Vendor risk analysis tool | Plante Moran Banks
Navigate Up
Sign In

Vendor risk analysis tool

Are services being outsourced beyond your institution’s direct oversight? Our vendor risk analysis tool can help.

Third-party service providers can perform key functions within a financial institution, and a well-oiled vendor management program can help mitigate the risks associated with these third-party relationships. 

The FFIEC continues to release guidance on third-party management and recently updated examination criteria to include what’s expected of a financial institution to maintain a robust vendor management program. 

The FFIEC originally released their Guidance for Managing Third Party Risk in June 2008 and, more recently (July 2016), provided the Information Technology Risk Examination (InTREx). The InTREx profile details the controls, including third-party oversight, tested during an FDIC, FRB, or state-led exam.

Similarly, the FFIEC originally released its Outsourcing Technology Services in June 2004 and, with an increased focus on cybersecurity, introduced the Cybersecurity Assessment Tool​ (CAT) in June 2015. The CAT tool identifies one of five cybersecurity maturity levels as “External Dependency Management.” 

To accompany this guidance, we’re providing a vendor risk analysis tool to assist our clients in enhancing their vendor management process. 

Vendor management continues to be a priority area for examiners, as more services are being outsourced beyond management’s direct oversight. It’s also an integral part of cybersecurity preparedness. If you have any questions, give us a call.