Vet your vendors

New federal guidance for third-party risk management may be on the horizon.

Elevated regulatory expectations for identifying and addressing the risks inherent in vendor relationships are at the heart of proposed guidance recently unveiled by federal banking agencies—a sign that credit unions should also prepare for increased scrutiny.

Enacting this guidance shouldn’t rest solely with compliance officers. Instead, it will require a more rigorous partnership among IT managers, compliance and risk management professionals, and the business owners of vendor-provided services.

These guidelines are intended to respond to ever-widening risks threatening the technology-reliant financial services industry, as demonstrated by real-life emergencies keeping corporate executives and IT teams awake at night. CUs are not immune to cyberattacks like the one that shut down Colonial Pipeline this spring and led to panic-driven gas shortages. Sophisticated ransomware attacks that stretched across supply chains turned software developers SolarWinds and Kaseya into cautionary tales.


continue reading »