Vendor Management for the Financial Industry: Practical Guide
Vendor risk management is vital to a company’s ability to identify, monitor and manage its risk exposure from third-party suppliers of products and services. When business processes are outsourced to an external vendor, sensitive data may be transmitted, stored and processed on vendor networks. In addition, vendor access to company systems creates additional exposure from unauthorized access to critical systems and information. Vendor security breaches, performance problems or other failures hold the potential for lost revenue from business disruption, a negative impact on business performance, and damage to reputation. A growing number of federal and state regulations mandate that companies proactively manage this risk, providing additional focus on the need to develop robust third party risk management programs.
In this LIVE Webcast, a panel of key thought leaders assembled by The Knowledge Group will lay out the essentials of an efficient, cost-effective third-party risk management program. The program will run the gamut from vendor selection to vendor risk ranking and risk analysis, ongoing monitoring, and management/board reporting. The program is specially tailored to the financial industry.
Key topics include:
- Corporate Governance
- Vendor Contracts
- Risk Assessments
- Risk Monitoring
- Onsite Audits
Brad Keller, JD, CTPRP, Sr. Director 3rd Party Strategy
Charlie Miller, Senior Vice President Shared Assessments
The Santa Fe Group
Paul Kooney, Director – Security & Privacy Management
The webinar will cover the essential elements of an effective third party risk program (TPRM), how to prioritize your assessment effort, and how to address third party control deficiencies. We will then discuss recent current best practices, and recent regulatory actions. We will also explore recent events and discuss how an effective TPRM program may have prevented or mitigated the impact.
Issues addressed in the TPRM portion of the webinar include:
- Governance and other foundational issues
- Due diligence
- Ethical Sourcing
- Developing effective third party contracts
- Risk rating third parties
- Prioritizing your assessment effort
- Conducting effective assessments
- Remote vs. on-site assessments
- Issue remediation and tracking
- Assessment exchanges and repositories
- Point in time à Continuous Monitoring
- Assessment reporting
Best practices will examine:
- How to address third party outsourcing
- Effective third party risk rating
- Exec Management Reporting
The examination of recent events will discuss what we can learn from recent third party risk studies and white papers, and examine the most recent third party events (TBD, but could include: Deep Root and Sabre).
We will review recent regulatory actions and discuss their impact on TPRM programs, including:
- OCC 2017-21
- New York State Cybersecurity requirements
Who Should Attend:
- Financial Services Counsel
- Risk Management Officers
- Regulatory Compliance Officers
- Information Security Officers
- Examiners & Officers in Financial Institutions' Third-Party Management Programs
Brad Keller has been developing and leading risk management programs for more than 25 years. During this time Brad has developed and implemented vendor and business risk management programs at several financial institutions that have substantially improved risk management while also passing federal regulatory scrutiny.
Focusing on the risk of doing business online, he has implemented leading edge programs for the identification and mitigation of identity theft and online fraud. He has testified on behalf of the financial services industry at Congressional hearings on customer privacy issues; and, is a frequent member of financial industry led initiatives that address issues related to risk management, anti-phishing, online fraud, customer privacy, and authentication issues.
Today Brad is the Senior Director of Third-Party Practice Lead at Prevalent, where he focuses on the delivery of Prevalent’s third party risk management and assessment solutions, and the consulting to support those solutions.
Prior to joining Prevalent, he was a Senior Vice President with The Santa Fe Group focusing on the management of the Shared Assessments Program. At Shared Assessments he led the development of Shared Assessments tools, training, and the risk management professional certification program.
Brad graduated with honors from the University of Missouri with a B.S.degree in Finance and received his J.D. with honors from St. Louis University School of Law. He is admitted to practice law in Oklahoma.
Brad Keller has been developing and leading risk management programs for more than 25 years. During this time Brad has …
Charlie Miller, Senior Vice President, The Santa Fe Group, Shared Assessments Program – Charlie’s key responsibilities include managing and expanding the Collaborative Onsite Assessments Program and facilitating regulatory, partner and association relationships. Charlie has vast industry experience, having led vendor risk management and financial services initiatives for several global companies. Charlie was previously the Director of Vendor and Business Partner Risk Management at AIG, where he managed regulatory and governance activities for the organization’s enterprise third-party risk management program.
Charlie Miller, Senior Vice President, The Santa Fe Group, Shared Assessments Program – Charlie’s key responsibilities include managing and expanding …
Paul Kooney is a Director in Protiviti’s Security & Privacy practice, with extensive knowledge and experience in developing information security programs, performing compliance assessments, developing vendor risk management programs, and providing information security assessment services. In his over twenty years in the information technology and information security fields, Paul has managed and delivered security services for client organizations in the financial, healthcare, manufacturing, retail, entertainment, energy, transportation, and other industries to assess information security needs and implement solutions.
Paul Kooney is a Director in Protiviti’s Security & Privacy practice, with extensive knowledge and experience in developing information security programs, …
Print and review course materials
Method of Presentation:
Experience in finance
NASBA Field of Study:
Management Services - Technical
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Prevalent, Inc.
Prevalent is the leader in third-party risk management and cyber threat intelligence, helping global organizations manage and monitor the security threats and risks associated with third and fourth-party vendors. With the release of Prevalent Synapse™, organizations now have a purpose-built, unified platform that reduces both risk and cost in a shared assessment model, leveraging standardized content, automation, and threat intelligence.
About The Santa Fe Group
About Protiviti Inc.
Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.
Ranked 57 on the 2016 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.