This course is provided by the Compliance Education Institute.
The increased regulatory focus on 3rd party oversight programs has created a growing demand for professionals with specialized expertise in building and managing compliant vendor management programs. This Certified Regulatory Vendor Program Manager (CRVPM) course provides the regulatory knowledge, methodology and best practices required to build and manage a compliant 3rd party oversight program that meets FFIEC Guidance, GLBA 501(b) requirements as well as OCC, FDIC, NCUA, FRB, CFPB Guidance and bulletins. In addition, this course covers the preparation to present documentation in support of exams and audits. This course is web-based and self-paced.
Those who hold this designation are often risk officers, compliance officers, CIOs, CFOs, auditors, examiners, vendor management specialists, operations officers, info security officers and those involved in building and managing a compliant vendor management program.
As a CRVPM, these professionals:
- Are recognized as an expert in the vendor management field
- Increase their value to their credit union
- Show examiners and auditors their credit union’s commitment to regulatory compliance
- Demonstrate professional growth and an advanced level of regulatory knowledge
- Hold a competitive advantage over others when seeking career growth
To achieve the CRVPM designation, you must pass each of the seven chapters quizzes with a passing score of 70% for each. Scoring is instant, so you will know your results immediately.
By becoming a CRVPM, you receive:
- A hardcopy certificate with your CRVPM designation number
- The Vendor Program Manager Reference Guide containing information from the course in book format complete with index, appendices, glossary and table of contents. The guide is updated throughout the year with new regulations, bulletins and rules are issued and as new trends emerge.
- Approximately 100 due diligence, periodic review and contract review questions in EXCEL spreadsheet format
- An outsource planning worksheet and SSAE 16 decision tree flow chart
- One year of phone and email support for questions pertaining to NCUA Part 748/GLBA 501(b)
“In a world where we are trusting more vendors to do more things for our members, educating yourself is the best place to start. This course is full of practical ideas and resources you can use, without requiring a small army of staff to get the job done.” -- Matthew Bailey, CUCE, BSACS, CRVPM, Director of Compliance, Linn Area Credit Union
Chapter 1 – History
The Great Depression of 1929 led to a number of regulatory acts intended to protect bank customers. This chapter covers the historical events and subsequent regulations from the Glass-Steagall Act to the Gramm-Leach-Bliley Act, providing the student with the knowledge of the driving issues behind the regulations.
Chapter 2 - Regulations
The regulatory burden is overwhelming and only growing in scope. Very often regulations from multiple agencies often overlap. This chapter helps you sort through the proliferation of regulations, bulletins and Guidance that financial institutions must be aware of and ensure that their vendors comply with.
Some of the regulations reviewed include:
- FFIEC Guidance NCUA Part 748 FCRA
- GLBA 501(b) Disposal Rule CFPB Consumer Protection
- Privacy Act FDIC Part 364B FACTA
- Identity Theft Red Flags Guidance from the FRB and OCC from Q4 2013
Chapter 3 – Benefits
Compliance is most often seen as a cost center with the perception that the benefit of being compliant is “not being fined”. This chapter presents examples of the many benefits of a compliant vendor management program and the methodology to determine the many hard dollar and soft dollar savings that can be realized. Leveraging this knowledge, a business case can be built for program funding or enhancement and gaining Executive Sponsorship.
Some of the benefits discussed include:
- Competitive Advantage
- Risk Mitigation
- Budget Control
- Reputation Protection
Chapter 4 – Components
A filing cabinet full of folders is not a vendor management program! A program is a series of inter-related steps to be carried out inclusive of policy, procedure and process in order to achieve a goal or set of goals.
This chapter dives into the details of the 9 key components of a compliant vendor management program that every institution must address including:
- Policy Vendor Inventory Risk Rating
- Due Diligence Contract Review Periodic Review
- Contract Management Ongoing Monitoring Reporting
Chapter 5 – Implementation
Once the regulations, benefits and components are understood, this chapter instructs how to put it all together and begin implementing or enhancing your program.
It addresses all steps including:
- Gaining Executive Sponsorship
- Determining which vendors to include in your program
- Assessing risk and criticality
- SSAE 16 decision tree
- Conducting Due Diligence, Periodic Review and Contract Review
- Managing the flow of documents and meeting the expectations of multiple regulators
Chapter 6 – Exam and Audit Preparation
The increased regulatory focus on vendor management programs and the high profile security breaches in recent years have given regulators cause for concern over whether financial institutions are complying with regulatory requirements to ensure that their vendors’ physical, technical and administrative controls are being properly evaluated. This chapter provides the insight gained through interviewing financial institutions across the country to provide the details needed to properly prepare for your next regulatory exam or audit. The chapter covers the 5 Vendor Management Audit Objectives along with the expected 13 controls.
Documentation discussed in this chapter includes preparation of the following:
- Segmenting and reporting on the types of Clouds utilized
- Complementary User Entity Controls assessments
- Reports on High Risk, Critical, Foreign-based, Red Flags, CFPB vendors and the critical documents that need to be presented
- Self-identified issues
Chapter 7 – Best Practices
While Best Practices are not always practical for all institutions, this chapter presents a wide variety of Best Practices that have proved valuable to successful vendor management program implementations at institutions across the country.
Practices will be discussed for:
- Vendor Program Design
- Program Implementation and Management
- Risk Assessment Methodology
- Contract Management
- Successful approaches to handling vendor issues that don’t fit the mold
About the presenter: Compliance Education Institute LLC
Mick Kless is the founder and CEO of RISC Associates, a regulatory compliance consultancy and compliance automation tools developer, and Compliance Education Institute, the training and education division of RISC. He is a recognized industry expert on vendor management and the creator of the Certified Regulatory Vendor Program Manager (CRVPM) course. Mick has spent more than 30 years in financial services, has focused on GLBA 501(b) issues since 2001 and has specialized in vendor management regulatory issues since 2004.
For course access questions, email firstname.lastname@example.org.