Small banks and credit unions face significant issues regarding the management of their third-party vendors and the risks they present. While the size of these financial institutions (FIs) may be smaller than their counterparts, the regulatory demands on them are just as extensive. When it comes to compliance, the Office of the Comptroller of the Currency (OCC) of the U.S. Department of the Treasury does not take size into consideration.
This white paper proposes a comprehensive, systematic, and reasonable V.A.L.U.E. approach to vendor management:
- Verify your inventory of vendors
- Assign vendor criticality based on operational risk and the classification of data involved
- Launch assessments that are tailored to the products and services provided
- Understand the inherent risks of the vendor relationships based upon the information gathered
- Educate stakeholders regarding the results of the assessments and the identified areas of risk