Vendor Due Diligence and Risk Management - Increased Regulatory Expectations

Carl Pry


Carl Pry is a Certified Regulatory Compliance Manager (CRCM) and Certified Risk Professional (CRP) who is a Senior Vice President and Compliance Manager for a large financial institution in Ohio. Through his working career, as well as through his experience as a banking attorney and officer, he has provided a variety of regulatory compliance and financial performance services to financial institutions and other clients throughout the country. He has written extensively regarding consumer and commercial compliance, tax, audit, and financial institution legal issues, and is a frequent contributor to and currently serves on the Editorial Advisory Board for the ABA Bank Compliance magazine. He has spoken at dozens of banking, compliance, and state bar associations, and has conducted training sessions for financial institutions across the country.
Tuesday, September 29th, 2009
10:00 am - 12:00 pm CT

The Institute of Certified Bankers (ICB) is dedicated to promoting the highest standards of performance and ethics within the financial services industry.  This webinar has been approved for 2.50 CFSSP, & 2.50 CRCM credits.  This statement should not be viewed as an endorsement of this program or its sponsor.

There are a myriad of issues to contend with when dealing with Vendor Management, and the regulatory agencies have increased expectations of financial institutions on how to deal with them. Have you done your due diligence?

Risk management is at the forefront of this type of analysis, and you must have processes in place to handle the risks your vendors and other outside third parties place on your institution. This session will explain what the risks are and how to formulate a plan to handle the required risk assessment and management process.

We'll discuss the following:

  • Formulating a vendor management policy
  • The various types of risk third party relationships present to your institution - 7 categories to consider
  • What is a "significant third party relationship"?
  • The 4 key parts to the risk management process:
    1. The risk assessment - measuring risk in third party relationships
    2. Due diligence in the vendor selection process
    3. Contract structuring and review
    4. Oversight
  • Each party's duties and responsibilities
  • Nondisclosure agreements (NDAs), and Privacy and Confidentiality Agreements
  • Documenting the process - how should you record and maintain this?
  • Information security
  • Dispute resolution
  • Regulatory expectations
  • Disaster recovery and business continuity
  • Third party audit standards and reports, including SAS70, SysTrust, and WebTrust

Who Should Attend?

Anyone involved in the third party selection, due diligence, relationship management, risk management, and/or information security areas of your financial institution will gain valuable insight and information into the vendor risk management process. In addition, compliance, legal, audit, and management personnel will benefit from this information.
Sign Up!


Remember me

Forgot Password?
The system was unable to recover your password. You can register a new account or, if you prefer, call 800-831-0678 ext. 7 to ask a human to investigate further. Thank you!
Register Now
Re-enter Email
Your password has been sent to your registered email. Click enter to proceed to the main login screen.