SlideShare une entreprise Scribd logo

Third-Party Oversight & Governance

EDR
EDR

NJ Compliance Summit December 11, 2014 Presented by Scott Roller, 3W Partners LLC

Économie & finance
1  sur  20
Télécharger pour lire hors ligne
1 December 11, 2014 Copyright 2014©, All rights reserved, 3W Partners LLC Scott Roller
2  Principal & Founder – 3W Partners LLC  25 Years – Fortune 500 Companies • Telecom • Financial Services  Leadership Roles in • Global Vendor Management • Ops / Strategy / Re-engineering • Outsourcing / Training  TL9001 (“ISO for telecom”) • Certified Lead Auditor Audited by… Regulators Gov’t Entities Ratings Agencies Others OCC, OTS, CFPB Fannie, Freddie, GAO Moody’s, Fitch, S&P ISO, Accounting firms
3 Third-Party Oversight & Governance (TPOG) Brief History  Why the intense focus on vendors?  What led us here? Changing Landscape  Financial Crisis ~2008  Vendor management Prior to… and Now  Heightened regulator focus areas What Regulators Expect  12 Key Dimensions  Good resources to self-educate Technology & Tools  Increase you chances of success
4 Financial Crisis 2008 Prior to the Crisis Vendor focus very limited: • Business continuity • Financial strength • Credit risk Activities were outsourced • Unfortunately, so was vendor responsibility and accountability Post-mortem Vendors seen as a major contributing factor to the crisis Inadequate oversight from financial institutions Resulted in massive fraud and consumer distress Hidden risks when relationships are not managed closely
5 Regulatory Response to the Financial Crisis Regulators have a renewed focus on third-party oversight OCC CFPB Federal Reserve Board FDIC NCUA Considerable Attention  Institutions must bear responsibility for supplier misdeeds • Numerous “casualties” already  Major focus on consumer interaction with vendors  Enterprise-wide engagement, especially executives  Push for independent reviews Will focus on 12 Key Dimensions today
6 What I often see within the industry Programs are not overly mature Many organizations only do the basics  Financials  Continuity of business  Data and site security Hard to budget for vendor risk management Silo’s - Protecting turf  Minimal coordination  Not sharing best practices Led by single group  Versus cross-section of the enterprise Not part of larger enterprise-wide Risk Program Minimal investment Have we learned anything from the financial crisis?
7 Recent examples… and consequences Collectively, they paid a total of more than $530 million to settle complaints of deceptive selling and predatory behavior by their third-party suppliers. Net Message: No one ever remembers the vendor name Source: http://www.mckinsey.com/insights/risk_management/managing_when_vendor_and_supplier_risk_becomes_your_own July 2013
8 OCC CFPB Federal Reserve Board FDIC NCUA On Third-Party Oversight & Governance OCC Bulletin 2013-29 • OCC Bulletin 2001-47 • OCC Bulletin 2002-16: Foreign-Based Third-Party Service Providers Bulletin 2012-03 Service Providers SR 13-19 Guidance on Managing Outsourcing Risk • SR 00-4 (SUP): Outsourcing of Information Technology and Transaction • Processing Letter: Guidance For Managing Third-Party Risk • FDIC Compliance Manual, December 2012 • FIL-44-2008: Guidance for Managing Third-Party Risk • FIL-50-2001: Bank Technology Bulletin: Technology Outsourcing Information Documents Supervisory Letter No.: 07-01 Fortunately, expectations resemble one another
9 These cover most regulatory expectations Risk Classification Due Diligence On-Boarding Contracts Compliance Audits MIS / Reporting Scorecards Annual Certifications Complaint Handling Escalations Governance Execute these well… satisfy your regulator(s)
10 For effective third-party oversight Risk Classification  Risk-based segmentation  Scope and intensity of oversight is defined here  Must consider risks to… • Legal & Regulatory • Reputation • Sensitivity of data • Process complexity • Customer interface/impact • Public or private vendor Other Considerations • Domestic • Offshore • Core Bank Function • Non-Core • Number of similar suppliers • Percent of volume handled • Strategic (High) • Major (Med) • Basic (Low)
11 Due Diligence  Assess the process of how suppliers are… • Sought • Vetted • Selected (and retained)  Consider vendor questionnaire and evaluation matrix On-Boarding  Have a plan to implement the vendor relationship • Technology, telecom, recruit, train (including compliance), etc.  Critical: System Entitlements • Limit vendor access to only what is “required” • Have a revocation process o Consider revoking within 24-hours of leaving
12 Contracts  Regulators have specific expectations regarding vendor contracts  Examples of often-overlooked clauses: • Use of subcontractors • Termination for default • Compliance with laws • Privacy policy (sensitive info) • Electronic Transportable Media • Right to audit • Licensing • Indemnification • Notification of complaints • Handling of media inquiries • Service level monitoring • Limitation of liability • GSA “Excluded Party List” • HUD’s “Limited Denial of Participation” What is required of you … Is also required of ALL members of your “supply chain.” Make it contractual.
13 Compliance  Identify all relevant compliance requirements and document how requirements are being met  Regulatory updates and change management process effectiveness • Flow down to vendors (operations, contracts, scorecards, etc.) Audits  Do your vendors... • “Say what they do?” (via Policy & Procedure Manual) • “Do what they say?” (can vendors demonstrate it?)  Have an audit schedule and comprehensive plan  Ensure risks are documented and controls are in place. Risk Classification • Strategic (High) • Major (Med) • Basic (Low) “Potential” Audit Frequency • Twice per year • Once per year • Every other year
14 MIS / Reporting  You need timely and effective reporting in all supplier relationships.  Demonstrate you have sufficient visibility and control. Hard to achieve safety and soundness without robust reporting Scorecards  Identify key performance indicators (KPI)s, track and report on them.  Document vendor improvement plans. • Drive accountability.  Regular reviews. • Evidence of follow-up and actions o Warning notices o Training, certification o Volume adjustments o Expanded or decreased scope of work
15 Annual Certifications  Re-certify vendors annually. No more • Financials • Licensing • Insurance • Data security • Capacity / Staffing • SLA performance • Process reviews • Compliance • Customer impact • Fees & incentives • Use of subcontractors • Training (especially compliance) • Business continuity • Audit results • Complaints • Media attention • Pending litigation • Mergers & Acquisitions • Ownership changes • Compensation practices  Keeping up with all changes: Yours, vendors, regulators, etc. • Assessing the impacts annually, at minimum. Very labor intensive dimension Due Diligence
16 Complaint Handling  Requires an effective method of capturing, responding to and resolving complaints. • Especially where suppliers are involved.  Complaint source and severity: Major, Moderate, Minor.  Linkage of root cause back to the operation.  Report to senior leadership. Escalations Define your future reactions  When supplier problems arise, must have effective identification, escalation and management of issues.  Escalate to appropriate levels. Special review committee?  Examples: • Bad press • Multiple system outages • Multiple complaints • SLAs repeatedly not met • Downgraded financials • Fraud event • Audit findings
17 Governance  Senior executive and/or Board Member engagement • “Fingerprints everywhere” o Drive and approve policy o Monitor vendor platform (via regular readouts) At-will access to vendor results o Sign-off on vendor selection and recertification (and action/exit) o Audit trail of their engagement  Proposed: Two Tier Governance Model Executive Committee Operations Committee Drive Vendor… • Performance / Quality • Control & Compliance • Risk & Change Mgmt. • Audits • Volume Allocations • Contingency plans Sets “TONE at the TOP” • Strategic Alignment • Risk appetite • Policy • Verify adequate oversight • Ask questions • Approve, Suspend & Terminate
Extremely useful when managing vendors and risks  Centralized repository; Security  Portal for easy access  Clear, actionable management reports and well-designed workflow systems • Essential for accountability across the institution  Measure your level of dependence on critical suppliers Build vs. Buy  Building a new third-party risk application from scratch is a big undertaking; • So too is enhancing a current risk tool to perform new functions  Consider “off-the-shelf” workflow and risk-management tools 18
 Healthy, transparent and compliant  Consistency across vendors • OK to manage according to risk segmentation  Documentation • Policy & procedure; Roles & responsibilities • Audit trail  Performance based criteria  Adequate staffing for oversight • Number of resources • Skill and competency  Executive engagement • “Fingerprints everywhere” 19 Third-party relationships must be good for financial institution, its vendors and consumers Leverage technology where possible
20 For a copy of today’s presentation… Scott Roller Principal / Founder 3W Partners LLC scott@3Wpartners.net 636.448.3713 cell www.3Wpartners.net

Recommandé

Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk ManagmentPivotPointSecurity
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 

Recommandé

Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk ManagmentPivotPointSecurity
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Managementbanerjeerohit
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 

Contenu connexe

Tendances

Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Managementbanerjeerohit
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 

Tendances (20)

Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance framework
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 

Similaire à Third-Party Oversight & Governance

Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2Perficient, Inc.
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditSmitesh Bhosale
 
CBA EDRppt
CBA EDRpptCBA EDRppt
CBA EDRpptJoe Benz
 
Traffic Lights & Threat Levels
Traffic Lights & Threat LevelsTraffic Lights & Threat Levels
Traffic Lights & Threat LevelsMatt Eckman
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
Manage Your Organization's Contract Risks Final
Manage Your Organization's Contract Risks FinalManage Your Organization's Contract Risks Final
Manage Your Organization's Contract Risks FinalFred Travis
 
RESPA-TILA Integrated Disclosure: Are You Ready?
RESPA-TILA Integrated Disclosure: Are You Ready?RESPA-TILA Integrated Disclosure: Are You Ready?
RESPA-TILA Integrated Disclosure: Are You Ready?Infinitive
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramPerficient, Inc.
 
Monitor 17 may all presentations for website.ppt
Monitor 17 may all presentations for website.pptMonitor 17 may all presentations for website.ppt
Monitor 17 may all presentations for website.pptMonitorUpdate
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceSami Benafia
 
The biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themThe biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themAli Zeeshan
 
D&B onboard.pdf
D&B onboard.pdfD&B onboard.pdf
D&B onboard.pdfWilson Kao
 

Similaire à Third-Party Oversight & Governance (20)

Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2How to Drive Value from Operational Risk Data - Part 2
How to Drive Value from Operational Risk Data - Part 2
 
Risk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal AuditRisk assessment and internal controls - Internal Audit
Risk assessment and internal controls - Internal Audit
 
CBA EDRppt
CBA EDRpptCBA EDRppt
CBA EDRppt
 
Traffic Lights & Threat Levels
Traffic Lights & Threat LevelsTraffic Lights & Threat Levels
Traffic Lights & Threat Levels
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
Manage Your Organization's Contract Risks Final
Manage Your Organization's Contract Risks FinalManage Your Organization's Contract Risks Final
Manage Your Organization's Contract Risks Final
 
RESPA-TILA Integrated Disclosure: Are You Ready?
RESPA-TILA Integrated Disclosure: Are You Ready?RESPA-TILA Integrated Disclosure: Are You Ready?
RESPA-TILA Integrated Disclosure: Are You Ready?
 
Navigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management ProgramNavigate the Financial Crime Landscape with a Vendor Management Program
Navigate the Financial Crime Landscape with a Vendor Management Program
 
ISM final
ISM finalISM final
ISM final
 
Monitor 17 may all presentations for website.ppt
Monitor 17 may all presentations for website.pptMonitor 17 may all presentations for website.ppt
Monitor 17 may all presentations for website.ppt
 
My slides
My slidesMy slides
My slides
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM compliance
 
The biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themThe biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent them
 
D&B onboard.pdf
D&B onboard.pdfD&B onboard.pdf
D&B onboard.pdf
 

Plus de EDR

Measure twice shields
Measure twice shieldsMeasure twice shields
Measure twice shieldsEDR
 
Brownfields under trump panel
Brownfields under trump panelBrownfields under trump panel
Brownfields under trump panelEDR
 
How technology is changing opp danielson
How technology is changing opp danielsonHow technology is changing opp danielson
How technology is changing opp danielsonEDR
 
Measure twice van buren
Measure twice van burenMeasure twice van buren
Measure twice van burenEDR
 
Covering your bases parson
Covering your bases parsonCovering your bases parson
Covering your bases parsonEDR
 
Covering Your Bases Parson
Covering Your Bases ParsonCovering Your Bases Parson
Covering Your Bases ParsonEDR
 
CRE At A Crossroads Golin
CRE At A Crossroads GolinCRE At A Crossroads Golin
CRE At A Crossroads GolinEDR
 
Covering Your Bases McDonald
Covering Your Bases McDonaldCovering Your Bases McDonald
Covering Your Bases McDonaldEDR
 
Strategic Growth Spiers
Strategic Growth SpiersStrategic Growth Spiers
Strategic Growth SpiersEDR
 
Market Update Rossi
Market Update RossiMarket Update Rossi
Market Update RossiEDR
 
Market Update - Rossi
Market Update - RossiMarket Update - Rossi
Market Update - RossiEDR
 
Market Update - Keene
Market Update - KeeneMarket Update - Keene
Market Update - KeeneEDR
 
Market Update - Allen
Market Update - AllenMarket Update - Allen
Market Update - AllenEDR
 
The World of CRE Finance
The World of CRE FinanceThe World of CRE Finance
The World of CRE FinanceEDR
 
Two Roads Diverged - Conway
Two Roads Diverged - ConwayTwo Roads Diverged - Conway
Two Roads Diverged - ConwayEDR
 
Brownfields Under Trump - Panel
Brownfields Under Trump - PanelBrownfields Under Trump - Panel
Brownfields Under Trump - PanelEDR
 
Brownfields Under Trump - Bartsch
Brownfields Under Trump - BartschBrownfields Under Trump - Bartsch
Brownfields Under Trump - BartschEDR
 
Covering Your Bases - Parson
Covering Your Bases - ParsonCovering Your Bases - Parson
Covering Your Bases - ParsonEDR
 
A Look at Brexit - Mellott
A Look at Brexit - MellottA Look at Brexit - Mellott
A Look at Brexit - MellottEDR
 
EDR REC CREC-HREC Presentation - Boston DDD
EDR REC CREC-HREC Presentation - Boston DDDEDR REC CREC-HREC Presentation - Boston DDD
EDR REC CREC-HREC Presentation - Boston DDDEDR
 

Plus de EDR (20)

Measure twice shields
Measure twice shieldsMeasure twice shields
Measure twice shields
 
Brownfields under trump panel
Brownfields under trump panelBrownfields under trump panel
Brownfields under trump panel
 
How technology is changing opp danielson
How technology is changing opp danielsonHow technology is changing opp danielson
How technology is changing opp danielson
 
Measure twice van buren
Measure twice van burenMeasure twice van buren
Measure twice van buren
 
Covering your bases parson
Covering your bases parsonCovering your bases parson
Covering your bases parson
 
Covering Your Bases Parson
Covering Your Bases ParsonCovering Your Bases Parson
Covering Your Bases Parson
 
CRE At A Crossroads Golin
CRE At A Crossroads GolinCRE At A Crossroads Golin
CRE At A Crossroads Golin
 
Covering Your Bases McDonald
Covering Your Bases McDonaldCovering Your Bases McDonald
Covering Your Bases McDonald
 
Strategic Growth Spiers
Strategic Growth SpiersStrategic Growth Spiers
Strategic Growth Spiers
 
Market Update Rossi
Market Update RossiMarket Update Rossi
Market Update Rossi
 
Market Update - Rossi
Market Update - RossiMarket Update - Rossi
Market Update - Rossi
 
Market Update - Keene
Market Update - KeeneMarket Update - Keene
Market Update - Keene
 
Market Update - Allen
Market Update - AllenMarket Update - Allen
Market Update - Allen
 
The World of CRE Finance
The World of CRE FinanceThe World of CRE Finance
The World of CRE Finance
 
Two Roads Diverged - Conway
Two Roads Diverged - ConwayTwo Roads Diverged - Conway
Two Roads Diverged - Conway
 
Brownfields Under Trump - Panel
Brownfields Under Trump - PanelBrownfields Under Trump - Panel
Brownfields Under Trump - Panel
 
Brownfields Under Trump - Bartsch
Brownfields Under Trump - BartschBrownfields Under Trump - Bartsch
Brownfields Under Trump - Bartsch
 
Covering Your Bases - Parson
Covering Your Bases - ParsonCovering Your Bases - Parson
Covering Your Bases - Parson
 
A Look at Brexit - Mellott
A Look at Brexit - MellottA Look at Brexit - Mellott
A Look at Brexit - Mellott
 
EDR REC CREC-HREC Presentation - Boston DDD
EDR REC CREC-HREC Presentation - Boston DDDEDR REC CREC-HREC Presentation - Boston DDD
EDR REC CREC-HREC Presentation - Boston DDD
 

Dernier

Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...priyasharma62062
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...dipikadinghjn ( Why You Choose Us? ) Escorts
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Delhi Call girls
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumFinTech Belgium
 
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...priyasharma62062
 
Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Vinodha Devi
 
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...priyasharma62062
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure servicePooja Nehwal
 
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Call Girls in Nagpur High Profile
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...dipikadinghjn ( Why You Choose Us? ) Escorts
 
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...dipikadinghjn ( Why You Choose Us? ) Escorts
 
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...dipikadinghjn ( Why You Choose Us? ) Escorts
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesFalcon Invoice Discounting
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfSaviRakhecha1
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...dipikadinghjn ( Why You Choose Us? ) Escorts
 

Dernier (20)

Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
 
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
(INDIRA) Call Girl Srinagar Call Now 8617697112 Srinagar Escorts 24x7
 
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Wadgaon Sheri 6297143586 Call Hot Ind...
 
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
VIP Call Girl in Thane 💧 9920725232 ( Call Me ) Get A New Crush Everyday With...
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech Belgium
 
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
Diva-Thane European Call Girls Number-9833754194-Diva Busty Professional Call...
 
Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.Gurley shaw Theory of Monetary Economics.
Gurley shaw Theory of Monetary Economics.
 
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
 
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Lohegaon ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
 
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
 
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
VIP Call Girl in Mumbai Central 💧 9920725232 ( Call Me ) Get A New Crush Ever...
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdf
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
 

Third-Party Oversight & Governance

  • 1. 1 December 11, 2014 Copyright 2014©, All rights reserved, 3W Partners LLC Scott Roller
  • 2. 2  Principal & Founder – 3W Partners LLC  25 Years – Fortune 500 Companies • Telecom • Financial Services  Leadership Roles in • Global Vendor Management • Ops / Strategy / Re-engineering • Outsourcing / Training  TL9001 (“ISO for telecom”) • Certified Lead Auditor Audited by… Regulators Gov’t Entities Ratings Agencies Others OCC, OTS, CFPB Fannie, Freddie, GAO Moody’s, Fitch, S&P ISO, Accounting firms
  • 3. 3 Third-Party Oversight & Governance (TPOG) Brief History  Why the intense focus on vendors?  What led us here? Changing Landscape  Financial Crisis ~2008  Vendor management Prior to… and Now  Heightened regulator focus areas What Regulators Expect  12 Key Dimensions  Good resources to self-educate Technology & Tools  Increase you chances of success
  • 4. 4 Financial Crisis 2008 Prior to the Crisis Vendor focus very limited: • Business continuity • Financial strength • Credit risk Activities were outsourced • Unfortunately, so was vendor responsibility and accountability Post-mortem Vendors seen as a major contributing factor to the crisis Inadequate oversight from financial institutions Resulted in massive fraud and consumer distress Hidden risks when relationships are not managed closely
  • 5. 5 Regulatory Response to the Financial Crisis Regulators have a renewed focus on third-party oversight OCC CFPB Federal Reserve Board FDIC NCUA Considerable Attention  Institutions must bear responsibility for supplier misdeeds • Numerous “casualties” already  Major focus on consumer interaction with vendors  Enterprise-wide engagement, especially executives  Push for independent reviews Will focus on 12 Key Dimensions today
  • 6. 6 What I often see within the industry Programs are not overly mature Many organizations only do the basics  Financials  Continuity of business  Data and site security Hard to budget for vendor risk management Silo’s - Protecting turf  Minimal coordination  Not sharing best practices Led by single group  Versus cross-section of the enterprise Not part of larger enterprise-wide Risk Program Minimal investment Have we learned anything from the financial crisis?
  • 7. 7 Recent examples… and consequences Collectively, they paid a total of more than $530 million to settle complaints of deceptive selling and predatory behavior by their third-party suppliers. Net Message: No one ever remembers the vendor name Source: http://www.mckinsey.com/insights/risk_management/managing_when_vendor_and_supplier_risk_becomes_your_own July 2013
  • 8. 8 OCC CFPB Federal Reserve Board FDIC NCUA On Third-Party Oversight & Governance OCC Bulletin 2013-29 • OCC Bulletin 2001-47 • OCC Bulletin 2002-16: Foreign-Based Third-Party Service Providers Bulletin 2012-03 Service Providers SR 13-19 Guidance on Managing Outsourcing Risk • SR 00-4 (SUP): Outsourcing of Information Technology and Transaction • Processing Letter: Guidance For Managing Third-Party Risk • FDIC Compliance Manual, December 2012 • FIL-44-2008: Guidance for Managing Third-Party Risk • FIL-50-2001: Bank Technology Bulletin: Technology Outsourcing Information Documents Supervisory Letter No.: 07-01 Fortunately, expectations resemble one another
  • 9. 9 These cover most regulatory expectations Risk Classification Due Diligence On-Boarding Contracts Compliance Audits MIS / Reporting Scorecards Annual Certifications Complaint Handling Escalations Governance Execute these well… satisfy your regulator(s)
  • 10. 10 For effective third-party oversight Risk Classification  Risk-based segmentation  Scope and intensity of oversight is defined here  Must consider risks to… • Legal & Regulatory • Reputation • Sensitivity of data • Process complexity • Customer interface/impact • Public or private vendor Other Considerations • Domestic • Offshore • Core Bank Function • Non-Core • Number of similar suppliers • Percent of volume handled • Strategic (High) • Major (Med) • Basic (Low)
  • 11. 11 Due Diligence  Assess the process of how suppliers are… • Sought • Vetted • Selected (and retained)  Consider vendor questionnaire and evaluation matrix On-Boarding  Have a plan to implement the vendor relationship • Technology, telecom, recruit, train (including compliance), etc.  Critical: System Entitlements • Limit vendor access to only what is “required” • Have a revocation process o Consider revoking within 24-hours of leaving
  • 12. 12 Contracts  Regulators have specific expectations regarding vendor contracts  Examples of often-overlooked clauses: • Use of subcontractors • Termination for default • Compliance with laws • Privacy policy (sensitive info) • Electronic Transportable Media • Right to audit • Licensing • Indemnification • Notification of complaints • Handling of media inquiries • Service level monitoring • Limitation of liability • GSA “Excluded Party List” • HUD’s “Limited Denial of Participation” What is required of you … Is also required of ALL members of your “supply chain.” Make it contractual.
  • 13. 13 Compliance  Identify all relevant compliance requirements and document how requirements are being met  Regulatory updates and change management process effectiveness • Flow down to vendors (operations, contracts, scorecards, etc.) Audits  Do your vendors... • “Say what they do?” (via Policy & Procedure Manual) • “Do what they say?” (can vendors demonstrate it?)  Have an audit schedule and comprehensive plan  Ensure risks are documented and controls are in place. Risk Classification • Strategic (High) • Major (Med) • Basic (Low) “Potential” Audit Frequency • Twice per year • Once per year • Every other year
  • 14. 14 MIS / Reporting  You need timely and effective reporting in all supplier relationships.  Demonstrate you have sufficient visibility and control. Hard to achieve safety and soundness without robust reporting Scorecards  Identify key performance indicators (KPI)s, track and report on them.  Document vendor improvement plans. • Drive accountability.  Regular reviews. • Evidence of follow-up and actions o Warning notices o Training, certification o Volume adjustments o Expanded or decreased scope of work
  • 15. 15 Annual Certifications  Re-certify vendors annually. No more • Financials • Licensing • Insurance • Data security • Capacity / Staffing • SLA performance • Process reviews • Compliance • Customer impact • Fees & incentives • Use of subcontractors • Training (especially compliance) • Business continuity • Audit results • Complaints • Media attention • Pending litigation • Mergers & Acquisitions • Ownership changes • Compensation practices  Keeping up with all changes: Yours, vendors, regulators, etc. • Assessing the impacts annually, at minimum. Very labor intensive dimension Due Diligence
  • 16. 16 Complaint Handling  Requires an effective method of capturing, responding to and resolving complaints. • Especially where suppliers are involved.  Complaint source and severity: Major, Moderate, Minor.  Linkage of root cause back to the operation.  Report to senior leadership. Escalations Define your future reactions  When supplier problems arise, must have effective identification, escalation and management of issues.  Escalate to appropriate levels. Special review committee?  Examples: • Bad press • Multiple system outages • Multiple complaints • SLAs repeatedly not met • Downgraded financials • Fraud event • Audit findings
  • 17. 17 Governance  Senior executive and/or Board Member engagement • “Fingerprints everywhere” o Drive and approve policy o Monitor vendor platform (via regular readouts) At-will access to vendor results o Sign-off on vendor selection and recertification (and action/exit) o Audit trail of their engagement  Proposed: Two Tier Governance Model Executive Committee Operations Committee Drive Vendor… • Performance / Quality • Control & Compliance • Risk & Change Mgmt. • Audits • Volume Allocations • Contingency plans Sets “TONE at the TOP” • Strategic Alignment • Risk appetite • Policy • Verify adequate oversight • Ask questions • Approve, Suspend & Terminate
  • 18. Extremely useful when managing vendors and risks  Centralized repository; Security  Portal for easy access  Clear, actionable management reports and well-designed workflow systems • Essential for accountability across the institution  Measure your level of dependence on critical suppliers Build vs. Buy  Building a new third-party risk application from scratch is a big undertaking; • So too is enhancing a current risk tool to perform new functions  Consider “off-the-shelf” workflow and risk-management tools 18
  • 19.  Healthy, transparent and compliant  Consistency across vendors • OK to manage according to risk segmentation  Documentation • Policy & procedure; Roles & responsibilities • Audit trail  Performance based criteria  Adequate staffing for oversight • Number of resources • Skill and competency  Executive engagement • “Fingerprints everywhere” 19 Third-party relationships must be good for financial institution, its vendors and consumers Leverage technology where possible
  • 20. 20 For a copy of today’s presentation… Scott Roller Principal / Founder 3W Partners LLC scott@3Wpartners.net 636.448.3713 cell www.3Wpartners.net