Any business relationship between a bank and another entity, by contract or otherwise

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Any business relationship between a bank and another entity, by contract or otherwise"

Transcription

1 An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise Third Party Relationships Outsourcing part of bank operations Offering services or products to bank customers Franchising bank s name Purpose 1

2 Reduce bank costs Increase bank revenue Accessing special expertise or efficiency Increasing bank s product offerings Benefits FDIC and OCC expect banks to identify significant or critical relationships, such as: New relationship New bank activity Material effect on bank s revenues or expenses Significant effect on bank s earnings or capital Identifying Significant/Critical Relationships FDIC and OCC expect banks to identify significant or critical relationships, such as: Critical function for bank Access to customer information Vendor is marketing bank products or services Potential for significant customer impacts Identifying Significant/Critical Relationships 2

3 Mortgage related front-end services and foreclosures Technology services Data processing services Payment processing services Examples of Common Relationships Compliance audits and monitoring Affinity and credit card providers Flood insurance monitoring Debt collection services Disclosure preparers Examples of Common Relationships Bank should have a risk management process commensurate with the level of risk and complexity of its third party relationships and bank s organizational structure Bank Responsibility Risk Management Process 3

4 Bank cannot shift responsibility to third party and is responsible for ensuring that activity is conducted in a safe and sound manner and in compliance with all applicable laws and regulations as well as bank s internal policies Bank Responsibility Risk Management Process Board of directors (or a committee of the board) and senior management are responsible for overseeing bank s risk management processes Bank Responsibility Risk Management Process Compliance Risk Violation of laws, rules or regulations or non-compliance with policies Privacy, UDAP, Fair Lending, TILA (Reg B), RESPA Third Party Relationship Risks 4

5 Strategic Risk Adverse business decisions Failure to implement appropriate business decisions in a manner consistent with institution s goals Third Party Relationship Risks Operational Risk Inadequate or failed internal processes, people or systems External events Third Party Relationship Risks Transaction Risk Third party s inability to perform its functions Inadequate capacity Technological failure Human error Fraud Threats to security and integrity of systems and resources Third Party Relationship Risks 5

6 Credit Risk Third party is unable to meet the terms of the contractual arrangements with bank Unable to financially perform as agreed Third Party Relationship Risks Other Risks Liquidity Interest Rate Price Foreign currency transaction Third Party Relationship Risks Risk Assessment Due Diligence Contract Negotiation Ongoing Monitoring Bank Responsibility Managing Risk 6

7 Is relationship consistent with bank s strategic planning and risk strategy? Risk/reward analysis for significant matters performed by management and reviewed by the board Involve outside parties if necessary attorneys, accountants, IT consultants Identify internal controls necessary to monitor third party relationships Risk Assessment For significant third party relationships, board may consider appointing a senior manager with requisite knowledge and experience to manage relationship Estimate long-term financial effect of third party relationship Risk Assessment Bank s due diligence process design should provide management with information needed to address quantitative and qualitative aspect of third party relationship to determine if relationship will achieve bank s goals and mitigate identified risks Due Diligence 7

8 Scope of due diligence depends on significance of activity High-risk large scale activities require more comprehensive review Due Diligence When conducting due diligence, banks may consider the following: Financial condition Business experience and reputation Qualifications Legal and regulatory compliance Due Diligence When conducting due diligence, banks may consider the following: Scope of internal controls Risk management Systems and data security Privacy protections Due Diligence 8

9 When conducting due diligence, banks may consider the following: Business resumption/contingency plans Knowledge of relevant consumer protection/civil rights laws Human resource management Reliance on subcontractors Insurance Due Diligence Ensure specific expectations and obligations of bank and third party are outlined in written contract Board approval should be obtained before entering into any material third party relationships Contract Structure and Negotiation Legal counsel should review significant contracts prior to finalization Bank contracts should generally address the following: Nature and scope of relationship Cost/compensation Performance standards Responsibility for compliance with applicable laws and regulations Contract Structure and Negotiation 9

10 Bank contracts should generally address the following: Reports and audit rights Confidentiality and security Customer complaints Business resumption/contingency plans Dispute resolutions Ownership and license Contract Structure and Negotiation Bank contracts should generally address the following: Indemnification Limits on liability Insurance Subcontracting Default and termination Contract Structure and Negotiation Maintain adequate oversight of third party activities and adequate quality control over those products and services provided by third parties Minimize exposure to financial loss, reputation damage and supervisory action Ongoing Monitoring 10

11 Board should initially approve, oversee and review at least annually significant third party arrangements, and review arrangements and contracts whenever this is a material change to the program Ongoing Monitoring Performance monitoring may include the following: Business strategy potential conflicts of interest Review of financial conditions and audits Compare actual earnings/costs to projections Review compliance with internal controls and security procedures Evaluate performance standards and compliance with those standards Ongoing Monitoring Performance monitoring may include the following: Determine adequacy of training and monitor changes in key personnel Monitor compliance with applicable laws and regulations, especially when third party interacts with consumers on behalf of bank Review business resumption contingency planning and costs Review customer complaints and responses to them Ongoing Monitoring 11

12 Ensure effective process is in place to manage risks related to third party relationships in a manner consistent with bank s strategic goals, organization s objectives and risk appetite Board Responsibility Oversight and Accountability Approve bank s risk-based policies that govern third party risk management process and identify critical activities Review and approve management plans for using third parties that involve critical activities/significant relationships Board Responsibility Oversight and Accountability Review summary of due diligence results and management s recommendations to use third parties that involve critical activities Approve significant contracts that involve critical activities Board Responsibility Oversight and Accountability 12

13 Review the results of management s ongoing monitoring of significant third party relationships, including relationships that involve critical activities Board Responsibility Oversight and Accountability Ensure management takes appropriate steps to remedy significant deterioration in performance or address changing risks or material issues identified through ongoing monitoring Review results of periodic independent reviews of bank s third party risk management process Board Responsibility Oversight and Accountability FDIC reviews bank s management of significant third party relationships in safety and soundness examinations and compliance examinations Safety and soundness examinations review management s record and process of assessing, measuring, monitoring and controlling risks associated with bank s significant third party relationships Supervisory Reviews/Examinations 13

14 FDIC reviews bank s management of significant third party relationships in safety and soundness examinations and compliance examinations Compliance examinations: Evaluate the quality and effectiveness of bank s compliance risk management program as it pertains to third party relationships Supervisory Reviews/Examinations FDIC reviews bank s management of significant third party relationships in safety and soundness examinations and compliance examinations Compliance examinations: Review operations to ensure that products, services and activities of third party vendors comply with consumer protection and civil rights laws and regulations Supervisory Reviews/Examinations OCC expects banks to engage in robust analytical process to identify, measure, monitor and control the risks associated with third party relationships and to avoid excessive risk-taking that may threaten safety and soundness Failure to have effective risk management process may be an unsafe and unsound banking practice Supervisory Reviews/Examinations 14

15 Financial loss to the bank bad contracts may mean that bank will incur actual costs that harm the bank Litigation costs indemnification, termination provisions, limits of liability, etc. Penalties Regulators will note deficiencies on the examination reports, which may lead to enforcement actions and/or civil money penalties Reputation costs Penalties Financial Institution Letter Third Party Risks: Guidance for Managing Third Party Risk /fil08044a.pdf Additional Resources 15

16 OCC Bulletin Third Party Relationships: Risk Management Guidance bulletins/2013/bulletin html Additional Resources Federal Reserve Outlook Live Webinar Vendor Risk Management Compliance Considerations, May 2, pdf Additional Resources CFPB Bulletin Service Providers _cfpb_bulletin_serviceproviders.pdf Additional Resources 16

17 FFIEC IT Examination Handbook Outsourcing Technology Services June, Additional Resources FFIEC IT Examination Handbook Supervision of Technology Service Providers March, Additional Resources Federal Reserve Bank of New York Outsourcing Financial Services Activities: Industry Practices to Mitigate Risks October, circulars/outsource.pdf Additional Resources 17

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.

More information

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background

VII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

Vendor Risk Management in the New Regulatory Environment. kpmg.com

Vendor Risk Management in the New Regulatory Environment. kpmg.com Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators

More information

Vendor Management Compliance Top 10 Things Regulators Expect

Vendor Management Compliance Top 10 Things Regulators Expect Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay

More information

To: Our Clients and Friends March 25, 2014

To: Our Clients and Friends March 25, 2014 Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors

More information

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd.

Vendor Management: An Enterprise-wide Focus. Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Vendor Management: An Enterprise-wide Focus Susan Orr, CISA CISM CRISC CRP Susan Orr Consulting, Ltd. Why Focus on Vendor Management Increased financial regulatory scrutiny GLBA and Identity Theft Red

More information

Putting the Management Back in Vendor Management February 20, 2014

Putting the Management Back in Vendor Management February 20, 2014 Putting the Management Back in Vendor Management February 20, 2014 Moderator: Brian O Reilly The Collingwood Group, LLC Panelists: Calvin Hagins, CFPB Ken Markison, MBA Jonathan McKernan, Wilmer Hale Dan

More information

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS Purpose This advisory bulletin communicates the Federal Housing Finance Agency s (FHFA)

More information

Vendor Risk Management Compliance Considerations

Vendor Risk Management Compliance Considerations Vendor Risk Management Compliance Considerations Outlook Live Webinar May 2, 2012 Ariane Smith, Senior Compliance Manager Cathryn Judd, Compliance Examiner Mark Jennings, Compliance Examiner Visit us at

More information

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship

Preparing for the Outsourcing Challenge: Legal Due Diligence to Ensure a Winning Service Provider Relationship THE 4 TH NATIONAL CONFERENCE ON OUTSOURCING IN FINANCIAL SERVICES NEGOTIATING, MANAGING & TERMINATING OUTSOURCING RELATIONSHIPS WHILE ENSURING REGULATORY COMPLIANCE Renaissance Mayflower, Washington, DC

More information

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background

VII 5.1. VII. Abusive Practices Third Party Procedures. Third Party Risk. Introduction. Background Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party

More information

Navigating Vendor Management Issues in Today s Regulatory Environment

Navigating Vendor Management Issues in Today s Regulatory Environment Navigating Vendor Management Issues in Today s Regulatory Environment May 6, 2015 Elizabeth E. McGinn, Partner Moorari K. Shah, Counsel 1 Disclaimer The information contained herein is for informational

More information

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility.

Board Responsibility. A bank can outsource a task, but it cannot outsource the responsibility. Third-Party Risk Board Responsibility The Board of Directors and senior management are ultimately responsible for managing activities conducted through third-party relationships as if the activity were

More information

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP

Outsourced Third Party Relationship Management/ Vendor Management. TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP Outsourced Third Party Relationship Management/ Vendor Management TTS Webinar July 15, 2015 Susan Orr CISA, CISM, CRISC, CRP 1 Risk Management Guidance 2 3 Appendix J: 4 - Key Elements Third Party Management

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Are your business partners watching your back when you are watching your front?

Are your business partners watching your back when you are watching your front? Are your business partners watching your back when you are watching your front? Danny Shaw SE Practice Leader IT Risk Advisory Services Experis Thursday, October 4, 2012 1 Objectives: Organizations frequently

More information

FinTech Webinar Series: Vendor Management Principles

FinTech Webinar Series: Vendor Management Principles FinTech Webinar Series: Vendor Management Principles Evolving Best Practices of Bank Service Providers February 14, 2013 Speakers Russell Bruemmer Partner Eric Mogilnicki Partner Jeffrey Hydrick Special

More information

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability...

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... ... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Company Culture... 6 Chapter 3 Risk Management Governance... 7 3.1 Board of Directors...

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers

Morgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner

More information

OCC BULLETIN OCC 2001-47

OCC BULLETIN OCC 2001-47 OCC BULLETIN Comptroller of the Currency Administrator of National Banks Subject: Third-Party Relationships Description: Risk Management Principles TO: Chief Executive Officers of National Banks, Federal

More information

Third Party Relationships

Third Party Relationships 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B D INTRODUCTION AND PURPOSE Background Yes/No Comments 1. Does the credit union maintain a list of the third party

More information

Are You Ready for the New Foreclosure Processing Regulations?

Are You Ready for the New Foreclosure Processing Regulations? Are You Ready for the New Foreclosure Processing Regulations? New regulator guidance provides banks servicing residential mortgages with expectations in effectively assessing foreclosure processing. The

More information

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information

Vendor Management Best Practices

Vendor Management Best Practices Vendor Management Best Practices Presented by: Raji Sathappan, MBA, CRCM, CISA, CAMS FMS East Coast Regional Conference September 2015 Certified Public Accountants Consultants Wealth Management Technology

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Goldman Sachs Residential Mortgage Servicing Vendor Management Policy Addendum U.S.-Based Program

Goldman Sachs Residential Mortgage Servicing Vendor Management Policy Addendum U.S.-Based Program Goldman Sachs Residential Mortgage Servicing Vendor Management Policy Addendum U.S.-Based Program Effective Date: January 27, 2014 Vendor Management Policy Addendum TABLE OF CONTENTS 1. INTRODUCTION...

More information

Forensic Services. Third Party Risks. March 2013

Forensic Services. Third Party Risks. March 2013 Forensic Services Third Party Risks Landscape of third party risk Focus on third parties that: perform functions on behalf of the company provide products and services that the company does not originate

More information

Managing Outsourcing Arrangements

Managing Outsourcing Arrangements Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS

More information

Third-Party Risk Management: Busting Myths and Telling Truths

Third-Party Risk Management: Busting Myths and Telling Truths Third-Party Risk Management: Busting Myths and Telling Truths Richik Sarkar, Esq. McDonald Hopkins LLC 600 Superior Avenue, East, Suite 2100 Cleveland, OH 44114 (216) 430-2009 rsarkar@mcdonaldhopkins.com

More information

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT

2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT 2015 REGULATORY CHALLENGES FOR FINANCIAL INSTITUTIONS E L L IOT T DAVIS D E COSIMO R I S K MANAG E MENT CONFERENCE COLUMBIA, SOUTH CAROLINA INTRODUCTIONS: DOWSE B. ("BRAD") RUSTIN IV is a partner with

More information

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-06 MORTGAGE SERVICING TRANSFERS. Purpose

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-06 MORTGAGE SERVICING TRANSFERS. Purpose FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-06 MORTGAGE SERVICING TRANSFERS Purpose The Federal Housing Finance Agency (FHFA) is issuing this advisory bulletin to communicate supervisory expectations

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS

SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank

More information

Risk Management Programme Guidelines

Risk Management Programme Guidelines Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1

APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management,

More information

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection

Statement of the Office of the Comptroller of the Currency. Provided to the Subcommittee on Financial Institutions and Consumer Protection Statement of the Office of the Comptroller of the Currency Provided to the Subcommittee on Financial Institutions and Consumer Protection Senate Committee on Banking, Housing, and Urban Affairs Shining

More information

Statement of Guidance: Outsourcing All Regulated Entities

Statement of Guidance: Outsourcing All Regulated Entities Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on

More information

9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99

9/13/2013. 20/20 Vision for Vendor Management & Oversight. Disclaimer. Bank Service Company Act - FIL-49-99 20/20 Vision for Vendor Management & Oversight 2013 WBA Technology Conference September 17, 2013 Ken M. Shaurette, CISSP, CISA, CISM, CRISC, IAM Director IT Services Disclaimer The views set forth are

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

GUIDANCE NOTE ON OUTSOURCING

GUIDANCE NOTE ON OUTSOURCING GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3

More information

Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel.

Chief Executive Officers of All National Banks, Department and Division Heads, and All Examining Personnel. AL 2000 9 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Third-Party Risk TO: Chief Executive Officers of All National Banks, Department and Division Heads,

More information

30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC)

30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC) 30-SECOND SUMMARY The Federal Reserve and the Office of the Comptroller of the Currency (OCC) have issued extensive new guidance to financial institutions about the use of third parties to perform functions

More information

Sound Practices for the Management of Operational Risk

Sound Practices for the Management of Operational Risk 1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required

More information

CAYMAN ISLANDS. Supplement No. 5 published with Gazette No. 19 dated 14 September, STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES

CAYMAN ISLANDS. Supplement No. 5 published with Gazette No. 19 dated 14 September, STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES CAYMAN ISLANDS Supplement No. 5 published with Gazette No. 19 dated 14 September, 2015. STATEMENT OF GUIDANCE: OUTSOURCING REGULATED ENTITIES Statement of Guidance: Outsourcing Regulated Entities 1. STATEMENT

More information

Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices

Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices Guideline Subject: Category: Sound Business and Financial Practices No: B-10 Date: May 2001 Revised: December 2003 Revised: 1 1. Introduction Financial institutions outsource business activities, functions

More information

6/8/2016 OVERVIEW. Page 1 of 9

6/8/2016 OVERVIEW. Page 1 of 9 OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to

More information

Outsourcing has become a critical component of financial institutions management

Outsourcing has become a critical component of financial institutions management Skadden Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or call your regular Skadden

More information

Outsourcing Technology Services OT

Outsourcing Technology Services OT Federal Financial Institutions Examination Council FFIEC Outsourcing Technology Services OT JUNE 2004 IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND MANAGEMENT RESPONSIBILITIES...

More information

New CFPB mortgage servicing rules present significant challenges for mortgage servicers

New CFPB mortgage servicing rules present significant challenges for mortgage servicers New CFPB mortgage servicing rules present significant challenges for mortgage servicers Prepared by: Jose Vivar, Director, McGladrey LLP 312-634-4394, jose.vivar@mcgladrey.com Michael Sher, Partner, McGladrey

More information

Company Name Vendor Management Policy and Procedure. Table of Contents

Company Name Vendor Management Policy and Procedure. Table of Contents Policy and Procedure Table of Contents Table of Contents... i Introduction... 1 Risks of Using Vendors... 1 Vendor Due Diligence... 2 Monitoring... 2 Section 1 Personnel... 1 Section 2 - Outside Vendors

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES

More information

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC.

UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC. UNITED STATES OF AMERICA BEFORE THE BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, DC. FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. OFFICER OF COMPTROLLER OF THE CURRENCY WASHINGTON,

More information

MISSION VALUES. The guide has been printed by:

MISSION VALUES. The guide has been printed by: www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit

More information

Regulatory Practice Letter February 2014 RPL 14-05

Regulatory Practice Letter February 2014 RPL 14-05 Regulatory Practice Letter February 2014 RPL 14-05 CFPB Nonbank Supervision of International Money Transfer Providers Proposed Rule Executive Summary The Consumer Financial Protection Bureau (CFPB or Bureau)

More information

Washington Update. Payments News from our Nation s Capital. October 2014. Contents. CFPB Finalizes Two Rules Related to International Money Transfers

Washington Update. Payments News from our Nation s Capital. October 2014. Contents. CFPB Finalizes Two Rules Related to International Money Transfers Washington Update Payments News from our Nation s Capital October 2014 Contents CFPB Finalizes Two Rules Related to International Money Transfers $25 per Issue $200 Annual Subscription Authors: Craig Saperstein

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

THIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one.

THIRD PARTY SUPPLIER RISK MANAGEMENT. Meeting Emerging Financial Services Regulatory Requirements. By Joseph Yacura, ISG Director. www.isg-one. THIRD PARTY SUPPLIER RISK MANAGEMENT Meeting Emerging Financial Services Regulatory Requirements By Joseph Yacura, ISG Director www.isg-one.com INTRODUCTION U.S. and Canadian financial services companies

More information

Outsourcing Risk Guidance Note for Banks

Outsourcing Risk Guidance Note for Banks Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the

More information

Managing General Agents (MGAs) Guideline

Managing General Agents (MGAs) Guideline Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission

More information

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs

POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs POV on Draft Guidelines on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFCs April 2015 For private circulation only Draft Guidelines on Managing Risks and Code of Conduct

More information

VENDORINSIGHTU P D A T E

VENDORINSIGHTU P D A T E VENDORINSIGHTU P D A T E November 12, 2013 COMPLIANCE VendorINSIGHT is the industry-leading solution for financial institutions offering the most features and capabilities for vendor risk monitoring. Ask

More information

Attachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment

Attachment. OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment Attachment OCC Guidance on Due Diligence Requirements in Determining Whether Securities Are Eligible for Investment The guidance below was issued by the Office of the Comptroller of the Currency (OCC)

More information

Regulatory Practice Letter December 2012 RPL 12-24

Regulatory Practice Letter December 2012 RPL 12-24 Regulatory Practice Letter December 2012 RPL 12-24 CFPB Nonbank Supervision - Larger Participants for Debt Collection and Credit Reporting Final Rules Executive Summary In February 2012, the Bureau of

More information

Subject: Safety and Soundness Standards for Information

Subject: Safety and Soundness Standards for Information OFHEO Director's Advisory Policy Guidance Issuance Date: December 19, 2001 Doc. #: PG-01-002 Subject: Safety and Soundness Standards for Information To: Chief Executive Officers of Fannie Mae and Freddie

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

<[Z[hWb <_dwdy_wb?dij_jkj_edi ;nwc_dwj_ed 9ekdY_b

<[Z[hWb <_dwdy_wb?dij_jkj_edi ;nwc_dwj_ed 9ekdY_b FFIEC Table of Contents Introduction 1 Board and Management Responsibilities 2 Risk Management 3 Risk Assessment and Requirements 4 Quantity of Risk Considerations 5 Requirements Definition 6 Service Provider

More information

Information Technology

Information Technology Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level

More information

Core Principles for Effective Banking Supervision: New Edition Released

Core Principles for Effective Banking Supervision: New Edition Released News Bulletin September 17, 2012 Core Principles for Effective Banking Supervision: New Edition Released Last Friday, September 14, 2012, the Basel Committee on Banking Supervision published a new set

More information

Managing third-party relationships: It s complicated

Managing third-party relationships: It s complicated Regulatory November 2013 brief A publication of PwC s financial services regulatory practice Managing third-party relationships: It s complicated Overview On October 30, 2013, the Office of the Comptroller

More information

SUPERVISION GUIDELINE

SUPERVISION GUIDELINE G u i d e l i n e s o n O u t s o u r c i n g P a g e 1 SUPERVISION GUIDELINE G10: GUIDELINES ON OUTSOURCING Issued To All Licensed Financial Institutions G u i d e l i n e s o n O u t s o u r c i n g

More information

Payment Processor Relationships Revised Guidance

Payment Processor Relationships Revised Guidance Federal Deposit Insurance Corporation 550 17th Street NW, Washington, D.C. 20429-9990 Payment Processor Relationships Revised Guidance Financial Institution Letter FIL-3-2012 January 31, 2012 Summary:

More information

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994

BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION

More information

Community Bank Risk-Focused Consumer Compliance Supervision Program

Community Bank Risk-Focused Consumer Compliance Supervision Program Community Bank Risk-Focused Consumer Compliance Supervision Program I. INTRODUCTION Overview of the Risk-Focused Framework The consumer compliance risk-focused supervision program is designed to promote

More information

Identifying and Managing Third Party Data Security Risk

Identifying and Managing Third Party Data Security Risk Identifying and Managing Third Party Data Security Risk Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar April 29, 2015 1 Introduction & Overview Today s discussion:

More information

CFPB Update: Regulatory and Enforcement Developments

CFPB Update: Regulatory and Enforcement Developments CFPB Update: Regulatory and Enforcement Developments December 16, 2014, 12:30 1:30 pm ET American Law Institute Webinar Jonathan L. Pompan Alexandra Megaris 1 Agenda Supervision and Examinations What is

More information

BOARD OF GOVERNORS FEDERAL RESERVE SYSTEM

BOARD OF GOVERNORS FEDERAL RESERVE SYSTEM BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM WASHINGTON, D.C. 20551 DIVISION OF BANKING SUPERVISION AND REGULATION DIVISION OF CONSUMER AND COMMUNITY AFFAIRS SR 12-17 CA 12-14 December 17, 2012 TO

More information

CFPB Readiness Series: Compliant Vendor Management Overview

CFPB Readiness Series: Compliant Vendor Management Overview CFPB Readiness Series: Compliant Vendor Management Overview Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must be tailored to the

More information

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,

More information

Minimizing Legal and Compliance Risk for Credit Furnishers

Minimizing Legal and Compliance Risk for Credit Furnishers Minimizing Legal and Compliance Risk for Credit Furnishers Wednesday, November 18, 2015 2:00 p.m. 3:00 p.m. EST Webinar Speakers Jonathan L. Pompan, Esq., Partner and Co-Chair Consumer Financial Protection

More information

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements

Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements isl Assessment and Compliance with Federal Financial Institutions Examination Council (FFIEC) Requirements DataGuardZ White Paper Forti5 BNP Paribas [Pick the date] What is the history behind FFIEC compliance?

More information

14 December 2006 GUIDELINES ON OUTSOURCING

14 December 2006 GUIDELINES ON OUTSOURCING 14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint

More information

Servicing Issues Update

Servicing Issues Update September 2014 Servicing Issues Update Regulatory Developments 1. Future Rulemaking. CFPB has indicated that it is reviewing its mortgage servicing regulations and may issue additional amendments and clarifications.

More information

SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT

SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT SUPERVISION GUIDELINE NO. 9 ISSUED UNDER THE AUTHORITY OF THE FINANCIAL INSTITUTIONS ACT 1995 (NO. 1 OF 1995) RISK MANAGEMENT Bank of Guyana July 1, 2009 TABLE OF CONTENTS 1.0 Introduction 2.0 Management

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight

II. Compliance Examinations - Compliance Management System. Compliance Management System. Introduction. Board of Directors and Management Oversight Compliance Management System Introduction Financial institutions operate in a dynamic environment influenced by industry consolidation, convergence of financial services, emerging technology, and market

More information

Information Technology Risk

Information Technology Risk Information Technology Risk Joint World Bank/Federal Reserve System Seminar for Senior Bank Supervisors from Emerging Economies Adrienne Haden & Mike Wallas Board of Governors of the Federal Reserve System

More information

Bank of Papua New Guinea Prudential Standard BPS252: Outsourcing of Business Activities, Functions and Processes

Bank of Papua New Guinea Prudential Standard BPS252: Outsourcing of Business Activities, Functions and Processes Bank of Papua New Guinea Prudential Standard BPS252: Outsourcing of Business Activities, Functions and Processes Issued under Section 27 of the Banks and Financial Institutions Act 2000 Overview and Key

More information

Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendor Compliance Management Series: Performing an Effective Risk Assessment Vendor Compliance Management Series: Performing an Effective Risk Assessment Legal Disclaimer This information is not intended to be legal advice and may not be used as legal advice. Legal advice must

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

GUIDELINES ON OUTSOURCING

GUIDELINES ON OUTSOURCING CONSULTATION PAPER P019-2014 SEPTEMBER 2014 GUIDELINES ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing ( the Guidelines ) in 2004 1 to promote sound risk management practices for

More information

COMPLIANCE MANAGEMENT SYSTEM

COMPLIANCE MANAGEMENT SYSTEM COMPLIANCE MANAGEMENT SYSTEM Ensuring Your Bank Meets Regulatory Standards Overview of Compliance Exams Examination Purpose: Assess the quality of an institution s compliance management system (CMS) for

More information

Outsourcing in the Financial Services Industry: Finding Opportunities and Managing Risk. New York. OCC and FRB Guidance on Managing Third-Party Risk

Outsourcing in the Financial Services Industry: Finding Opportunities and Managing Risk. New York. OCC and FRB Guidance on Managing Third-Party Risk March 24, 2014 If you have any questions regarding the matters discussed in this memorandum, please contact the following attorneys or your regular Skadden contact. Stuart D. Levi New York / 212.735.2750

More information