Introduction to Becoming an MMC EIC

Board Oversight and Management

Management conducts adequate and ongoing due diligence and oversight of third parties to ensure compliance with consumer protection laws. The vendor management department oversees third party vendors internal controls, policies, procedures, and training to ensure adequate oversight of compliance, and interfaces directly with the Chief Operating Officer. The vendor management department assigns each vendor to a risk tier, where each tier is based on criticality, accessibility to critical information, and extent of consumer interaction. Management responds timely and adequately to changes in applicable laws and regulations, market conditions, products and services offered. They evaluate the changes and implement responses across the impacted lines of business. Management comprehends and adequately identifies compliance risks, including emerging risks in the products, services, and other activities. Provident’s written Information Security Plan is current and formulated based on its information security risk assessment. The plan adequately assesses internal and external risks to the security, confidentiality, and integrity of any electronic, paper, or other records containing personally identifiable information, and it has evaluated the effectiveness of the current safeguards for limiting such risks. Board Oversight and Management - Matters Requiring Attention The Examination Team did not identify any matters requiring attention.

For Training Purposes Only