Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Slides:



Advertisements
Similar presentations
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
Advertisements

Control and Accounting Information Systems
Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.
1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,
Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
 BITS BITS Framework for Managing IT Service Provider Relationships Sharon O’Bryan, ABN AMRO Technology Outsourcing and Due Diligence American.
Intro Matt Reeves – FirsTech Lyle Wolinsky – Global Express Stella Pulliam – Sempra Utilities Kim Folks – Tampa Electric Guidelines for a Successful RFP.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Planning the Audit; Linking Audit Procedures to Risk
Chapter 4 Internal Control Bus 319 Accounting Information Systems.
Vendor Management Frequent regulatory findings:
Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.
Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
Due Diligence - The Regulator’s Perspective ABA Telephone/Webcast Briefing August 14, 2001 Cynthia Bonnette, Assistant Director FDIC Bank Technology Group.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
Bank Secrecy Act Staying One Step Ahead of Your BSA Examiner September 2009 AMLA Chicago Chapter Event.
OECD Guidelines on Insurer Governance
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Financial Conglomerates, What are the Inherent Risks? 2006 CIAB Conference Port-of-Spain, Trinidad & Tobago November 16, 2006 Thordur Olafsson, CARTAC.
International International Standards on Regulating DNFBPs & The way forward Mr Peter KWOK Assistant Secretary for Security 19 February 2009 Narcotics.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
Best Practices for Banking MSBs
Board of Directors and Governance
1 Regulator Panel FIRMA 25 th Annual Risk Management Training Conference April 19, 2011.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
ໂດຍ: ວິສອນ ໄຊສົງຄາມ ກົມຄຸ້ມຄອງສະຖາບັນການເງິນ, ທະນາຄານແຫ່ງ ສປປ ລາວ
Enterprise AML Program Assessment
FDIC 2010 Overdraft Payment Program Guidance Overview & Frequently-Asked Questions March 29, 2011  Director Mark Pearce, Division of Depositor and Consumer.
© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011.
May 14, 2014 Presented by Ken Shim. Background April CFPB issued Bulletin Federal Reserve, OCC and FDIC issued similar guidance on vendor.
Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.
Chapter 9: Introduction to Internal Control Systems
Hosted By Mike Gallagher October 2015 Risk Management And Compliance.
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
FIRMA National Risk Management Training Conference – Orlando, FL Wednesday April 9, 2008 Third Party / SAS 70 Reports A Regulatory and Standards Update.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Dino Tsibouris (614) Cloudy with a Chance of Lawyers: Legal issues in Cloud Computing Contracts.
Compliance Risk Management
Vendor Management by Banks: How Law Firms Are Affected Peter Swire Huang Professor of Law and Ethics Scheller College of Business Georgia Institute of.
JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.
Presented by: David Reid, DBA International
NCUA Consumer Compliance
2013 LBA Bank Counsel Conference
Outsourcing Policy & Procedures
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Protection of CONSUMER information
Optimizing Your Regulatory Compliance Program
The CFPB’s Legal Minefield for CREDIT UNIONS
Chapter 9 Control, security and audit
Vendor Management & Business Value
Current Privacy Issues That May Affect Your Credit Union
ALTA Best Practices.
Canadian Auditing Standards (CAS)
Anatomy of a Common Cyber Attack
Presentation transcript:

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010

22 Teresa Sabanty, Assistant Regional Director, Compliance FIL , Guidance for Managing Third-Party Risk PowerPoint Presenters – Senior Compliance Examiners: - Ruben Baez - Christopher Lombardo Introduction

33 Background. Potential Risks Arising from Third-Party Relationships. Risk Management Process. FDIC Supervision of Third-Party Relationships. Questions. Closing Remarks. Agenda

44 Third-Party Relationships Defined. Third-Party Uses. Third-Party Risk Management Process. Background

55 Strategic. Reputation. Operational. Transaction. Credit. Compliance. Other. Potential Risks Arising From Third-Party Relationships

66 Managing Third-Party Risks Four Elements of Managing Risk Risk Assessment. Due Diligence. Contract Structuring. Oversight.

77 Risk Assessment Strategic Fit. Cost/Benefit: Dollars and Risk/Reward. Management Capability. Long-Term vs. Short-Term.

88 Due Diligence Third-Party Evaluation Criteria: -Financial Condition. -Experience. -Business Reputation. -Strategies and Goals. -Complaints, Regulatory Actions, or Litigation. -Ability to perform using current systems.

99 Due Diligence Third-Party Evaluation Criteria (continued): -Use of Subcontractors. -Scope of Controls, Privacy Protections, and Audit Coverage. -Business Continuity Plans. -Knowledge of Consumer Protection Laws and Regulations. -Management Information Systems. -Insurance Coverage.

10 Contract Structuring & Review Scope. Cost/Compensation. Performance Standards. Reports. Audit. Confidentiality & Security.

11 Customer Complaints. Business Resumption & Contingency Plans. Default & Termination. Ownership and License. Indemnification. Limits on Liability. Contract Structuring & Review

12 Board and Management are Responsible. Monitoring. Reporting to the Board. Oversight

13 Evaluation of overall effectiveness of the program or arrangement. Continuing consistency with the bank’s strategic goals. Compliance with laws and regulations. Review of testing interactions with customers. Review of complaint resolutions. Review of audits and corrective action. Licensing or registrations. Financial condition. Changes, including key individuals. Meeting to discuss performance or operational issues. Oversight - Monitoring

14 FDIC FIL Primary Federal Regulator Notification Third Party Relationships Involving: Bank Service Company Act  Check or deposit item processing.  Core processing.  Preparation and mailing of checks, statements, or notices.  Any other clerical, bookkeeping, accounting, statistical, or similar functions.

15 Board and Management Responsibility. Examination Procedures. Report of Examination Treatment. Corrective Actions. FDIC Supervision of Banks’ Third-Party Relationships

16 Questions & Answers

17 FIL Guidance for Managing Third-Party Risk FIL Revised IT Officer’s Questionnaire FIL Foreign-Based Third-Party Service Providers FIL Guidance on Response Programs FIL Computer Software Due Diligence FIL Country Risk Management FIL (b) Examination Guidance FIL Bank Technology Bulletin: Technology Outsourcing Information Documents FIL Security Standards for Customer Information FIL Risk Management of Technology Outsourcing FIL Bank Service Company Act FFIEC IT Handbooks –Outsourcing Technology Services –Supervision of Technology Service Providers References

18 For any questions related to the material presented in this Regulatory Conference Call, you may contact via Ruben Baez or Christopher Lombardo at Contacts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.