Financial institutions can outsource many areas of operations, including all or part of any service, process, or system operation, from loan processing to security monitoring. Many of your vendors will be of the type mentioned in the FFIEC IT Examination Handbook, but here are many other types of vendors besides the information technology group, from the professional who writes your on-line training to the crew that cuts the grass. We will look at a comprehensive vendor management process for your institution that includes knowing your vendor.
In this program, we'll teach you to examine:
- Who your vendors are and what they do.
- Who signs off to hire a vendor.
- Whether your vendor has a good reputation.
- Whether your vendor is financially stable.
- Whether your vendor practices good information security.
- What your first, second and third lines of defense are for managing vendors.
- The risks your vendors bring to your financial institution.
- How to risk rate vendors.
- How vendor management risks can affect other risk areas.
- Special considerations with outsourcing to foreign vendors.
- Board and Management vendor-related responsibilities.
- When vendors don't comply…
- Supplement with regulatory guidance from all regulators
- Worksheet to manage vendors
- Risk spread s
Vendor Management Strategies