Control 2.7: Vendor and Third-Party Risk Management
Control ID: 2.7 Pillar: Management Regulatory Reference: GLBA 501(b), SOX 404, FINRA 4511, OCC 2011-12, Interagency Third-Party Guidance (2023), OWASP LLM Top 10 (2025) Last UI Verified: January 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Establish a comprehensive framework for identifying, assessing, and managing risks associated with third-party vendors and connectors used by AI agents. Vendor risk management addresses the unique risks introduced by Power Platform connectors, custom APIs, external AI services, and dynamic tool loading.
Why This Matters for FSI
- Interagency Third-Party Guidance (2023): Establishes lifecycle requirements for vendor relationships
- OCC 2011-12: Third-party risk management requirements for banks
- GLBA 501(b): Safeguard customer information through vendor controls
- SOX 404: Internal controls over vendor-provided services
- OWASP LLM Top 10 (LLM03): Supply chain vulnerabilities including insecure plugin design and third-party component risks
Control Description
AI agents frequently connect to external services, APIs, and data sources that may introduce security vulnerabilities, compliance gaps, or operational dependencies:
| Capability | Description | FSI Application |
|---|---|---|
| Connector Inventory | Catalog all third-party connectors | Regulatory examination readiness |
| Vendor Risk Assessment | Evaluate vendor security and compliance | Interagency Guidance requirements |
| Contract Management | Security clauses and SLAs | Contractual protections |
| Dynamic Tool Governance | Control runtime plugin loading | OWASP supply chain risk |
| Ongoing Monitoring | Continuous vendor oversight | Emerging risk detection |
Connector Risk Categories
| Category | Examples | Risk Level | Assessment Frequency |
|---|---|---|---|
| Microsoft First-Party | Dataverse, SharePoint, Teams | Low | Annual |
| Certified Third-Party | Salesforce, SAP, ServiceNow | Medium | Semi-annual |
| Independent Publisher | Community connectors | High | Quarterly |
| Custom Connectors | Organization-built APIs | Medium-High | Quarterly |
| External AI Services | OpenAI, third-party LLMs | High | Quarterly |
FSI-Specific Vendor Categories
Financial services organizations typically integrate with specialized vendors. Include these categories in your vendor risk assessment:
| Vendor Category | Example Vendors | Key Assessment Areas |
|---|---|---|
| Archiving/WORM Storage | Smarsh, Global Relay, Proofpoint Archive, Bloomberg Vault | SEC 17a-4 attestation, immutability certification, AI content support |
| Communication Compliance | Theta Lake, NICE Actimize, Behavox | AI interaction capture, FINRA 25-07 recordkeeping compliance, review workflow |
| Identity Verification | Jumio, Onfido, IDology | Synthetic identity detection, deepfake detection, KYC support |
| LLM/AI Providers | Azure OpenAI, Amazon Bedrock, Anthropic | Data residency, training data policy, SOC 2 certification |
| Copilot Plugins | Third-party M365 Copilot plugins | Data access scope, permission requirements, publisher verification |
| MCP Tool Providers | Custom MCP server implementations | API security, data handling, logging capabilities |
Anthropic Native Integration
Anthropic Claude models are now natively integrated in Copilot Studio as a first-party model provider option — organizations no longer need to build custom connectors to use Anthropic models. This changes the vendor risk profile: Anthropic model usage is governed through Microsoft's platform agreements rather than requiring a separate direct vendor relationship. Update vendor inventories and risk assessments accordingly.
MCP Clarification: Model Context Protocol (MCP) is an open protocol for tool integration, not a Microsoft-native capability. Organizations implementing MCP-based integrations must apply vendor risk management (Control 2.7) accordingly. Native Microsoft connectors do not use MCP—this guidance applies only to custom agent implementations.
Vendor Assessment Checklist for AI Integrations:
- Does the vendor support AI-generated content archiving per FINRA 25-07 recordkeeping requirements?
- Can the vendor distinguish AI-generated vs human-generated content in records?
- Does the vendor provide immutable storage (WORM) for AI interactions?
- What is the vendor's data residency and AI training policy?
- Does the vendor have SOC 2 Type II attestation covering AI services?
Key Configuration Points
- Maintain complete inventory of all third-party connectors with risk classifications
- Require SOC 2 Type II (or equivalent) for Zone 3 vendors
- Implement AI-specific contract clauses (model change notification, no training on customer data)
- Configure default-deny for runtime tool discovery and marketplace installations
- Map transitive data exposure for tool chains invoking multiple third parties
- Establish review cadence (monthly usage, quarterly performance, annual security)
- Document exit plans for critical vendor relationships
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Basic vendor inventory; standard terms acceptable | Low risk, personal use |
| Zone 2 (Team) | Formal questionnaire; SOC 2 recommended; quarterly monitoring | Shared agents increase blast radius |
| Zone 3 (Enterprise) | Comprehensive vetting; SOC 2 required; continuous monitoring; audit rights | Customer-facing, regulatory examination focus |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| AI Governance Lead | Vendor policy, assessment criteria |
| Procurement | Contract management, vendor relationships |
| Security Team | Security assessments, technical review |
| Compliance Officer | Regulatory requirements, board reporting |
Related Controls
| Control | Relationship |
|---|---|
| 1.4 - Advanced Connector Policies | Connector-level security |
| 1.5 - DLP Policies | Data protection |
| 2.1 - Managed Environments | Environment governance |
| 2.17 - Multi-Agent Orchestration | Agent-to-agent composition risks |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Complete connector inventory maintained with risk classifications
- Vendor security assessments current for all Zone 2/3 connectors
- Contracts include required security and AI-specific clauses
- DLP policies block high-risk and unapproved connectors
- Transitive data exposure mapped for tool chains
- Quarterly vendor risk reports delivered to governance committee
Additional Resources
- Microsoft Learn: Third-Party Connector Management
- Microsoft Learn: Data Loss Prevention Policies
- Microsoft Learn: Custom Connectors Overview
- OWASP Agentic AI Threats and Mitigations
Updated: January 2026 | Version: v1.2 | UI Verification Status: Current