specifically vendor management. Please note that I have seen multiple titles that fit the roles below so don't get hung up on the titles. If you're a smaller institution and you wear multiple hats, you [...]

complianceWP2017-03-16T12:49:14-04:00October 16th, 2016|3rd Party Risk, Audit, Compliance, ERM, Governance, GRC, Risk, Vendor Management|0 Comments

No such thing as Vendor Risk!

Alright, so I'm going out on a limb to get some feedback and I hope that those of you reading this will do so. In our advanced Certified Regulatory Vendor Program Manager (CRVPM Level II) course, I note that there has been a great deal of focus in the industry on Vendor Risk/Third Party Risk but... [...]

complianceWP2017-03-16T12:50:23-04:00August 16th, 2016|3rd Party Risk, ERM, Governance, GRC, Risk, Vendor Management|0 Comments

Are your vendors delivering value beyond just meeting SLA’s? How are you measuring their value?

How do you measure your vendor's value? s vendor management programs mature, we need to understand the value a vendor delivers beyond meeting its Service Level Agreements. While we frequently outsource significant functions (critical and high risk) because a vendor can help us meet our strategic goals, including doing something better/faster/cheaper, what else are we obtaining [...]

complianceWP2017-03-16T12:51:57-04:00May 22nd, 2016|3rd Party Risk, Compliance, ERM, GRC, Risk, Vendor Management|0 Comments

Critical Vendor or Critical FUNCTION?

You have HOW MANY critical vendors?!?!?!?!? I always find the perception of CRITICAL VENDOR to be very interesting. As Certified Regulatory Vendor Program Managers (CRVPM) know, when reviewing vendor management programs we typically see way too many vendors listed as critical, usually for a couple of reasons; 1) either the business unit thinks that their vendors [...]

complianceWP2017-03-16T12:55:25-04:00March 24th, 2016|3rd Party Risk, Audit, ERM, GRC, Risk, Vendor Management|0 Comments

Reassessing Vendor Risk – An Ongoing Necessity

So you've done your initial INHERENT risk rating of your vendor and then conducted your due diligence to determine the RESIDUAL risk and you're comfortable doing business with the vendor so you sign a contract. A year from now you plan to conduct the periodic review. But a number of things might have occurred from the [...]

complianceWP2017-03-16T12:58:50-04:00February 9th, 2016|3rd Party Risk, Audit, ERM, GRC, Risk, Vendor Management|0 Comments