Vendor Risk Management for Banks & Financial Institutions
In response to market changes, banks and financial services companies are increasingly relying on an extended network of suppliers and third-parties to perform vital functions, serve customers, and face the market. While beneficial in many ways, third-party relationships also present various risks and exposure to potential significant financial loss, reputation damage, and supervisory action. There are many recent, public examples of theft of customer data, consumer compliance violations and extreme loss in market capital resulting from breaches by third-parties.
Banks and other financial services companies can have strong physical security and internal controls. However, one mistake from a third-party can compromise a company’s well-established reputation and result in fines, penalties, legal fees and remediation costs. Various regulations including those issued by the Office of the Comptroller of Currency (OCC) and Federal Reserve Bank (FRB ) outline expectations for vendor and third-party risk management oversight at a broad “program” level and establish governance expectations across an organization. The Federal Financial Institution Examination Council (FFIEC) released the IT Technology Examination Handbook in November 2015, and many financial institutions were caught by surprise. FFIEC now holds the entire organization and board members responsible in ensuring the viability of a third-party IT provider’s cybersecurity resiliency and disaster recovery. Over the past few years, regulatory enforcement actions related to violations resulting from third-parties have been public and expensive. Regulators now expect financial services companies to know their third parties, how each of them interacts with consumers and other stakeholders, what risks are presented in the relationship, and effective management of those risks.
In this two-hour LIVE Webcast, a panel of key thought leaders and professionals brought together by The Knowledge Group will provide the audience with an overview of the increasingly significant issue of Third Party Risk Management. The Webcast will highlight current trends in the regulatory environment, methodologies for effective third party lifecycle management, potential risks for consideration and how to assess and monitor those risks, as well as other best practices, tools and techniques. The panel will also offer perspective in identifying and minimizing potential business uncertainties and legal liabilities.
Key issues that will be covered in this course are:
- Third Party Risk Management: An Overview
- Practical Guidance for Third Party Lifecycle Management
- Effective Approaches to Third Party Risk Assessments and Risk-based Monitoring
- TPR Software Considerations – What and When to Consider
Michele Sullivan, CPA, Partner
Crowe Horwath LLP
- Overview of FFIEC Examination Handbook (Appendix) J – issued November 2015
- Application of essential components of Appendix J and impact on various levels of an organization
- Overview of TPRM software and technology solutions
- Considerations for implementation of TPRM technology solutions
Chris Monk, Managing Director
- Managing the third party risk management lifecycle requires an end to end view of the process that should be supported by the right organizational design and responsibilities, appropriate governance and methodologies, as well as having enterprise visibility of all third party relationships and risk exposure.
- There is still work to be done. No one has reached “the top” as regulatory scrutiny and expectations continue to increase. Opportunities exist to expand or improve scope, scalability, efficiency, reporting, and use of technology
- The upfront risk assessment is key and leveraging a Bilateral risk assessment process provides additional rigor and opportunities to streamline the process
- Expectations are rolling down hill – Sub-contractor / 4th party management
- Organizations with effective 3PRM programs integrated with procurement can realize significant operational improvements beyond just compliance and risk mitigation.
Dwight C. Smith, III, Partner
Nelson Mullins Riley & Scarborough LLP
- Bank Supervision and Third-Party Vendors
- Supervisory Priorities – OCC
- Strategic Risk
- Strategic Risk Management
- Strategic Risk Management Example
- Operational Risk
- Operational Risk Management
- Operational Risk Management Example
- Compliance Risk
- Compliance Risk Management
- Compliance Risk Management – Enforcement
- Other Risks
Brendan J. Thomas, Attorney
Troutman Sanders LLP
- Regulatory risk
- Outsourcing arrangement risks
- What banks can do to alleviate concerns and develop best practices
Who Should Attend:
- Fraud Executives at Financial Institutions
- Banking & Financial Institution Executives
- Bank Regulation Lawyers
- Banking & Finance Lawyers
- Regulatory Managers
- Business Analyst
- Risk Officers
- Companies’ Senior Management
- Private and Public Companies
- Multinational Companies
Chris is a Managing Director within Protiviti and a member of the Leadership Team for Supply Chain Solutions. Chris has over 15 years of experience in supply chain, both within industry and serving clients as a consultant. He has a proven track record of analyzing, improving, and transforming organizations, delivering performance improvement and sustainable cost savings for clients across a number of industries. His areas of focus include S&OP, Sourcing and Procurement, Accounts Payable, Enterprise Contract Management, Supplier Performance Management, and Third Party Risk Management. He is a published thought leader and has been recognized by Supply and Demand Chain Executive Magazine as a Pro to Know.
Chris has assisted financial intuitions of all sizes in the assessment, design, and implementation of leading vendor/third party risk management programs. This includes helping companies address overall 3PRM strategy and policy, risk management lifecycle processes, organization design and roles, management reporting/monitoring, risk assessment and third party segmentation methodology and tools, and enabling technologies.
Chris is a Managing Director within Protiviti and a member of the Leadership Team for Supply Chain Solutions. Chris has …
Brendan Thomas is an associate in the Financial Institutions and Corporate practices at Troutman Sanders LLP. Brendan’s practice focuses on assisting financial institutions with bank regulatory matters, assisting publicly and privately-held businesses with mergers and acquisitions and public offerings and private placements of debt and equity securities, and representing public companies in SEC reporting, corporate governance and compliance matters. He also focuses on the representation of private equity funds and their portfolio companies in connection with mergers, acquisitions, corporate reorganizations and general corporate matters.
Brendan Thomas is an associate in the Financial Institutions and Corporate practices at Troutman Sanders LLP. Brendan’s practice focuses on …
Ms. Sullivan is a Partner in Crowe Horwath’s Risk Consulting Practice and specializes in the financial services sector. Ms. Sullivan has over 20 years of experience and focuses on leading large, complex projects focused on matters of risk management, compliance, and governance. She leads Crowe’s cross-industry practice on Third Party Risk Management. In addition to client service, she has served in various practice management roles at Crowe Horwath LLP. Ms. Sullivan is a founding member of Crowe Horwath’s Exceptional Client Experience Steering Committee and currently serves on the Firm’s Executive Committee.
Ms. Sullivan is a Partner in Crowe Horwath’s Risk Consulting Practice and specializes in the financial services sector. Ms. Sullivan …
Dwight Smith is a partner of Nelson Mullins Riley & Scarborough LLP in Washington, D.C., where he focuses his practice on bank regulatory and consumer finance matters. He began his banking work during the savings and loan crisis and its resolution during the late 1980s and early 1990s, experience that set the stage for his practice during the financial crisis and its aftermath. During more stable periods in the industry, he has advised on both the institutional and consumer sides of banking. His clients include community, regional, and large banks and thrifts across the country and nonbank consumer finance companies.
Dwight Smith is a partner of Nelson Mullins Riley & Scarborough LLP in Washington, D.C., where he focuses his practice …
Print and review course materials
Method of Presentation:
NASBA Field of Study:
Specialized Knowledge & Applications
NY Category of CLE Credit:
Areas of Professional Practice
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Protiviti Inc.
Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.
Ranked 57 on the 2016 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
About Troutman Sanders LLP
Founded in 1897, Troutman Sanders LLP is an international law firm with more than 650 lawyers practicing in 16 offices located throughout the United States and Asia. The firm’s clients range from large multinational corporations to individual entrepreneurs and reflect virtually every sector and industry. The firm’s heritage of extensive experience, exceptional responsiveness and an unwavering commitment to service has resulted in strong, long-standing relationships with clients across the globe. In recognition of the firm’s strong service culture, Troutman Sanders has been on the BTI Client Service A-Team for 12 consecutive years. Troutman Sanders is one of 31 global law firms to be ISO/27001 certified, assuring our clients that we are using world class standards to safeguard their most sensitive information.
About Crowe Horwath LLP
Smart decisions. Lasting value.
Crowe Horwath LLP is one of the largest public accounting, consulting, and technology firms globally. Connecting deep industry and specialized knowledge with innovative technology, our dedicated professionals create value for our clients with integrity and objectivity. We accomplish this by listening to our clients – about their business, trends in their industry, and the challenges they face. We forge each relationship with the intention of delivering exceptional client service while upholding our core values and our industry’s strong professional standards. Crowe invests in tomorrow because we know smart decisions build lasting value for our clients, people, and profession.
About Nelson Mullins Riley & Scarborough LLP
Nelson Mullins Riley & Scarborough LLP offers the strength and resources of attorneys and professional staff experienced in a range of services. We provide advice and counsel in litigation, corporate, economic development, securities, finance, intellectual property, government relations, regulatory, and other needs of clients ranging from private individuals to large businesses, including many publicly held companies. Established in 1897, Nelson Mullins has more than 500 attorneys and other professionals with offices in the District of Columbia, Florida, Georgia, Massachusetts, North Carolina, South Carolina, Tennessee, and West Virginia.