While much of the attention paid to regulatory requirements for financial institutions (FIs) tends to focus on Dodd-Frank and mandates issued by the Consumer Financial Protection Bureau, a notable change of late has been the heightened requirement for vendor management oversight and third-party risk assessments. Although the Bank Service Company Act is hardly new, it has recently become the basis for these types of mandates. Powered by different agencies, the message is essentially the same: When it comes to vendors, the buck stops with the FI. In fact, the FDIC requires that it be notified within 30 days of any new service provider relationship being struck.
