Regulators need to do a better job of notifying banks promptly when they find severe security flaws at third parties, especially core banking processors. Regulators are right to remind banks of their obligation to ensure the third parties with which they work are taking steps to ensure security. Community banks should pool resources to create shared assessments of third parties. More open communication between regulators and community banks about known security vulnerabilities is needed, says Aite consultant Shirley Inscoe. Inscoe: “Regulators want FIs [financial institutions] to ensure third parties they do business with are secure””]
Source: https://www.cuinfosecurity.com/blogs/mitigating-third-party-risks-p-1557