
Explanation:
To properly manage operational risk and follow the principle of least privilege, a bank should restrict third-party vendor access strictly to what is required for their responsibilities. Since the vendor's role is marketing, they do not need access to the bank's critical processing systems.
Ultimate access to all questions.
No comments yet.
A
The bank should review all third-party audit reports of the vendor, which are publicly available.
B
The bank should ensure that the vendor's sales representatives are compensated mainly with commissions from the sale of the bank's products.
C
The bank should prevent the third-party vendor from having access to any of its critical processes.
D
The bank should be responsible for developing the vendor's contingency planning process to mitigate risk exposure to the vendor.