Your Vendor Management Program
New Regulatory Guidance & Expectations

On April 16, the OCC warned that cyber criminals are likely to target smaller banks. A key area of risk is greater reliance on vendors for IT and security services. This webinar provides an overview of the key elements of your Vendor Management Program and reviews updated guidance to help you prepare for your next IT examination.

Outsourced third-party relationships (also known as Vendor Management) are not just a key element of your overall information security program but will be a top focus during examinations this year.  The heightened oversight can be partially attributed to significant breaches at payment processors; failure to implement adequate security, controls and business continuity by several service providers and CAMELS downgrades due to vendor management issues.

This, the heavy reliance on outsourced services and an increase in cloud computing are also cited as contributing factors to new guidance issued focusing on outsourced third-party relationships:

  • FFIEC Supervision of Technology Service Providers (TSP) handbook, the Outsourcing Technology Services Booklet Appendix D: Managed Security Service Providers. While the November 1, 2012, TSP handbook discusses the regulators’ authority to oversee third-party vendors and outlines the agencies IT rating system, it also stresses a financial institution’s board and management’s are ultimately responsible for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations. 
  • OCC Bulletin 2013-19 Third-Party Relationship Risk Management Guidance (10/30/13)
  • FRB Guidance on Managing Outsourcing Risk (12/5/13)


  • Overview of the TSP program
  • Regulatory expectations for MSSP relationships
  • Planning and developing the Outsourced Third-Party Risk Management Program
  • Due diligence in selecting third parties
  • Risk assessment requirements for third parties
  • Contract requirements
  • Managing and overseeing outsourced relationships


Senior management, information security officers, compliance officers, risk management officers, technology officers, chief financial officers and auditors.


Susan Orr, CISA, CISM, CRP, CRISC, is an industry expert with vast regulatory, risk management and security knowledge. During her 14 years as an FDIC bank examiner, Susan held numerous lead positions, including lead instructor for the FDIC’s technology school. She currently consults for security providers and performs IT security/regulatory reviews for financial institutions

Credit Information

Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hrs. CRCM/CFSSP (self-reporting).


Live Webinar:

Member price: $265.00 | Non member price $530.00

On-Demand Webinar

Member price: $280.00 | Non member price $560.00


Online: Visit the CBA Webinar Catalog

Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)

1516 Xavier St., Ste 500, Denver, CO 80204

Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)

Please Note:

  • Preferred Payment Method: Online
  • Please register online or by phone when paying with a credit card
  • Payment Must Accompany Registration – Invoices are Not Provided

Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.