| By Jim Bruene on December 8, 2003 2:00 PM | Comments (0) |
by Brad Putnam, CEO, Digital Compliance
The main screen of an automated compliance- management system powered by Digital Compliance.
When a federal regulator passes through your financial institution during an
exam, expect to be asked for your technology-service provider due diligence
and vendor risk-management documentation. Due to the dotcom meltdown, the
horrific events of 9/11, and more recently the widespread power blackout on
the East Coast, federal regulators are demanding far more due diligence on
third-party technology vendors. Regulators expect your technology service
providers to be financially sound and to have the appropriate security,
privacy, and disaster-recovery policies and testing procedures in place.
There is a common misperception that you are not responsible for the safety and soundness of a technology-service provider as long as it is being examined by a Federal Regulating Agency. This is not true. Your senior management is still accountable for overseeing vendor risks such as:
- · Financial stability
- · Compliance with Gramm-Leach-Bliley (GLB)
- · Adequate and tested disaster recovery plans
Each outsourced solution must be carefully investigated and documented prior to implementation. And each year, the due diligence must be reviewed and updated as necessary. These requirements can literally cost your financial institution weeks of time and thousands of dollars. In fact, according to a recent Gartner report, technology spending for risk management will account for 9% of the average financial services IT budget.
One way to reduce the cost of managing technology compliance is to create an automated system that methodically tracks the process, stores records, and generally keeps things from falling through the cracks. Many banks have created compliance systems that are managed by full or part-time staff.
Another option is to use an outside expert to manage the paperwork and
project-management burden. My company, Digital Compliance
http://www.digitalcomply.com/
has developed a solution that reduces the burden of managing technology
vendors such as:
- · Core processors
- · ATM processors
- · Internet banking, bill payment, and cash-management providers
- · Credit card processors
- · Check printers with online ordering
- · Web-hosting providers
- · Internet-brokerage providers
- · Mortgage processors
- · Aggregation providers
A listing of all available due diligence documents for a particular service provider. Documents can be opened online, printed, and saved to disk.
Our system provides point-and-click access to complete up-to-date due diligence documentation for each of your technology vendors in one secure, easy-to-use online service (see screenshot above).
Each vendor’s documentation is maintained and kept current by our staff. You are kept entirely in the loop by an automated communication system. For example, an email alert is sent every time a vendor’s documents are updated or added, so there will be no unpleasant surprises hours before the examiner arrives.
Finally, is it affordable? The great thing about centralizing the documentation and storage process is that all participants can share costs, dramatically reducing total expenditures. Since the service providers pick up much of the cost of organizing and updating the documentation, individual banks pay a nominal fee, typically less than $1000 annually. Not a bad investment considering the consequences of inadequate documentation.
Brad Putnman is Founder & CEO, Digital Compliance LLC, a privately held company based in Billings Montana; (406) 325-9737, bputnam@digitalcomply.com , or visit http://www.digitalcomply.com/
Additional vendor-management resources:
Most Recent Posts:
v2.gif)
Leave a comment