- Do you have an effective Vendor Management Policy?
- Do you have an effective Vendor Due Diligence Questionnaire?
- How frequently do you receive vendor compliance audits?
- Do you have an internal Cyber Management Structure?
- Do you have a CISO? Who does s/he report to?
All financial institutions rely on third-party service providers. This introduces cybersecurity risks through connected systems and insider threats. Regulators are placing heightened scrutiny on third-party risk management. As the FDIC says, “a bank can outsource a task, but it cannot outsource the responsibility.”
On Thursday, December 12, 2017, P&D Partner John “Jack” Hewitt will co-host a webinar on cybersecurity. Join our panel of highly-experienced financial and security experts to explore:
Cyber risks created by third parties
What regulators expect from community banks
How to confront cyber risks within your vendor risk management strategy
The webinar, entitled “Third-Party Cyber Risk: From Compliance to Enterprise Risk Management” will focus on cyber risks connected with financial institutions’ reliance on third-party service providers and the relevant regulatory requirements.
This webinar will address the increasing cyber risks involved in the use of third party vendors by banks. It will assess some of the most recent vendor breaches including the Scottrade Bank’s breach. This will include a detailed review of Vendor Management Policies that provide guidance to ensure the security of a firm’s network when being used by its Vendors. It will address all the applicable risk elements including compliance risk, strategic risk, operational risk and others.
Discussions will include due diligence in vendor selection including the development of an effective DDQ, the review of vendor’s cybersecurity program, their use of sub-contractors and insurance coverage. The discussion will review the analysis of all outsourced processes, procedures, and practices relevant to bank’s business to be monitored on a regular basis. This will encompasses all system resources that are owned, operated, maintained, and controlled by vendors and all other system resources, both internally and externally, that interact with these systems.
The panel will review vendor contract provisions that address: internal vendor controls, vendor audits, receipt of copies of all Vendor compliance audits, confidentiality and security procedures, encryption of PII, regulatory compliance, cyber-insurance coverage, business continuity planning, subcontracting, encryption, incident reporting, non-disclosure agreements, data storage, document retention and delivery, breach notification responsibilities, vendor employee access limitations, vendor obligations upon contract termination and an exit strategy.
Included in this will be a discussion of the NYS DFS Cybersecurity Regulation, the DFS Third-Party Service Provider Requirement.
For additional information and to register click here.
