Business continuity planning (BCP) is important to you and your vendors. Listen as we guide you through the appropriate regulatory guidance to follow, what to plan for, what to restore first and how to recover.
Check It OutFor a smooth third party risk examination, 3-4 months in advance of the examiners’ arrival you should prepare or fine-tune these 9 documentation items. We'll tell you what they are and some tips.
Check It OutWhat is a SOC report? It's an audit report performed by a public accounting firm and attests to the existence & effectiveness of the controls put in place to safeguard your data. Listen as we break down 6 important parts.
Check It OutThe first line of vendor risk management defense has direct interaction on a day-to-day basis with your third party. Listen to our podcast for 7 best practices for properly engaging the first line of defense.
Check It OutFourth party risk and liability is often overlooked because there isn't direct relationship with the fourth party vendor. Listen now for the 3 oversight steps to take regarding your fourth party vendors.
Check It OutThere are three vendor risk management frameworks to consider: centralized, decentralized and a hybrid approach. We'll teach you the differences and guide you toward the best framework for you.
Check It OutWhen determining your level of oversight on a vendor, you’ll clearly want to determine their criticality and risk level first. Listen to this podcast to help guide you through the process.
Check It OutA non-elective vendor is one you don't have a direct relationship with, but your third party does - making them a risk to you and therefore requiring some oversight. Listen to learn the associated responsibilities.
Check It OutVarious components of vendor risk feed in to your ERM strategy and considerations. Learn steps and tips on how to properly integrate Third Party Risk Management in your Enterprise Risk Management Program.
Check It OutWhile the General Data Protection Regulation (GDPR) has a global impact on any company which is collecting, storing, or accessing European resident data. Listen to Third Party Thursday to learn what you need to know.
Check It OutEnterprise Risk Management (ERM) and Third Party Risk Management (TPRM) are are often used interchangeably, but they are two different functions. ERM is more high level, while TPRM is a smaller subset. Listen to learn more.
Check It OutRecommendations from a seasoned third party risk expert for how to determine how many staff members to have on your vendor management team. Follow our three tips in this podcast.
Check It OutSave time, money and other valuable resources by learning mistakes companies make with their vendor contracts. Listen to see how you can avoid some common pitfalls during all phases of the vendor lifecycle.
Check It OutTips for fostering a third party risk mindset within your organization - how to create awareness, important members of your company to involve & who the third party risk responsibility lies within every organization.
Check It OutWhat makes a third party risk management plan successful? Listen to learn 9 best practices and key components of a well-managed third party risk management plan for you to implement now.
Check It OutLearn how a well-run complaint management system (cms) can turn an upset customer into your best customer along with five elements to include your vendor management policy on complaint management.
Check It OutHere are daily vendor management regulatory compliance efforts you can implement in order to keep up with third party risk regulatory reform.
Check It OutWhat you need to know about UDAAP (Unfair, Deceptive or Abusive Acts or Practices), how they affect your third party risk management program and items the CFPB is highly critical of.
Check It OutTips and recommendations for determining due diligence questions to ask your fintech vendors. We'll also provide insight into setting the standards that should firmly be expected.
Check It OutGo through critical vendor classification and identification with us. Learn standards for identifying your vendors, how to properly identify your scope and 3 questions to ask to determine if a vendor is critical.
Check It OutJoin us as we close out 2017 with this thank you vendor management podcast. And, see what our top 10 most popular videos and podcasts were from our Third Party Thursday series for this year.
Check It OutThe best way to prepare for new regulatory guidance, how to stay in compliance and some commentary on new regulations taking effect in 2018.
Check It OutLearn about 'bucketing your vendors' - a high level vendor classification system that can help you with third party oversight, ongoing monitoring and preventing problems down the road. We'll also tell you how to develop buckets of your own.
Check It OutWhat to include in your complaint policy and complaint management system to improve vendor management. A well-run system can turn upset customers.
Check It OutThe best strategy for preparing for an examination is to constantly be ready. Listen to learn 7 items you should have in your examination preparation playbook.
Check It OutLearn the key takeaways from important third party risk regulatory guidance released by the OCC, FDIC and FFIEC from our compliance expert.
Check It OutLearn how to get ahead of the game education wise in third party risk management with these 10 best practices. Staying up to date is a great idea for everyone involved in vendor management.
Check It OutAn ounce of prevention is worth a pound of cure! Perhaps there is no better example than in the world of third party risk management. Here are three ways you can be proactive to prevent problems.
Check It OutLet's say you find out one of your third parties is named in an enforcement action, even if it is unrelated to your institution, what do you do? Listen to learn the six necessary steps to take.
Check It OutLearn what regulators & senior gov officials in financial services had to say on creating a culture of compliance, why they strongly recommend it and what this entails.
Check It OutOne of the most frequent questions we get asked is, "am I supposed rate EVERY single vendor?" Learn why it's necessary to risk rate every vendor when conducting your vendor risk assessments and gather some tips.
Check It OutThe regulator guidance is clear - you must keep your senior management and your board informed on developments within your third party risk management program. Learn what this looks like.
Check It OutLearn about UDAAP - Unfair, Deceptive or Abusive Acts or Practices and the role of the CFPB and enforcement actions in the world of third party risk by listening to this informative podcast.
Check It OutSometimes people feel too comfortable with a well-known vendor. We cover why even vendors with recognizable brand names require thorough due diligence. No one is immune from third party risk.
Check It OutLearn key takeaways from two OCC Bulletins issued this year on third party risk management - OCC Bulletins 2017-7 and 2017-21. Is your institution's vendor management program in compliance?
Check It OutListen to learn the basics of the third party risk management framework, including how it relates to enterprise risk management (ERM).
Check It OutLearn how to do proper vendor contract management. We'll provide best practices, the importance of contracts to your institution and what steps to take to protect your institution from contract risk.
Check It OutLearn 7 key things you should do with every new vendor. These steps are essential to the vendor vetting process and determining how much you know about the company with whom are you planning to do business.
Check It OutLearn the how, when and why of using vendor information security questionnaires for your third party risk management and how your due diligence process can benefit from it.
Check It OutIn this short vendor management video, you will learn four key points you need to know regarding third party due diligence and what items your due diligence checklist should contain to keep your institution safe from third party risk.
Check It OutLearn what the scope of a vendor's SOC report means and where to find it along with what typical audit periods are and a few questions to ask yourself while reviewing the narrative.
Check It OutLearn the 7 key things you should do with every new vendor. These steps are essential to the vendor vetting process and determining how much you know about the company with whom are you planning to do business.
Check It OutIn this vendor management video, you will learn where to find the controls section within a vendor SOC report along with what the control objectives and activities are and what to look out for in the findings and exceptions.
Check It OutWe cover the key questions you need to ask yourself to determine if your vendors are critical. Then, we dive deeper and talk about what you should review on your critical risk vendors.
Check It OutAs of Monday, May 1, SSAE 18 is now in effect. Are you familiar with SSAE 18 yet? Join us now as we talk about SSAE 18 - what it is and how it affects how you do vendor management at your institution. Let's get started.
Check It OutWe’re going to talk through a few key things you need to know about vendor management risk assessments for your institution's third party risk management program.
Check It OutWe’re going to talk through the 10 main steps you need to take to create your proper vendor list for your third party risk management program at your institution. Let's get started.
Check It OutIt’s easy to get so deep in the weeds of your vendor management program that you make some pretty basic errors. Sometimes you need to take a step back and evaluate. Here are some of the ones that we see most often.
Check It OutWe often get asked, "Is there a difference between an ERM and VM?" The answer is “YES” – they are different, but there are some areas of overlap as well. Learn about what some of the differences are.
Check It OutThird party risk management must flow in a lifecycle. We'll discuss how it's a constant evolutionary process rather than an annual static event - a core aspect that you should incorporate into your program.
Check It OutWe'll discuss fundamental best practices of third party risk management that you need to implement such as education, tailored ongoing monitoring, outsourcing and not cutting corners.
Check It OutYou have to do a lot for your third party risk management now... but why? We'll go through a few reasons for the increased third party risk management regulation and concern.
Check It OutIt should cite relevant regulations and guidance; it should describe its relationship to other parts of your compliance program and establish its importance as a foundational document for your institution.
Check It OutA policy is the first main foundational third party risk management document you should have on file. Learn about key aspects in writing a proper third party policy for your financial institution.
Check It OutThe FFIEC released a Cybersecurity Assessment Tool. We'll go over in depth the benefits of it and why your financial institution should use it for your vendor management.
Check It OutEven though each vendor agreement includes different contractual terms, 5 security and confidentiality provisions should always be addressed. Let's go through them.
When a third party company doesn't provide financial documents we tend to think there's nothing we can do. But actually, there is and we'll show you that alternate path in this video.
Check It OutLearn what Complimentary User Entity Controls are, how they're related to SOC reports, what you do with them, why they're important and more.
Check It OutIn order to have vendor management control, you must have a firm understanding or knowledge of third party vendor contracts. Learn the 3 pillars in managing them and other points about mitigating contract risk.
Check It OutSo, what are the types of service organization control (SOC) reports and which type of SOC report did your vendors have performed? It can be confusing to keep track of them. To help, we'll briefly go through all 5 of them in this video.
Check It OutSo you're asking yourself right now, "What is a fourth party? I've just gotten my head around the whole concept of having third parties. And why are they important to my financial institution's vendor management program?" Let's discuss.
Check It OutThe Cloud has many benefits, but like everything, there are risks you need to consider. Protecting your institution’s data is ultimately your responsibility so you should know how your vendor safeguards it.
Check It OutIn this video we’re going to talk a little about the evolution of third party risk management and the increased regulatory expectations on financial institutions. This will be helpful to know as you expand your third party risk knowledge.
Check It OutEnsuring your critical vendors can survive in disaster helps ensure your financial institution can also survive. Learn what Business Continuity & Disaster Recovery plans are & how our team reviews them.
Check It OutLearn the 3 key points to review in service organization control reports, SOC reports for short, as you begin assessing your vendor's environment. Meet examiner requests and gain strategic business advantages.
Check It OutWhen reviewing and negotiating critical vendor contracts, consider many elements. Here's 5 key provisions to give special attention.
Check It OutYou report the vendor's financial health to senior management and board. What happens when the financial health is poor? We will go over the domino effect, the issue in the industry and what you can do about it.
Check It OutYou should be familiar with Appendix J and Appendix E of the FFIEC guidance. We will go over what each of them are, what they mean and how your teams can stay informed on new vendor management guidance and regulations.
Check It OutDo you know the difference between a critical and non critical vendor? Learn about defining them for your financial institution. We'll cover why it's important, the business impact, exit strategies and more.
Check It OutYou must define specifically who will be a part of your third party risk management program and also, equally important, who is out.
Check It OutSo, what can you do right now in preparation for next year? There’s actually quite a lot, depending on the maturity of your third party program. Watch this video to learn what you can do now to prepare for 2017.
Check It OutWith all the vendor management industry changes and guidance updates, it's easy to get overwhelmed. In this video, we will talk about basic vendor management best practices to implement.
Check It OutRegulatory guidance sets out fundamental expectations. It’s important for the day to day management and exam standpoint that these pillars are in place and functioning in your institution. Learn more about these pillars.
Check It OutVendor management is covered a lot more in industry news now. It's hard to keep up, and sometimes tempting not to try. This video mentions recent examples of important items covered.
