Vendor Management has been a concerning issue for financial institutions for some time. Regulatory agencies such as the Federal Trade Commission, the Office of Foreign Assets Control, and the Federal Financial Institutions Examination Council are scrutinizing how financial institutions (FIs) manage their outsourced vendors.
The Federal Deposit Insurance Corporation (FDIC) has declared that an institution can “outsource a service, but not the duty,” implying that financial institutions have the responsibility for compliance. Because of this, it makes proper vendor management a critical duty for financial institutions, which must hold vendors to certain requirements. It is important to understand which vendors that you engage with will have access to your customers data and what type of data will they have access to.
Risk is always present, recognizing and controlling the hazards associated with the vendor with whom a financial institution does business necessitates regular monitoring and review. Strunk has created an area to capture what type of data that each one of your vendors collect. Strunk’s Vendor Manager software also helps you mitigate your exposure by capturing the threat, likelihood of the threat, risk, and what control does the vendor have for that risk. Monitoring these areas effectively will help prevent from operational disruptions, reputational loss, matters requiring attention, consent orders, litigations, and fines.