Vendor Management has been under the regulatory magnifying glass for several years, and is only growing in importance with the advent of increased outsourcing, cloud computing, high profile breaches, and increased regulatory scrutiny.
In order to comply with 3rd party oversight requirements, you must understand the components of a compliant Vendor Management Program, the proliferation of regulations affecting such programs, and how to prepare for exams and audits.About This Course
Our Vendor Management Essentials
training course provides you with a detailed look into the essential areas that anyone tasked with vendor management must know, including the new requirements from FRB and OCC Guidance, as well as the FFIEC Guidance Appendix J released in February 2015.
Chapter 1: Regulations
The regulatory burden is overwhelming and only growing in scope. Very often regulations from multiple agencies often overlap. This chapter helps you sort through the proliferation of regulations, bulletins and Guidance that financial institutions must be aware of and ensure that their vendors comply with. Some of the regulations reviewed include:
Chapter 2: Components
- FFIEC Guidance
- GLBA 501(b)
- Disposal Rule
- CFPB Consumer Protection
- Privacy Act
- FDIC Part 364B
- Identity Theft Red Flags
- Guidance from the FRB and OCC from Q4 2013
- Appendix J 2015
This chapter dives into the details of the nine key components of a compliant Vendor Management Program that every institution must address, including:
Chapter 3: Exam and Audit Preparation
- Vendor Inventory
- Risk Rating
- Due Diligence
- Contract Review
- Periodic Review
- Contract Management
- Ongoing Monitoring
The increased regulatory focus on Vendor Management Programs and the high profile security breaches in recent years have given regulators cause for concern over whether financial institutions are complying with regulatory requirements to ensure that their vendors’ physical, technical, and administrative controls are being properly evaluated.
This chapter provides the insight gained through interviewing financial institutions across the country to provide the details needed to properly prepare for your next regulatory exam or audit. Documentation discussed in this chapter includes preparation of the following:
- Segmenting and reporting on the types of Clouds utilized
- Complementary User Entity Controls assessments
- Reports on High Risk, Critical, Foreign-based, Red Flags, CFPB vendors and the critical documents that need to be presented
- Self-identified issues
Participants also receive our “Certified Regulatory Vendor Program Manager Reference Guide”
, which is updated throughout the year as new regulations, bulletins, and rules are issued and as new trends and best practices emerge. Your Reference Guide is sent electronically to your registered email whenever updates, regulations, or exam and audit trends occur.
In addition, regulatory support via phone and email is provided to address any questions pertaining to GLBA 501(b) regulatory requirements. Also Available: Our Certified Regulatory Vendor Program Manager Course
Our Certified Regulatory Vendor Program Manager (CRVPM) course provides you with the regulatory knowledge, implementation methodology, and the best practices required to build and manage a compliant program and properly prepare for regulatory exams and audits. Go to http://www.BankTrainingCenter.com/showOTDetails.asp?TCID=1003467
for more details or to order.