Skip to content
BOL Conferences
Thread Options Tools
#2303107 - 11/06/24 10:34 PM Vendor Compliance Risk Assessment
Banker75 Offline
100 Club
Joined: Sep 2021
Posts: 133
Has anyone come across a risk assessment for vendors that specifically focuses on compliance? Our regulator has recommended that we implement one, but in my research, I’ve only found generic assessments intended for onboarding.

Return to Top
General Discussion
#2303108 - 11/06/24 10:49 PM Re: Vendor Compliance Risk Assessment Banker75
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 84,659
Galveston, TX
I would think that compliance related risk assessment components would vary considerably depending on what sort of vendor you are dealing with. There is a huge difference between say an appraiser or an attorney or a debt collector versus a core system.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2303220 - 11/13/24 05:27 PM Re: Vendor Compliance Risk Assessment Banker75
ACBbank Offline
Power Poster
ACBbank
Joined: Jul 2006
Posts: 4,477
New York City
Compliance with what exactly?
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu

Return to Top
#2303381 - 11/18/24 03:25 PM Re: Vendor Compliance Risk Assessment Banker75
Banker75 Offline
100 Club
Joined: Sep 2021
Posts: 133
@ACBbank - Compliance with the various regulations that fall outside of anything that is IT related. This is something that is new as we have not been required to do this in the past, but they are wanting to see a checklist or risk assessment verifying that we have verified compliance with all of the regulations applicable.

Return to Top
#2303387 - 11/18/24 04:03 PM Re: Vendor Compliance Risk Assessment Banker75
InFairness, CRCM Offline
Platinum Poster
InFairness, CRCM
Joined: Nov 2010
Posts: 968
USA
We have compliance components to our vendor due diligence risk assessment. Which questions/assessments are triggered depends on the services/products the vendor provides and whether they have customer contact. You might find some helpful hints in Interagency Third Party Risk Management and OCC Third Party Risk Management for Community Banks.
_________________________
Opinions are strictly my own, and have nothing to do with my employer.

Return to Top
#2303491 - 11/20/24 09:30 PM Re: Vendor Compliance Risk Assessment Banker75
ACBbank Offline
Power Poster
ACBbank
Joined: Jul 2006
Posts: 4,477
New York City
For our key vendors, we are more interested in if they are complying with our requirements. For example, data encryption, data sharing, who has access to our data, meeting SLAs.
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu

Return to Top