My question on security incident

1 - Is scamming bank account holder over telephone, successfully or unsuccessfully, considered as a security incident by bank. Is this incidence recorded in banks incident register?

If not, why not?

Answer:  First is important to note that an incident refers to a situation that leads to a negative impact, so unsuccessful scamming should be not considered an incident (it is at most a security event, i.e., a situation that may draw attention from information security, in case it occurs too often).
 
Now, regarding a successful scamming, you must check the results of risk assessment, and applicable legal requirements, to identify if such incident should be recorded, either because they are related to relevant risks, or because legal requirements (e.g., laws, regulations, or contracts) demands the record of such incident (ISO 27001 does not have a mandatory requirment for incidents to be recorded).

Please note that in some countries, this kind of incident may be related to a lack of awareness activities from banks toward their customers, and this can make banks accountable at a certain level.  

2 - Do you have any webinar on third party vendor audits? I am interested in this even if it is a paid activity.

Answer: Unfortunately, we do not have such type of webinar, but this article can provide useful information:
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/