Governance

NY DFS Cybersecurity Regulation: Are your 3rd Party Controls in Place Before the Hammer Drops?

With the March 1, 2019 deadline looming for complying with NY’s Cybersecurity regulation, the NY DFS must be licking its chops at the prospect of imposing fines. Actually, I’m sure they really hope that all covered entities are up to snuff and have sent in their signed certifications or exemptions. “Signed certifications or exemptions?” you ask. [...]

3rd Party CryptoCurrency Risk & Controls: Hot Wallets? Cold Wallets? Standards? Insurance?

February 5, 2019 Copyright 2019 Compliance Education Institute If you’re considering or have already taken the plunge into cryptocurrency as an asset or a viable form of payment or value, then you’ve likely engaged a 3rd party as a repository or an exchange. Like any other vendor managing our deposits/transactions/assets, we must certainly be concerned about [...]

2019-02-05T10:20:38+00:00February 5th, 2019|3rd Party Risk, Audit, ERM, Governance, Risk, Vendor Management|0 Comments

3rd Party Code of Conduct as a Contractual Condition for Termination

While most companies have Code of Conduct for staff, not as many require their 3rd parties to sign such a document. Even fewer include violation of that Code of Conduct as a condition for cancellation of contract. As we all know, being associated with a 3rd party that has received adverse attention in the media could [...]

You’re Not Too Small for Multiple Lines of Defense

Classic risk management employs 3 lines of defense. But there's also a possible 4th line when it comes to regulatory issues, specifically vendor management. Please note that I have seen multiple titles that fit the roles below so don't get hung up on the titles. If you're a smaller institution and you wear multiple hats, you [...]

Plan Your Exit Before You Outsource!

When considering outsourcing a service, it's essential to have an Exit Strategy in place so that you can transition the service to another vendor or bring it back in house prior to or at the end of the contract term. This should be done before you even consider searching for a vendor. A well thought out [...]