Training

3rd Party Risk Management

Vendor Management Part I: FDIC Explains How to Manage Your Outsourcing Risks

Vendor Management Part I: FDIC Explains How to Manage Your Outsourcing Risks
Management of third-party service provider relationships has been a regulatory issue as far back as the FDIC's Bank Service Company Act. But recent, well-publicized security breaches of Heartland Payment Systems, TJX Companies and Hannaford Brothers have brought Vendor Management to the fore, and banking regulators continue to issue bulletins re-emphasizing best-practices.

Register for this webinar to:

  • Hear directly from Donald Saxinger of the FDIC, who will clarify Vendor Management guidance, including the four main elements of an effective third-party risk management process;
  • Receive from James Christiansen, a noted banking and security professional a step-by-step guide on how to create an effective vendor management program.

The entire Vendor Management series:
> Vendor Management Part I: FDIC Explains How to Manage Your Outsourcing Risks
> Vendor Management Part II: Assessing Vendors - the Do's and Don'ts of Choosing a Third-Party Service Provider
> Vendor Management Part III: Inside the BITS Shared Assessments Program

Background

A financial institution can outsource a service, but it cannot cede responsibility for the potential risks to itself and its customers.

This is the clear message from banking regulatory agencies to member institutions, hammered home by recent bulletins from the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC), which combined oversee roughly three-quarters of U.S. banks. Their guidance comes on the heels of the National Credit Union Administration's earlier announcement that vendor management is now a top examination topic for U.S. credit unions.

Selection, contract structuring and ongoing management of third-party service providers are the consistent themes from the agencies. The most frequently used term: "Due diligence."

While management of third-party service provider relationships has been a regulatory issue as far back as the FDIC's Bank Service Company Act, outsourcing has been a major examination focus since 2001, with the establishment of interagency guidelines in support of Section 501(b) of the Gramm-Leach-Bliley Act (GLBA), which calls for banking institutions to:

  • Exercise appropriate due diligence in selecting service providers;
  • Require service providers to implement appropriate security measures;
  • Monitor service providers via audits, test results, etc. to confirm that they have satisfied their security obligations.

Recent, well-publicized security breaches of TJX Companies and Hannaford Brothers, as well as new guidance such as the Identity Theft Red Flags Rule, have brought Vendor Management to the fore, and banking regulators in 2008 issued bulletins re-emphasizing best-practices.

In this webinar, hear directly from Donald Saxinger of the FDIC, who will clarify Vendor Management guidance, including the four main elements of an effective third-party risk management process:

  • Risk assessment;
  • Due diligence in selecting third party;
  • Contract structuring and review;
  • Oversight.

Beyond the guidance, hear too from David Schneier, a noted banking/security consultant, who will leverage his field experience to share insights on how to:

  • Establish the right 'tone at the top' for Vendor Management;
  • Create a Vendor Management program appropriate for the size of your institution;
  • Put the plan into action;
  • Avoid common pitfalls that can derail Vendor Management initiatives.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.


Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.