Strunk
  • Partners
    • Econocheck
    • Quilo
  • Markets
    • Financial Services
    • Service Providers
    • Healthcare
  • Our Software
    • Pricing Manager
    • Risk Assessor
    • Policy Manager
    • Controls Manager
    • Issues Manager
    • Vendor Manager
    • Skills Manager
    • Overdraft Privilege
  • Connect
    • The Strunk Perspective
    • Contact Us
  • Login
  • DEMO
  • Menu Menu
  • Twitter
  • LinkedIn

What is a Fourth Party Vendor and Why Should I Care About Their Risk

August 18, 2021/in Banks, Compliance, Credit Unions, Financial Services, Markets, Vendor Manager/by Joel Lawrence

Fourth-party risk is rising to the top of most auditors and examiners list when it comes to evaluating financial institutions vendor management program.  Fourth parties are your vendor’s third parties and subcontractors.  These vendors you will not have a direct contract; however, your vendor does, and relies on these vendors to produce a product or service for them.  Most of the time these vendors will be visible in your vendor’s SOC reports and should also be easily identified by your vendor as those classified as critical in their own vendor management program.

Financial Institutions should care about fourth-party vendors risk, because they are subject to the same risk as your vendors, which puts you at the same risk without having the same oversight that you have over your own vendors. Financial institutions are ultimately responsible for the protection of their customers data, sometimes a fourth-party vendor can expose the financial institution to reputational, operational or cybersecurity risk.  All it takes is a single opening for a threat to compromise protected information.  Like any risk, there can be serious business implications, from fines to legal issues which can negatively affect a business if the fourth-party risk is unchecked.

The most effective way to manage fourth-party risk is to build a mature, comprehensive vendor risk management program.  If you have the right practices and processes in place, then incorporating fourth parties into those processes should feel manageable and mostly seamless.  Your vendor management program should help you identify your most critical vendors.  Once you do that you can ask them who their vendors are; what products and services do they provide to the vendor that cause them to be classified as critical to their operations; and what due diligence on the fourth-party vendor has your vendor perform on them.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail
https://strunkaccess.com/wp-content/uploads/2021/08/palm-1701986_1280.jpg 1280 960 Joel Lawrence https://strunkaccess.com/wp-content/uploads/2022/03/Strunk-Original-300x100.png Joel Lawrence2021-08-18 10:00:592021-09-01 03:19:05What is a Fourth Party Vendor and Why Should I Care About Their Risk

Recent Articles

  • 2023 Potential FocusMarch 29, 2023 - 10:00 am
  • Strunk at the ICBA’s Live 2023March 22, 2023 - 10:00 am
  • Communicating Alternatives to Overdraft PrivilegeMarch 15, 2023 - 10:00 am
  • Strunk Response to Recent Overdraft HeadlinesMarch 8, 2023 - 10:00 am

GRC Topics

  • Banks
  • COCC
  • Compliance
  • Credit Unions
  • Financial Services
  • FINSYNC
  • Markets
  • Overdraft Privilege
  • Perspectives
  • Policy Manager
  • Pricing Manager
  • Quilo
  • Risk Manager
  • Sales
  • SOC2
  • Tips
  • Uncategorized
  • Vendor Manager
  • WBA
Schedule A Demo

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.

© Copyright - Strunk | Privacy Policy | Security Policy | Business Continuity Policy
Scroll to top
Meet Quilo, Your All Digital Lending Officer