Loading...

Outsourced Third Party Risk Management Program

Outsourced Third Party (Vendor) Risk Management is a top priority with the regulators. Therefore, ensuring your Program is not only going to be effective but also meet with their expectations needs to be a priority for financial institutions.

OnDemand
Recorded Monday,
December 20th, 2021
Presented by Susan Orr
2h total length
2.5 CEU Credits
$279.00 or 1 Token

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

  • Compliance
  • Risk Management/Legal
  • Technology/Security
  • Board Member
  • Branch Manager
  • Compliance Officer
  • Deposit Operations Manager/Specialist
  • IT Professional
  • Privacy Officer/Information Security Professional
  • Risk Manager
  • Security Officer
  • Senior Management

Save on training and share webinar access across your entire organization.

Request more information

Learn about upcoming events, webinars and discounts.

Sign Up For Email Notifications

Outsourced Third Party (Vendor) Risk Management is a top priority with the regulators. Therefore, ensuring your Program is not only going to be effective but also meet with their expectations needs to be a priority for financial institutions. When you outsource, you are placing your confidential customer information in someone else's hands along with the availability and security of that information, but you still retain the responsibility for ensuring the integrity, confidentiality, availability and security of the information making this Program a crucial part of your overall Information and Cyber Security Program.

Demonstrating the importance of this Program, the OCC and the FRB both issued updated guidance relating to third party relationships in October and December of 2013, respectively while the FDIC reissued its Technology Outsourcing Informational Tools in April of 2014. Then on February 6, 2015, the FFIEC released an update to the Business Continuity Planning Handbook adding Appendix J: Strengthening the Resilience of Outsourced Technology Services. On November 14, 2019, a revised Business Continuity Planning handbook was released that addresses: Third Party Management, Third Party Capacity, Testing with Third-Party Technology Service Providers, and Cyber Resilience. The FFIEC Cybersecurity Assessment Tool (CAT) also includes declarative statements relating to Outsourced Third Party Risk Management practices. Susan Orr has assisted numerous institutions with developing their Outsourced Third Party Risk Management Program and will share her insights into developing an effective program in this webinar.

What You Will Learn

  • FFIEC agencies expectations for your Program
  • The latest guidance:
    • November 2019 BCP Handbook
    • Appendix D of the FFIEC Outsourced Technology Services Handbook
    • FFIEC Supervision of Technology Service Providers, September 2012
    • FDIC April 2014 Tools to Manage Technology Providers Informational Brochures
    • OCC October 2013 Third Party Relationships
    • FRB December 2013 Guidance on Managing Outsourcing Risk
  • Classification and Risk Rating criteria
  • Required Program elements and essentials
    • Responsibilities
    • Needs Assessment
    • Due Diligence/Selection
    • Contracting
    • Risk Assessing
    • Oversight

Who should attend

Senior Management, Information Security Officers, Compliance Officers, Risk Managers, IT Managers, Operations Managers.

"Susan Orr is a rock star.  I strongly encourage anyone in the financial industry to make a point to attend one of her sessions or engage her services." -- John Nash, VP of Technology, Phreedom Technologies


Susan Orr

Instructor Bio

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).


Credit Information

Recommended for 2.5 CEU Credit Hours. After attending this webinar, each attendee can receive a Certificate of Attendance for self-reporting of CEU Credits.