OnDemand Webinars

How Does Your Outsourced Third Party Risk Management Program Stack Up?

Susan Orr has assisted numerous institutions with developing their Outsourced Third Party Risk Management Program and will share her insights into developing an effective program in this webinar.

OnDemand

Recorded Tuesday,
December 20th, 2022

Presented by Susan Orr

2h total length

$279.00 or 1 Token

70BWUS226251G

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

Available Upgrades i To upgrade your registration:

Add a webinar to your cart.

Select the desired upgrade(s).

12 Months OnDemand Playback
12 Months OnDemand Playback
- Extend your OnDemand playback access from 30 days to 12 months
$110.00
12 Months OnDemand Playback + Digital Download
12 Months OnDemand Playback + Digital Download
- Extend your OnDemand playback access from 30 days to 12 months
- Plus, get a digital copy of the OnDemand recording
$140.00

Topics

Compliance
Risk Management/Legal
Technology/Security

Roles

Board Member
Branch Manager
Compliance Officer
Deposit Operations Manager/Specialist
IT Professional
Privacy Officer/Information Security Professional
Risk Manager
Security Officer
Senior Management

Subscribe & Save on Webinars

Save on annual training costs with our Webinar Subscription Service and share webinars across your entire organization.

Become a subscriber

Outsourced Third Party (Vendor) Risk Management is a top priority with the regulators. Therefore, ensuring your Program is not only going to be effective but also meet with their expectations needs to be a priority for financial institutions. When you outsource, you are placing your confidential customer information in someone else's hands along with the availability and security of that information, but you still retain the responsibility for ensuring the integrity, confidentiality, availability, and security of the information making this Program a crucial part of your overall Information and Cyber Security Program.

There are numerous FFIEC, OCC, FRB, and FDIC guidances that demonstrate the importance of third-party risk management. The OCC and the FRB both issued guidance relating to third party relationships in October and December of 2013, respectively while the FDIC reissued its Technology Outsourcing Informational Tools in April of 2014. On November 14, 2019, a revised Business Continuity Planning handbook was released that addresses: Third Party Management, Third Party Capacity, Testing with Third-Party Technology Service Providers, and Cyber Resilience. The FFIEC Cybersecurity Assessment Tool (CAT) also includes declarative statements relating to Outsourced Third Party Risk Management practices.

Your Outsourced Third Party Risk Management Program should address both Vendor and Third Party Service Provider relationships and activities including cloud providers, managed service providers, core banking and digital banking providers, and critical infrastructure providers like telecommunications, utility, and Internet service providers. Management of these relationships starts with performing due diligence prior to contracting, risk assessing each relationship to identify critical and significant relationships and those that present high risk no matter of their significance, reviewing contracts, and performing annual oversight.

Susan Orr has assisted numerous institutions with developing their Outsourced Third Party Risk Management Program and will share her insights into developing an effective program in this webinar.

What You'll Learn

FFIEC agencies expectations for your Program
The latest guidance:
- November 2019 BCP Handbook
- Appendix D of the FFIEC Outsourced Technology Services Handbook
- FFIEC Supervision of Technology Service Providers, September 2012
- FDIC April 2014 Tools to Manage Technology Providers Informational Brochures
- OCC October 2013 Third Party Relationships
- FRB December 2013
Guidance on Managing Outsourcing Risk Classification and Risk Rating criteria
Required Program elements and essentials
Responsibilities
Needs Assessment
Due Diligence/Selection
Contracting
Risk Assessing
Oversight

Who Should Attend

Senior Management, Information Security Officers, Compliance Officers, Risk Managers, IT Managers, Operations Managers.

Instructor Bio

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).

Print this page

What You'll Learn

Who Should Attend

Instructor Bio

Pay using Tokens

Webinar Subscriptions

Subscribe and save on over 450+ webinars per year

Features

Stay in the loop

Earn points on every webinar purchase with OnCourse Rewards.