Session 4b. ALL – Risk Mitigation and the Management of Third-Party Vendors

In its 2019 exam priorities release, as well as in a May 2019 OCIE Risk Alert, the SEC specifically noted the importance of vendor due diligence with regard to the security risks associated with the storage of electronic customer records and information by broker-dealers and investment advisers in various network storage solutions, including those leveraging cloud-based storage.  Additionally, the regulators have expressed concerns regarding the vendor management and cyber-security protection.   In this session, panelists will explore best practices for the due diligence, onboarding and continuous monitoring of third-party vendors.

Learning Objectives:

  • Learn practical methods of implementing and managing onboarding and ongoing due diligence
  • Determine when a vendor relationship is no longer appropriate given the level of risk and oversight required
  • Explore existing and emerging digital technologies that help identify, assess and mitigate third-party risk
  • Review the appropriate books and records to retain