Niki Neese, VP Account Management
Welcome to the third edition of the 2009 Safe Systems Newsletter!
As I have discussed earlier, we have incorporated a compliance topic to the Quarterly System Review that we perform with your financial institution; the objective being to present you with information on the latest compliance trends that we see throughout our customer base.
For the third quarter of ’09, our focus will be on Vendor Management and ensuring that your institution has an effective vendor management program in place. Over the past year, we have seen considerably more focus in this area on examiner questionnaires and third-party assessments. The biggest struggle that we have seen is not in collecting the data from the vendors, but in the actual interpretation of the data. As a service provider for financial institutions, we frequently respond to requests for this type of information. Our goal this quarter is to provide you with a comprehensive vendor management checklist that is referenced from the FFIEC IT Examination Handbook.
As a refresher, it is important to review all critical vendors and rank them based on their operational and GLBA risk. There are a few questions to ask in order to determine the risk factor rating:
- Does the business arrangement require direct access to sensitive data?
- How much information is available to the vendor?
- Can the vendor change/edit information?
- How much control does the financial institution have over the vendor’s access to the information?
Additionally, we’ve been hearing from our customers that examiners have expressed the need to give more attention to their vendors’ financial statement review and cash flow analysis due to the current economic situation. We would also recommend that you consider a backup plan for your cash management vendors. The contingency plan review is a critical component of vendor management, helping you to ensure that your institution has alternative options in place.
As one of your critical service providers, Safe Systems is committed to documenting our process of compliance with industry standards. To this end, we will be completing our SAS 70 during the fourth quarter of this year.
Again, we welcome your suggestions on topics that you would like for us to consider in the upcoming quarterly newsletters. Please email us at email@example.com with your comments and suggestions. We thank you for your support and participation.