Your Vendor Management Program
New Regulatory Guidance & Expectations
On April 16, the OCC warned that cyber criminals are likely to target smaller banks. A key area of risk is greater reliance on vendors for IT and security services. This webinar provides an overview of the key elements of your Vendor Management Program and reviews updated guidance to help you prepare for your next IT examination.
Outsourced third-party relationships (also known as Vendor Management) are not just a key element of your overall information security program but will be a top focus during examinations this year. The heightened oversight can be partially attributed to significant breaches at payment processors; failure to implement adequate security, controls and business continuity by several service providers and CAMELS downgrades due to vendor management issues.
This, the heavy reliance on outsourced services and an increase in cloud computing are also cited as contributing factors to new guidance issued focusing on outsourced third-party relationships:
- FFIEC Supervision of Technology Service Providers (TSP) handbook, the Outsourcing Technology Services Booklet Appendix D: Managed Security Service Providers. While the November 1, 2012, TSP handbook discusses the regulators’ authority to oversee third-party vendors and outlines the agencies IT rating system, it also stresses a financial institution’s board and management’s are ultimately responsible for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.
- OCC Bulletin 2013-19 Third-Party Relationship Risk Management Guidance (10/30/13)
- FRB Guidance on Managing Outsourcing Risk (12/5/13)
- Overview of the TSP program
- Regulatory expectations for MSSP relationships
- Planning and developing the Outsourced Third-Party Risk Management Program
- Due diligence in selecting third parties
- Risk assessment requirements for third parties
- Contract requirements
- Managing and overseeing outsourced relationships
Senior management, information security officers, compliance officers, risk management officers, technology officers, chief financial officers and auditors.
Susan Orr, CISA, CISM, CRP, CRISC, is an industry expert with vast regulatory, risk management and security knowledge. During her 14 years as an FDIC bank examiner, Susan held numerous lead positions, including lead instructor for the FDIC’s technology school. She currently consults for security providers and performs IT security/regulatory reviews for financial institutions
Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hrs. CRCM/CFSSP (self-reporting).
Member price: $265.00 | Non member price $530.00
Member price: $280.00 | Non member price $560.00
Online: Visit the CBA Webinar Catalog
Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)
1516 Xavier St., Ste 500, Denver, CO 80204
Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)
- Preferred Payment Method: Online
- Please register online or by phone when paying with a credit card
- Payment Must Accompany Registration – Invoices are Not Provided
Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.