3 minute read
You Trust Your Vendors, But Do You Verify Them? How to avoid greater risk in your vendor management program
By Rob Foxx, CCBTO
Across sectors, vendor management has always been an area of high risk. Onboarding trusted vendors comes with many benefits that make the lives of many — including bankers — easier. Most companies utilize vendors to offboard workloads and transfer areas of risk to another entity. However, this is often where the management of vendors end.
The process of vendor management usually begins with selection of the vendor. Then, it is critical — especially for essential vendors — to engage in risk assessment and due diligence, including monitoring and reporting on a regular basis. Institutions should also review the
FIPCO IT & Audit Services
Rob Foxx rfoxx@fipco.com » fipco.com
vendor’s exit strategy during the onboarding process. While it is an aspect that is rarely considered, I encourage bankers to add this topic to the next vendor review.
Many managed service providers (MSP) would never do wrong by their customers; however, this does not mean banks should trust nothing will go wrong and leave them to their work unquestioned. If a vendor is touching data or aspects of the institution’s environment, bankers need to ensure these actions are tracked and verified. This is especially important in situations where vendors are able to access resources without informing the bank, requiring authorization, or those who utilize subcontractors.
In the last decade, vendor transparency has become a rule, not an exception. Although many vendors are great at reporting, banks should understand their right and responsibility to understand either the data or the process to gather it.
Coming back to the final stage of the vendor management process — exit strategy. While it can be very difficult to change critical vendors, establishing a process early on will help the institution understand how they are able to get their data back, how long data is held by the vendor, how to properly cancel a contract, and how to ensure a smooth transition to a new service.
Due diligence, contract reviews, monitoring, reporting, and exit strategies are all important aspects of the vendor management process. Afterall, moving a service to a third party does not neutralize the risk — instead, the risk transfers to the vendor and the bank gains a new risk area in its external arrangement.
Foxx is director – infosec and IT audit services for FIPCO. He can be reached at rfoxx@fipco.com or 608-441-1249.
For more information about FIPCO forms, software, or other products, visit fipco.com, call 800-722-3498, or email fipcosales@fipco.com
FIPCO is a WBA Gold Associate Member.
FIPCO’s Newest Team Member
FIPCO is pleased to announce that Jordan Siewert has begun his role as implementation and support specialist. With a background of working in education and information technology, Siewert looks forward to supporting and assisting customers as they implement the FIPCO software.
Jordan and the FIPCO staff are here to help. Contact Jordan at jsiewert@fipco.com, or a FIPCO team member at fipcosupport@fipco.com or 800-722-3498, option 4.
About FIPCO… Founded in 1987, FIPCO (a WBA subsidiary) helps financial institutions stay compliant in a fast-changing regulatory environment. Our form sets are regarded as the industry standard. Our Compliance Concierge™ loan, mortgage, and deposit software solutions are developed and supported with a meticulous approach to compliance. Our software solutions expand to include ConnectFI cloud-based online lending software, cybersecurity solutions, and more! FIPCO also offers valuable consulting services, including risk management, IT auditing, and ShareFI compliance and management services.
Learn more at www.fipco.com.
Rise of AI in Banking
(continued from p. 1) and its integration into day-today life has greatly increased.
The New York Times states that in 2022, nearly $1.4 billion was invested into various generative AI companies worldwide.
By 2030, PwC expects that AI will contribute over $15 trillion to the global economy by increasing productivity and allowing products and services to be more personalized and readily available.
By 2030, PwC expects that AI will contribute over $15 trillion to the global economy.
» AI in the Banking Industry
Already, banks around the country have employed AI in various areas of their daily operations. In 2020, McKinsey & Company reported that around 60% of financial institutions had already embedded at least one AI capability into their organization. In utilizing systems that have the potential to conduct research, translate languages, create messages, and write job descriptions — among so many other possibilities — banks are able to quickly detect fraud, streamline specific services, and interact with customers at any time of the day.
However, there are many more possibilities, as noted in a Forbes article “The Future of AI in Banking.” In addition to automating routine tasks, AI is great at tracking patterns, targeting product recommendations, providing more accurate customer support, and serving as a single point of contact for banking operations.
Despite these opportunities, many banks are concerned with the challenges embracing AI may impose. Among the top concerns of Americans, reports the Pew Research Center, are digital privacy and the lack of human connection.
» Hello, ChatGPT
In November 2022, ChatGPT was released by OpenAI, a San Franciscobased AI research lab. The chatbot, unlike many others, offers detailed responses in many domains of knowledge. In early 2023, Reuters reported that the chatbot had reached 100 million monthly users.
GPT, which stands for Generative Pre-trained Transformer, is a type of Large Language Model (LLM). The UK’s National Cyber Security Centre describes an LLM as a type of algorithm that has been trained using a significant amount of text-based data, which can typically be found on the open internet. ChatGPT then utilizes “deep learning,” or the process of imitating human
