Main Menu
Download Print

Client Alert: Data Breach Highlights Importance of Bank Vendor Management

Photo of

Action Items

The recent credit bureau data breach of personally identifiable information (“PII”) could potentially affect millions consumers. If your bank has contracted with the affected credit bureau, or if one of your vendors has, some of those millions of consumers could be your customers, for which your bank is ultimately responsible in the eyes of the regulators. This data breach should serve as an opportunity for your bank to review its agreements with vendors that have access to your customers' PII.

Reviewing Your Agreements With Vendors Who Have PII Access

The most immediate concern for your bank is to review your current vendor agreements (and any potential new agreements) to determine:

Although the data breach highlights these issues, they are not new, and the regulators have increasingly focused their attention on vendor data breaches. For example, earlier this year, the OCC issued new supplemental examination procedures for third-party risk management that updates OCC Bulletin 2013-29, “Third Party Relationships: Risk Management Guidance.” This bulletin provided guidance to banks for assessing and managing the risks inherent throughout the life-cycle of their arrangements with third-parties, including by providing a framework for evaluating vendor contracts. To the extent that the 2013 bulletin has created an industry standard for third-party risk management, the 2017 supplement is also likely to inform evolving best practices in this area. This guidance directly addresses cyber-attacks and third-party security procedures.

We Can Help You

Please contact us if you are interested in discussing any issues with your vendor contracts in light of the data breach and whether your organization is compliant or if you are contemplating entering into new material contracts or modifying existing material contracts with vendors that have access to your customers’ PII.

Subscribe

Related Industries

Back to Page