(270) 506-5140 CONTACT US
Examination Preparation

5 Things to Do to Be Proactive In Vendor Management

Jul 19, 2017 by Branan Cooper

If you had an examination starting tomorrow, would you be ready? If one of your critical third parties announced it was ceasing business, would you be prepared? If there’s a big data breach at one of your third parties, are you notified? 

Unfortunately, sometimes the answer to any of these is, “No, I didn’t see that coming.   

Be Proactive 

That’s the reason to always be prepared. You can’t prevent every problem, of course, but you can still greatly reduce the amount of future vendor issues and headaches. Here are some tips: 

1. Have a solid foundation for your third party program. Include things like:

2. Have proper support 
  • Get involvement from business leaders, such as senior-level and or board-level personnel (without this commitment, funding is not available and policies cannot be approved) 
  • Utilize subject matter experts throughout everything 
  • Don’t be afraid to use subject matter experts outside of your institution 

3. Assess risks through risk analysis and decide to mitigate, transfer, avoid or accept the risk
  • Results of risk assessment are used to create the business impact analysis 
  • Use standardized criteria to measure and assess the financial, operational, customer related, regulatory or reputational impacts, Recovery Time Objectives and Recovery point Objectives
  • Don't forget about reputational impact – so make sure you respond to all situations and are able to continue operations

4. Do drills - run through various scenarios of what could happen
  • Involve audit or business continuity management, legal or compliance
  • This ensures everyone involved in the plans has knowledge and experience in the activities they will be required to perform 
  • The results of this allow your teams to adjust and improve plans 

5. Review processes often 
  • New risks and answers to those risks emerge and evolve constantly
  • Assure that the vendor is prepared to respond to whatever situations arise 

It takes a coordinated effort to get it all done, but it's manageable if you start with a defined process and detailed steps to follow. Again, you can’t prevent all problems but you can minimize impact. 

As part of being proactive, make sure you're ready for an exam. When the examiner gives notice, make sure you're going to be able to do these 10 things - download now.

how to write a third party policy

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog