ticker


“Assessment is the cornerstone of any GRC methodology; you have to know where you are with risk to know where you need to go.  Avior provides a platform to make this process easy, repeatable and sustainable across your entire enterprise.”

 

- Steve Katz, Fmr. CISO,
Citigroup and JP Morgan




dsbm

Financial Services

Firms in the financial services industry must deal with significant compliance regulations and associated guidance. The Gramm Leach Bliley Act (GLBA) set forth broad compliance requirements for financial services firms including banks, thrifts, mortgage firms, and others dealing with consumer financial information. GLBA is enforced by different regulatory bodies depending on the type of financial firm.

The agencies given responsibility for implementing GLBA include the Securities and Exchange Commission, the Federal Trade Commission, and the following five banking regulators:

  • Federal Reserve Board
  • Federal Deposit Insurance Corporation
  • Office of Thrift Supervision
  • Office of the Comptroller of the Currency
  • National Credit Union Administration

Each agency was tasked with developing rules regarding required safeguards, the goals of which are to: (1) Insure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that would result in substantial harm or inconvenience to any customer.

The banking regulators jointly developed (Federal Financial Industry Examination Council, or FFIEC) much more detailed guidance for financial institutions in the form of the Interagency Guidelines. These guidelines require internal risk assessments, and they require vendor risk assessments and ongoing vendor risk management programs.

For large financial institutions, performing effective internal risk assessments and managing vendor risk are challenging endeavors. Vendor risk assessments for financial institutions with thousands of vendors can be extremely involved.

To help financial firms more easily meet their compliance requirements, and to automate both internal and vendor risk assessments, Avior has developed BenchMark and a complete Vendor Risk Management Solution. These solutions automate internal and vendor risk assessments, and they deliver automated workflows, pre-built assessments and reports to quickly deliver value in financial risk assessment applications.