Vendor Management: The BIG Picture
Time Required: 60 minutes
Building, implementing and managing a compliant vendor management program is no easy task given the proliferation of regulations, rules and Guidance, many of which overlap. And with increased regulatory scrutiny due to high profile breaches, financial institutions must have a solid understanding of the driving regulatory issues that surround vendor management, the key ideas required to build and implement a successful and compliant program, and the expectations of examiners and auditors.
“By far the most interesting session of the day!!!”
Betsy Wynnick, SVP Rockville Bank
“One of the most highly rated sessions of the conference.”
Elisa Legg, SVP NY Bankers Association
Regulations: the key regulations, guidance and rules that you must comply with from FFIEC Guidance, GLBA 501(b), FACTA, FCRA, FTC, Red Flags, Disposal Rule and the most recent OCC and FRB Guidance.
Benefits: complying is not just about “not being fined”. We discuss the key business benefits of a compliant vendor management program and why it makes sense to invest in building one or enhancing an existing one.
Key Components of a compliant program will be discussed including:
- Which vendors to include in your inventory
- Risk rating methodology
- Due Diligence
- Periodic Review
- Contract Review
- Contract Tracking
Implementation: a discussion of how you gain Executive sponsorship, stakeholder buy-in, centralized management/decentralized ownership, vendor stratification, questionnaire development and creating a document repository.
Vendor Red Flags: there are a number of red flags to look for when collecting documentation that might indicate you should avoid this vendor!
Examiner expectations: eliminate the guesswork as to what examiners are looking for and find out which reports and documentation you need to provide. Understand the difference between SSAE 16’s, different types of cloud computing environments and what you should be doing about Complimentary User Entity Controls.
A copy of the presentation for taking notes will be provided upon paid registration.
Who Will Benefit
- Vendor Program Managers
- Vendor Management Committee
- Risk Officers
- Compliance Officers
- CIO, CFO, COO
- Anyone responsible for managing and supporting the Vendor Management Program
About the Presenter:
Mick Kless is the founder and CEO of RISC Associates, a regulatory compliance consultancy and compliance automation tools developer, and Compliance Education Institute, the training and education division of RISC. He is a recognized industry expert on vendor management and the creator of the Certified Regulatory Vendor Program Manager (CRVPM) course taken by bankers across the country. Mick has spent over 30 years in financial services, has focused on GLBA 501(b) issues since 2001 and has specialized in vendor management regulatory issues since 2004. He is a frequent speaker at bank and credit union conferences around the country.