Third Party Vendor Risk Assessment for Financial Firms - Rules, Regulations, and Best Practices
OVERVIEW No Cyber Security Plan is complete without a Third Party VendorReview and Risk Assessment. This Session will help financial firms start the process as well as maintain an existing process. On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) issued the 2015 Cyber security Examination Initiatives. One of those initiatives relates to how financial firms are conducting due diligence reviews of their Vendors. Many firms are not prepared to conduct this type of due diligence on the firms they partner with. Many of the third party vendors, such as the firm’s CPAs, program providers, and outsourced IT firms may not even realize they are subject to this type of scrutiny from their clients or even understand how to answer their questions. With cyber security and privacy Issues being an on-going area of concern for all areas of finance, the third party vendor and risk assessment will be a focus of regulatory exams as well as a significant busin...