Vendor Compliance Management Series: Performing an Effective Risk Assessment

Vendors and Risk Assessments

Are you looking to find out more about how to ensure that your organization is meeting vendor compliance management requirements? This webinar provides an overview of ways that you can ensure that your organization is performing an effective risk assessment.

In this webinar, Joseph Kirkpatrick introduces and gives an overview of external guidance’s that may serve to be potentially useful for your organization to establish or refine your risk management policies and procedures:

Additionally, Brett Soldevila, COO for Security Credit Services, LLC, addresses various other ways that organizations can evaluate and address risk within their company and their vendors. He discusses how trends in the concept of risk management can be traced back to the implementation of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Sarbanes-Oxley Act of 2002 (SOX). He also covers various ways to analyze risk throughout your company and vendors. Brett recommends performing the following to analyze risk within your company and your vendors:

  • Enterprise-wide risk assessment
  • Data security risk assessment
  • Third party vendor risk assessment

Tony Bailey, Director of Business and Strategic Development at Cornerstone Support, also gives an overview of the importance of third-party validation in regard to vendor selection.

To learn more about vendor compliance management and how your organization can conduct effective risk assessments, download the full webinar. For more information about VCM or CFPB compliance, contact us today.

Vendor Compliance Management Series: Where To Start?

What’s Changed?

There needs to be a full chain of custody as the CFPB expects you to “oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law….” For example, if you have “any person (i.e. service provider) that provides a material service to a covered person (i.e. you) in connection with the offering or provision by such covered person of a consumer financial product or service,” then you are responsible for their compliance to all relevant CFPB requirements. In essence, both parties are responsible for upholding the requirements of the CFPB.

For your vendor compliance management program to meet these requirements, it will need to include the following required components:

  • Due diligence in vendor selection and onboarding
  • Ongoing risk assessment
  • Contractual requirements
  • Audit plan
  • Monitoring
  • Termination
  • List of third parties to include a description of services performed
  • Third party contracts
  • Statement or Work or Service Level Agreements
  • Third parties’ SOC 1 reports, PCI RoC, etc.

Download Now
To ensure that your vendor compliance management program incorporates these required components, you can begin by doing the following:

  • Conduct a risk assessment
  • Develop policies and procedures that define due diligence requirements according to risk ranking and services performed
  • Develop policies and procedures that define due diligence requirements according to risk ranking and services performed
  • Establish vendor compliance management policies, procedures, checklists, and templates

Download the full webinar to learn more about vendor compliance management. For more information about vendor compliance management or CFPB compliance, contact us today.