In January, the SEC’s Office of Compliance Inspections and Examinations issued a release titled Cybersecurity and Resiliency Observations. The release addressed a number of cybersecurity areas including vendor management. Specifically, the release mentioned the importance of four policy and procedure areas: conducting due diligence, monitoring vendors and contract terms, assessing relationship risks, and assessing vendor information security. FINRA has stated the importance of formal documentation related to the managing of a vendor life cycle from onboarding, to ongoing monitoring, through off-boarding and the disposal of sensitive information. This session will address the compliance challenges faced in overseeing and evaluating third parties.