News

Cyber Attacks are Everyones Nightmare

August 1, 2024

Cyber Attacks are Everyone’s Nightmare.
Part 1 of 2

From the desk of Stephen Kohn, Founder and Chair of the Financial Professionals Coalition (www.finprocoalition.com), a 25-year veteran owner of a FINRA broker-dealer, a former member of FINRA’s National Adjudicatory Council and a former FINRA Governor.

The Financial Professionals Coalition, Ltd. is a diverse resource for over 1.2 million registered representatives, associated persons, traders, bankers, back-office staff, owners of broker-dealers and registered investment advisories.  The Coalition provides courtesy consultations with industry experts. Membership is free.

Protecting Your Firm: Understanding Vendor Risk Management in 2024

With an Educational Webinar Invitation

Contributing Author: Vincent Guyaux, Financial Professionals Coalition Featured Member,  
Founder, CISO & Chairman,
Buckler

Published: 08/01/2024

 Vendor Risk Management (VRM) has long been a focus within financial services, with considerable resources allocated to evaluating and managing risks associated with vendors. Traditionally, this process involves each advisor or organization independently assessing the same vendors, often leading to redundant efforts and inefficiencies. This means that each advisor asks the same questions, gathers similar documentation, and conducts parallel due diligence processes for the same vendors that their peers are evaluating.

The Importance of Vendor Risk Management

In recent years, supply chain attacks have risen 26% from 2022 to 2023, underscoring the vulnerabilities organizations face due to improper software updates, inadequate security protocols, and compliance inconsistencies among vendors. These vulnerabilities make vendors a prime target for cybercriminals seeking access to sensitive data and systems.

Whether termed Vendor Risk Management, Supply Chain Management, or Third-Party Risk Management, the core objective remains consistent: understanding and mitigating risks associated with third-party vendors. This involves ensuring vendors comply with relevant laws and regulations, reflecting the same standards as their client organizations.

 Impact of Global Shifts

The global shift to remote work during the 2020 pandemic exacerbated vulnerabilities, with cybercriminals exploiting weaknesses in unsecured networks and devices. Incidents like the recent Crowdstrike update highlight how vendor missteps can have far-reaching consequences, emphasizing the need for robust VRM strategies.

Leverage a New Approach

To address these inefficiencies and streamline the process, a group of eight board members established an extended initiative called Open VRM. This free platform aims to facilitate the exchange of information and due diligence documentation between vendors and advisors, significantly easing the vendor risk management process.

Open VRM operates on a collaborative basis, inviting clients and advisors to choose vendors from the platform. If a vendor is not listed, users can notify the platform administrators, who will then add the vendor to the system. This approach ensures a continuously growing and comprehensive database of vendor information, enhancing the platform's utility and relevance.

Currently, Open VRM lists over 1,000 vendors with available information. This vast repository enables advisors to access up-to-date and standardized vendor information without repeating the labor-intensive data collection and assessment processes. This collaborative effort not only saves time and resources but also improves the quality and consistency of vendor risk assessments across the industry.

Advisors and vendors are encouraged to leverage the Open VRM platform to its full potential. By actively participating in the platform, users can contribute to a more efficient and streamlined VRM process, benefiting the entire financial services industry. The platform's open and free nature ensures that all stakeholders, regardless of size or resources, can access and benefit from this shared repository of vendor information.

The creation of Open VRM marks a significant shift in how vendor risk management is approached, moving from a fragmented, repetitive process to a collaborative, centralized system.

Your Path Forward

Attend Buckler's upcoming 30-minute webinar to explore Compliance-Driven Vendor Risk Management (VRM) strategies designed to fit within budget constraints. Gain practical knowledge on navigating regulatory landscapes from SEC, FINRA, NYDFS, and NAIC perspectives, ensuring your firm remains resilient against evolving threats.

 Join an educational initiative from Buckler. This webinar offers insights into VRM's legal nuances, efficient business practices, and cost-effective solutions tailored for financial services.

______________________

WEBINAR INVITATION

Date: AUGUST 7th, 2024

Time: 2:00 -2:30 PM EST

Achieving Compliance-Driven Vendor Risk Management (VRM) on a Budget

Registration Link:

Achieving Compliance-Driven Vendor Risk Management (VRM) on a Budget

Recent Posts