Vendor Management

Realigned Your Vendor Management Program Lately? The Effects and Benefits of a Global Paradigm Shift

As a company that specializes in 3rd Party Risk Management education & training, automated solutions, and consulting, we witnessed the pandemic cause many institutions to scramble to identify their vendors, search for contracts, wonder about their vendors’ capacity and resilience, business continuity plans, and financial viability during this unprecedented time. Those who felt they were not [...]

Vendor Management Resolution 2021: Don’t Let This Happen To YOU!

December 30, 2020 Mick Kless, CEO A while back, one of our community bank clients selected a new automated vendor management solution from a well-known vendor in the industry. The client and vendor will remain nameless for confidentiality purposes. My direct client contact was the Vendor Program Manager who was also a part of the Accounts [...]

2020-12-30T15:09:23-05:00December 30th, 2020|3rd Party Risk, Compliance, ERM, TPRM, Vendor Management|0 Comments

The Business Case for Assessing Vendor Performance

The Business Case for Assessing Vendor Performance © Compliance Education Institute While many of us continue to analyze our vendor inventories and our vendors’ Disaster Recovery, Business Continuity and Pandemic Plan plans as we manage through the COVID-19, we should also be scrutinizing contracts for Service Level Agreements (SLA’s), the quantitative measurable metrics to which vendors [...]

Compliance Education Institute Teams with Fortrex Technologies to Provide Document Assessment Services

New Strategic Partnership Announcement Compliance Education Institute and Fortrex Technologies, LLC partner to deliver comprehensive services   May 1, 2019 – Furthering their dedication to provide comprehensive third party risk management (TPRM) services, Compliance Education Institute and Fortrex Technologies, LLC, are pleased to announce our new strategic partnership. Compliance Education Institute provides comprehensive, detailed, and practical [...]

NY DFS Cybersecurity Regulation: Are your 3rd Party Controls in Place Before the Hammer Drops?

With the March 1, 2019 deadline looming for complying with NY’s Cybersecurity regulation, the NY DFS must be licking its chops at the prospect of imposing fines. Actually, I’m sure they really hope that all covered entities are up to snuff and have sent in their signed certifications or exemptions. “Signed certifications or exemptions?” you ask. [...]

3rd Party CryptoCurrency Risk & Controls: Hot Wallets? Cold Wallets? Standards? Insurance?

February 5, 2019 Copyright 2019 Compliance Education Institute If you’re considering or have already taken the plunge into cryptocurrency as an asset or a viable form of payment or value, then you’ve likely engaged a 3rd party as a repository or an exchange. Like any other vendor managing our deposits/transactions/assets, we must certainly be concerned about [...]

2019-02-05T10:20:38-05:00February 5th, 2019|3rd Party Risk, Audit, ERM, Governance, Risk, Vendor Management|0 Comments

Simple Things to Lower Your Vendor Management Program Risk Profile

I recently conducted a Vendor Management Program Audit and Risk Assessment as a part of our Advisory Services for a midsize financial institution. Performing both gives you a more complete picture of where the institution is at and helps document current state, desired state, gap analysis and create a prioritized road map for a healthier program. This particular [...]

2017-10-20T08:04:48-04:00October 20th, 2017|3rd Party Risk, Audit, Compliance, Risk, Vendor Management|0 Comments

3rd Party Breaches – Are YOU Reaching Out to Your Customers/Members?

Okay, the Equifax breach wasn't your fault. Neither was the Home Depot breach, Target breach, etc., etc. Thus, the Data Breach Notification regs don't apply to you so you're clear of any responsibility. Or are you? I scoured a couple hundred bank and credit union websites this weekend and found that very few provided any information [...]

3rd Party Code of Conduct as a Contractual Condition for Termination

While most companies have Code of Conduct for staff, not as many require their 3rd parties to sign such a document. Even fewer include violation of that Code of Conduct as a condition for cancellation of contract. As we all know, being associated with a 3rd party that has received adverse attention in the media could [...]

SSAE 18: A Practical Analysis for 3rd Party Risk Management

I've read a ton of SSAE 18 analyses ranging from comic book style infographics with inadequate, lightweight, poorly explained content to others that are very detailed, well written analyses targeting auditors. I particularly like Ryan Buckner's concise, practical analysis in ACCOUNTING TODAY. In any case, I've had many requests from our Certified Regulatory Vendor Program Managers [...]

2017-03-16T12:42:05-04:00March 10th, 2017|3rd Party Risk, Audit, Risk, Vendor Management|0 Comments