With financial institutions increasingly relying on third-party providers to offer their products and services comes increased risk. Starting with the core system, should you outsource it or keep it in-house? And following with the rest of all the banking products you offer to your business clients or members that depend on technology, how in depth should your due diligence be? In this educational session, the presenter provides best practices based on the FFIEC IT Examination Handbook to help you develop a simple yet comprehensive Vendor Management Program.

In addition, along with Vendor Management, which includes all the third-party providers of systems and software, comes yet another risk—Model Risk. The presenter will explain step by step the OCC SR Letter 11-7 following their guidance on Model Risk Management. You will walk away with a clearer understanding of where Vendor Management and Model Risk Management fit it within your ERM program.

Topics to be covered:

• How Vendor Management Program fits in within Enterprise Risk Management
• Vendor Management Program Components
• Vendor Management Policy and Procedures
• Vendor Due Diligence
• Example of Vendor Risk Assessment
• Monitoring and Reporting Assessment Results
• Definition of Model Risk and how it applies to your Institution
• The OCC SR Letter 11-7 – A Step by step explanation
• Examples of Model Risk – How it affects your institution
• Example of Model Risk Assessment
• How to establish your own Model Risk Management Program