Vendor Compliance ManagerTM
|
GLBA 501(b) - Key Requirement #4
Assess the measures taken to oversee service providers.
Over the past year there has been increased regulatory scrutiny on Vendor Management programs. The FDIC has added a section devoted to Vendor Management to their IT-RMP. The NCUA has made a statement that defines their position on Vendor Management programs and it is clearly an area of examiner focus.
A Program is defined as a set of policies and procedures that are executed consistently to achieve a common end result independent of who executes them. Does your institution really have a program? Ask yourself the following questions:
> Is my program nothing more than a filing cabinet full of folders?
> Do I really know the risk posed by doing business with your vendors?
> Am I doing some of the things right but not all of them?
> Do different departments conduct vendor due diligence differently?
> Do some departments not do it at all?
> Can a centralized summary report be produced quickly and easily showing all of my vendors and at which stage the due diligence is at for each vendor?
|
Vendor Compliance Managertm automates the process of creating a program that meets regulatory requirements. R.I.S.C. Corp has combined its field experience and deep expertise in risk assessment, audit, policy development and program development to bring you a template-driven approach that can be used consistently throughout the enterprise. It includes the following integrated components:
Vendor Inventory
Vendor Risk Profile
Institution Risk Profile
Due Diligence required
Centralized tracking document
Customizable Policies and Procedures
|
When exam time comes around you'll be able to produce a complete consildated Program document containing policies and procedures, vendor inventory, risk profiles and due diligence for each vendor. Stop pointing the finger to the filing cabinet. Simplify your life and make your exam effortless.
|
|