IT Examiner School, Seaside, CA

For Your Consideration

• Examiners cannot recommend any one vendor or service provider. • Examiners cannot advocate any particular software application, network administration tool, or similar resource. • Examiners cannot provide management with a list of possible options. • It is the financial institution’s responsibility to assess, vet, and determine which is the appropriate solution for their needs.

Question: Should a financial institution use a vendor due the relationship with the parent company?

Vendor Risk Management Process

• The vendor risk management process typically incorporates the following activities:

– Risk assessments and requirements definition – Due diligence in selecting a service provider – Contract provisions and considerations – Incentive compensation review – Ongoing oversight and monitoring of service providers – Business continuity and contingency plans.