LINKED: Vendor Risk Management: When It’s Done Right, It’s Never Done

Vendor risk management is a lot like counting inventory at a mom-and-pop store: It’s a continuous process. That’s one of the insights from a new article posted on the American Bankers Association (ABA) Banking Journal this week.

  • Security consultant Eric Holmquist says smaller banks often focus on two or three core vendors that post the most risk, but that smaller vendors and second-tier vendors also pose a major risk.
  • Michele Sullivan, a partner at Crowe Horwath, says that third party risk needs to be a continuous process, not just an assessment that occurs at the beginning of an engagement.
  • The expectation from regulators on third parties is that banks need to monitor their activities as if they were conducting those activities themselves.
  • There’s a shortage of talent in the market when it comes to risk management. “As the laws and regulations become more complex, and vendor risk management is a piece of that, it’s taken a toll on how many experts are available, ” says Ryan Rasske, SVP of risk and compliance at ABA.

Read the full article here, or visit our new Vendor Risk resource page.



Share this post:

Glen Gower

About the author

Glen is the director of marketing and communications at Iceberg.