Advice on Third-Party Risk Management

third-party risk

Last week I had the good fortune to moderate a webinar on third-party risk management. We had outstanding guests who raised excellent points, and as usual, I ended up taking plenty of notes so that I could pass them along here.  Let’s begin with an appreciation of just how tricky a problem third-party risk management…

Read More

More Help on Third-Party Risk

third-party risk

Banks have fresh guidance this week on how to tackle third-party risk management, and the material offers plenty of good advice on the subject for businesses in any sector.  The guidance comes from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp., and the Federal Reserve, which have been working for…

Read More

The Cracks in Third-Party Risk Management

Another day, another report looking at challenges of third-party risk management. This time the report is from software firm Prevalent, and it’s worth some attention for the conflicting perceptions about third-party risk that it calls out. Foremost, the report is interesting because it defines third-party risk as a cybersecurity and supply chain issue, rather than…

Read More

Some Good Guidance on Third-Party Risk

third-party risk

One of the nation’s top banking regulators just dropped some fresh guidance about third-party risk management, well worth any compliance professional’s time if you’re looking for advice on regulatory compliance or just good insight on third-party risk generally. The Office of the Comptroller of the Currency, regulator for the country’s community banks, published the guidance…

Read More

Survey: Third-Party Data Risk Still a Mess

third-party risk

Another year, another report confirming what most compliance and IT security officers already know: third-party vendors are an enormous security and privacy risk, and oversight of those parties is a mess. That’s the message of a report released Thursday by Opus and the Ponemon Institute, which surveyed more than 1,000 IT and data security professionals…

Read More

Update on Third-Party Risk Programs

third-party risk

Navex Global gave a sneak peek this week of its latest report on third-party risk. The headline: too many compliance departments still rely on paper-based systems to track third parties, and therefore too many probably underestimate the risks their third parties truly pose. The 2018 Navex Global Third-Party Risk Management Benchmark Report, which surveyed 1,200…

Read More

New Report on Third-Party Risk

Navex Global released its newest survey of third-party risk management on Thursday, a report full of statistics that’s well worth reading if you’re a compliance officer trying to benchmark your own program against what other companies do. More than anything else, the numbers in the report tell me that companies’ approach to third-party risk is…

Read More

Third-Party Risks in Decentralized Organizations

third-party risk

Not long ago I came across a study of third-party risk management that Deloitte published earlier this summer. I wish I had found it sooner, because it’s crammed with useful insights. So let’s get into it. The report’s big reveal is right in its title, Third-Party Governance & Risk Management: Addressing Challenges of Decentralization. Deloitte…

Read More

A Small Bank’s Big Lessons About Risk

risk

Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…

Read More

More on Managing ‘ChatGPT Risk’

ChatGPT

Internal auditors, compliance officers, and risk managers looking for more perspective on how artificial intelligence might affect your lives, look no further. A cybersecurity research institute has published a fascinating paper on the potential risks from ChatGPT, with lots of unsettling implications for risk assurance professionals. The paper, titled “I, Chatbot,” comes from Recorded Future,…

Read More