Vendor Management has been under the regulatory magnifying glass for several years and is only growing in importance with the advent of increased outsourcing, cloud computing, high profile breaches, and increased regulatory scrutiny.
These factors have created a growing demand for professionals with regulatory knowledge and specialized expertise in building, implementing, and managing compliant Vendor Management programs.
So...if you are tired of being told to "Read Guidance" when asking your examiners for direction and prefer a cohesive, centralized program, then this certification program is a must!
About This Course
Increased regulatory focus on 3rd party oversight programs has created a growing demand for professionals with specialized expertise in building and managing compliant Vendor Management Programs.
The Certified Regulatory Vendor Program Manager (CRVPM) course provides you with the regulatory knowledge, implementation methodology, and the best practices required to build and manage a compliant program and properly prepare for regulatory exams and audits.
Chapter 1: History
The Great Depression of 1929 led to a number of regulatory acts intended to protect bank customers. This chapter covers the historical events and subsequent regulations from the Glass-Steagall Act to the Gramm-Leach-Bliley Act, providing the student with the knowledge of the driving issues behind the regulations
Chapter 2: Regulations
The regulatory burden is overwhelming and only growing in scope. Very often regulations from multiple agencies even overlap. This chapter helps you sort through the proliferation of regulations, bulletins, and guidance that financial institutions must be aware of and ensure that their vendors comply with. Some of the regulations reviewed include:
- GLBA 501(b)
- Disposal Rule
- CFPB Consumer Protection
- Privacy Act
- FDIC Part 364B
- Identity Theft Red Flags
- Guidance from the FRB and OCC
Chapter 3: Benefits
Compliance is most often seen as a cost center with the perception that the benefit of being compliant is "not being fined". This chapter presents examples of the many benefits of a compliant vendor management program and the methodology to determine the many hard dollar and soft dollar savings that can be realized. Leveraging this knowledge, a business case can be built for program funding or enhancement and gaining Executive Sponsorship. Some of the benefits discussed include:
- Competitive Advantage
- Risk Mitigation
- Budget Control
- Reputation Protection
Chapter 4: Components
A filing cabinet full of folders is not a vendor management program! A program is a series of inter-related steps to be carried out inclusive of policy, procedure, and process in order to achieve a goal or set of goals. This chapter dives into the details of the 9 key components of a compliant vendor management program that every institution must address including:
- Vendor Inventory
- Risk Rating
- Due Diligence
- Contract Review
- Periodic Review
- Contract Management
- Ongoing Monitoring
Chapter 5: Implementation
Once the regulations, benefits, and components are understood, this chapter instructs how to put it all together and begin implementing or enhancing your program. It addresses all steps including:
- Gaining Executive Sponsorship
- Determining which vendors to include in your program
- Assessing risk and criticality
- SSAE 16 decision tree
- Conducting Due Diligence, Periodic Review, and Contract Review
- Managing the flow of documents and meeting the expectations of multiple regulators
Chapter 6: Exam and Audit Preparation
The increased regulatory focus on vendor management programs and the high profile security breaches in recent years have given regulators cause for concern over whether financial institutions are complying with regulatory requirements to ensure that their vendors' physical, technical, and administrative controls are being properly evaluated. This chapter provides the insight gained through interviewing financial institutions across the country to provide the details needed to properly prepare for your next regulatory exam or audit. Documentation discussed in this chapter includes preparation of the following:
- Segmenting and reporting on the types of Clouds utilized
- Complementary User Entity Controls assessments
- Reports on High Risk, Critical, Foreign-based, Red Flags, CFPB vendors and the critical documents that need to be presented
- Self-identified issues
Chapter 7: Best Practices
While Best Practices are not always practical for all institutions, this chapter presents a wide variety of Best Practices that have proved valuable to successful vendor management program implementations at institutions across the country. Practices will be discussed for:
- Vendor Program Design
- Program Implementation and Management
- Risk Assessment Methodology
- Contract Management
- Successful approaches to handling vendor issues that donft fit the mold
Chapters vary in length, and total approximately six hours of learning time, but are not forced progression, meaning they can be taken in any order. There is a quiz after each chapter, and an exam of 65 randomly-generated questions. Course can be accessed from any computer with internet access.
You Also Receive:
CRVPM Reference Guide
Once you become a CRVPM you will receive the CRVPM Reference Guide which is updated throughout the year as new regulations, bulletins, and rules are issued and as new trends and best practices emerge. Your CRVPM Reference Guide is sent electronically to your registered email whenever updates, regulations, or audit trends occur. This guide can be printed.
Phone &eMail Support
In addition, regulatory support via phone and email will be provided to address any questions pertaining to GLBA 501(b) regulatory requirements. Instructions for accessing this valuable resource upon passing your CRVPM exam.
"A must for anyone involved in vendor management!"
- Amy Moran, Vendor Mgmt Specialist, 5 Star Bank NY ($2.5B)
"Highly Recommend! This course affirmed what I need to be doing in my Vendor Management Program. This is a quick and easy way to get the training you need to ensure you are running a compliant and effective program. I'm glad to have found this great resource."
- Brandy Morales, Kleberg Bank, TX ($460M)
"Highly recommended even if you have been responsible for vendor management for years and think you have a grasp on it!"
- Alan Hampton, Information Systems Director, Bank of Central FL ($135M)
"The course helped to understand current gaps in our program and areas to fine tune. I would highly recommend!"
- Jackie Ilse, SVP Risk Management, Kleberg Bank ($460M), TX
"This course provided many great takeaways - as well as provided confirmation that we are definitely on the right track!"
- Dana Bliss, Vendor Mgmt Specialist, Chemical Bank ($5.8B), MI
Achieving Your Certification:
In order to achieve your CRVPM certification, you must pass each of the seven chapter quizzes and a final exam. Your Certificate then is mailed within seven business days of passing your exam. Your Certificate demonstrates your professional growth and that you have attained an advanced level of regulatory knowledge, plus shows examiners and auditors the institution's commitment to regulatory compliance.
Who Should Take This Course:
Risk Officers, Compliance Officers, CIOs, CFOs, Auditors, Examiners, Vendor Management Specialists, Operations Officers, Info Security Officers, and anyone involved in building and managing a compliant vendor management program.
How To Access This Course:
This course, as well as the Certification, is provided through the Compliance Education Institute. The Institute will email you directly with access instructions for taking your course and starting the process towards earning your CRVPM Certification!