Outsourced Third Party Relationship Management: Developing a Compliant Program

Third party risk management continues to be a top priority with the regulators, evidenced by the release of Interagency Guidance on Third Party Relationships: Risk Management, June 6, 2023. This comprehensive Guidance is intended to assist in identifying and managing risks associated with third party relationships and in complying with applicable laws and regulations.

Recorded Tuesday,
November 21st, 2023
Presented by Susan Orr
$279.00 or 1 Token

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

  • Auditing
  • Compliance
  • Information Technology/Security
  • Technology/Security
  • Board Member
  • Compliance Officer
  • Internal Auditor
  • IT Professional
  • Risk Manager
  • Security Officer
  • Senior Management

Save on annual training costs with our Webinar Subscription Service and share webinars across your entire organization.

Become a subscriber

Learn about upcoming events, webinars and discounts.

Sign Up For Email Notifications

Outsourced Third Party (Vendor) Risk Management continues to be a top priority with the regulators. Therefore, ensuring your Program is not only going to be effective but also meet their expectations needs to be a priority. When you outsource, you are placing your confidential customer information in someone else's hands along with the availability and security of that information, but you still retain the responsibility for ensuring the integrity, confidentiality, availability, and security of the information making this a crucial part of your overall Information and Cyber Security Program.

The FFIEC issued Interagency Guidance on Third Party Relationships: Risk Management, June 6, 2023, which rescinded all previous Guidances issued by the Agencies addressing appropriate third party relationship risk management practices. This new guidance is intended to assist in identifying and managing risks associated with third party relationships and complying with applicable laws and regulations. In addition to the latest guidance, the FFIEC issued a revised Business Continuity Management handbook on November 14, 2019, that addresses Third Party Management, Third Party Capacity, Testing with Third-Party Technology Service Providers, and Cyber Resilience. The FFIEC Cybersecurity Assessment Tool (CAT) also includes declarative statements relating to Outsourced Third Party Risk Management practices. Your Outsourced Third Party Risk Management Program should address both Vendor and Third Party Service Provider relationships and activities including cloud providers, managed service providers, core banking and digital banking providers, and critical infrastructure providers like telecommunications, utility, and Internet service providers. Management of these relationships starts with proper strategic planning, performing due diligence prior to contracting, risk assessing each relationship to identify critical and significant relationships and those that present high risk no matter of their significance, reviewing contracts, and performing annual oversight.

What You'll Learn

  • FFIEC expectations for your Program
  • Roles and Responsibilities
  • Expectations for Planning, Due Diligence and Selection, Risk Assessing, Contracting, and Oversight

Who Should Attend

Senior Management, Information Security Officers, Compliance Officers, Risk Managers, IT Managers, Operations Managers, and IT auditors should attend.

Susan Orr

Instructor Bio

Susan Orr is a leading financial services expert with vast regulatory, risk management, and security best practice knowledge and expertise.

As an auditor and consultant, Susan is dedicated to assisting financial institutions in implementing appropriate policies and controls to protect confidential information and comply with regulatory mandates and best practices. Her expertise as an auditor and former examiner provides her the knowledge and expertise to conduct comprehensive IT general control and data security reviews and assist de novo institutions in the vendor selection process, preparing policies and procedures, and instituting controls. She also consults for numerous security providers and vendors helping them align products and services to meet institution regulatory mandates. Susan is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Risk Professional (CRP).