Modern Compliance: Capturing Mobile and Social Media Communications
Join ACA and SnippetSentry as we explore global communication capture strategies to reduce compliance risks and enhance your compliance program.
Webcast
Vendor Diligence and Management
Third-party risk management (TPRM) and vendor due diligence
Third-party risk management (TPRM) is the process of monitoring, validating, and remediating risks presented by third-party vendors. TPRM helps ensure your vendors protect your data, comply with regulations, and provide sustainable services that meet your requirements. However, vendor risk management can be a costly and time-consuming task. Our vendor management outsourcing service (VMOS) allows your company to offload the vendor due diligence and risk assessment process. Unlike other vendor risk management solutions and vendor management software providers, ACA's VMOS will help your company save valuable time and resources in order to focus on more strategic tasks.
CONNECT WITH US
Solution Spotlight
Our Vendor Management Software
Our vendor management software allows you to track DDQ progress and vendor risk assessment results. Key features include:
- Vendor Risk Dashboard — View key metrics (e.g., vendors diligenced, progress of diligence reviews, and vendor comments)
- Vendor Registry — View vendor data in centralized location (e.g., product lines, type of diligence performed, and contracts)
- Vendor Risk Matrix — View all risks identified (e.g., ratings, issues), vendor communication, and mitigation/remediation activities
- Questionnaire Status — Track the completion status of vendor DDQs and on-site reports
Why work with us?
Dedicated Team Of InfoSec Risk Analysts
Our vendor risk assessments are developed and managed by a team of information security risk analysts in ACA’s centralized, cost-effective analysis and review center (the ARC) in Pittsburgh, PA. The ARC’s dedicated vendor management outsourcing service team is overseen by an experienced vendor risk specialist and includes former senior managers in risk management, insider threat specialists, and data security officers from various industries, including financial services, banking, and healthcare. Over 750 clients and 2,000 vendors have chosen ACA to manage their vendor management process and mitigate third party risks.
Our Vendor Risk Assessments
Our tailored, proprietary vendor due diligence questionnaires (DDQ) include over 300 questions and are customized for each vendor type to provide an accurate assessment of possible risks. Topics include:
- General Data Protection Regulation (GDPR) compliance
- Cyber awareness training
- Governance
- Physical and environmental security
- Network security, infrastructure, and operations
- Organizational overview and structure
- Financials
- Legal and compliance
- Vendor management and oversight
- Change management
- Cloud services
- Access controls
- Mobile device management
- Resiliency
- Asset management
- Data loss prevention
Why ACA?
Clients
750+
Vendors diligenced
2,500+
Latest Insights
Wrap-Up of ACA's Fall 2018 Compliance Conference
ACA Compliance Group's 2018 Fall Compliance Conference was held from October 3rd through 5th at the Hyatt Regency
Article
- Events
UK Budget 2018
The UK’s Chancellor of the Exchequer has delivered his 2018 Budget. This was supposed to be his final Budget before the United Kingdom leaves the European Union on 29 March 2019. That said, depending on whether a “No Deal” Brexit prevails, he has signalled that he might well squeeze another one in.
Article
- Compliance
MSRB Published Revised FAQs with Respect to New MSRB Rule G-40
On September 17, 2018, the Municipal Securities Rulemaking Board (“MSRB”) published a revised set of frequently asked questions (“FAQs”) regarding the application of MSRB Rule G-40 to advertising by municipal advisors.
Compliance Alert
- Compliance
Growing Interest for Asset Owners to Claim Compliance with the GIPS Standards
The popularity and worldwide adoption of the GIPS standards by investment management firms is largely due to demand by asset owners. In the interest of risk management, asset owners increasingly require external investment managers to comply with the GIPS standards. Recently, more asset owners have begun to apply the same principles to their own performance reporting and ACA Performance Services is seeing growing interest in attaining GIPS compliance among the asset owner community.
Article
- Performance
OCC AML Priority To Target Regulatory Change
The US Office of the Comptroller of the Currency (OCC) has indicated that it will be focusing on the effectiveness of anti-money laundering (AML) systems and controls after including the topic on its list of FY 2019 annual priorities. For OCC-regulated banks, this means exams will concentrate on how up-to-date AML and Bank Secrecy Act (BSA) programs are with evolving threats and new rules.
Article
- AML and Financial Crime
How ETP Managers Can Ensure Compliance with Continued Listing Standards
In early 2017, the SEC approved rule-change proposals establishing continued listing standards for passively and actively managed exchange-traded products. More specifically, the rules require ETP issuers and managers to adopt new monitoring and oversight protocols to ensure continued compliance with the applicable listing standards. In the event an ETP falls out of compliance with the standards, the Manager must promptly notify the appropriate Exchange.
Article
- Compliance
News
ACA Group Acquires Financial Compliance Firm, FINOP Consulting
Acquisition strengthens ACA’s outsourced financial operations offering for broker-dealers.
ACA Group Recognized on ESGFinTech100 Among Top Industry Innovators
We are thrilled to announce that ACA Group has earned a spot on the prestigious 2024 ESGFinTech100 list, joining the ranks of the world's most innovative ESG technology providers.
Financial Services Firms Lag in AI Governance and Compliance Readiness, Survey Reveals
The 2024 AI Benchmarking Survey by ACA Aponix and NSCP reveals that, despite enthusiasm for AI, financial firms lack formal AI governance frameworks, testing protocols, and third-party oversight.
Upcoming events
The Most Wonderful Time of The Year: Tailoring Your Annual Compliance Review
Join our experienced ACA Wealth experts who will discuss an investment adviser’s obligations for the annual compliance review required under Rule 206(4)-7.
Webcast
2025 SEC Examination Priorities: What you need to know
Join us on Thursday, November 12, 2024, at 11am ET, for an insightful webcast when we delve into the SEC’s Examination Priorities for 2025.
Webcast