Outsourced Third Party Relationship Management : What You Need f


Presented by: Susan Orr

Add CD-ROM to Cart:

(Product will be shipped via USPS)


Financial institution reliance on outsourced services continues to increase and regulators are concerned that your internal procedures and risk management process may not be keeping pace with the level of risk and complexity of those relationships. Risk management of your outsourced third parties is a key element of your overall information and cyber security program and a hot topic for examinations. Outsourcing places confidential customer information in someone else's hands along with control for the security of that information, but you still retain the responsibility for ensuring the integrity, confidentiality, and security of all that data. In fact the regulators have stated that "a community bank should adopt risk management practices commensurate with the level of risk and complexity of its third-party relationships and the board and senior management should identify those third party relationships that involve critical activities and ensure the bank has risk management practices in place to assess, monitor, and manage the risks." The risk management process must remain effective throughout the life cycle of the relationship. Some of the key areas of the risk management program to be covered in this presentation are:
  • Planning to ensure the relationship aligns with the bank's strategy
  • Identification of the associated risk
  • Performing due diligence in selecting a third party
  • Proper contracts
  • Ongoing monitoring of the activities and performance of the third party
  • Establishing roles and responsibilities that encompass the life cycle
  • Performing independent reviews of the risk management process
While you need to trust your third parties, the trust can't be blind. Therefore, you must establish a risk management program that includes rules, guidelines, and performance measurement criteria. Just as you run your business with best practices in mind, your outsourced partners should do the same. The outsourcing environment is also undergoing changes with the arrival of "cloud computing," which makes due diligence even more critical. And you can't forget about what happens after the contract is signed; due diligence is only part of the equation. Continuing to oversee and monitor that relationship to ensure that performance standards and security requirements are adhered to is also critical.

The FFIEC's revised TSP Booklet discusses the regulators' authority to oversee third-party vendors and outlines the agencies IT rating system. It also stresses that a financial institution's board and management have the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations. While this Booklet is primarily directed to those TSP examinations, the Outsourcing Technology Services Booklet, which focuses on regulatory expectations for your vendor management program, was updated to include expectations for how you engage and manage your outsourced security service providers (MSSP). The OCC and the FRB significantly enhanced their guidance on managing third party relationships in November and December of 2013, respectively. This webinar will provide an overview of the key elements of your Outsourced Third Party Risk Management Program, address the importance of reviewing the TSP regulatory examination, and review Appendix D.

Highlights of this fast-paced presentation will include:
  • Why you need a program
  • Key elements of an effective program
  • Risks of not having a comprehensive program
  • Revised TSP Booklet
  • Appendix D: Managed Security Service Providers
  • Operations
  • Information Technology
  • Compliance
  • Audit
  • Risk Management
  • Senior Management
About the Speaker: Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).

This program was recorded in its entirety in February 2015. The CD-ROM includes program slides, materials (if available) and follow-up Q & A document.

Add to Cart:

  • Model: cd_thirdparty0215
  • Manufactured by: Glia Group, Inc.

This product was added to our catalog on Tuesday 13 January, 2015.

Customers who bought this product also purchased...

Copyright © 2022 BankersOnline.com