This course begins with setting up Lines of Defense, a classic risk management approach to structuring your vendor management program, and how to apply it to the basic hub & spoke vendor management structure discussed in Certified Regulatory Vendor Program Manager (CRVPM®) Level I. The course then goes on to address the five components of the vendor management life cycle.
The five components of the vendor management life cycle are:
This course and certification is provided by Compliance Education Institute. Recertification is required annually.
This course is beneficial to anyone who has completed (CRVPM®) Level I.
The CRVPM® Level II expands upon existing concepts from the CRVPM® Level I course and introduces new concepts and content.
In addition, it also introduces advanced concepts in vendor management and expands upon existing concepts covered in the CRVPM® Level 1 course so that a vendor management professional can continue to expand their vendor management knowledge and augment their program.
As a CRVPM® Level II, these professionals:
To achieve the CRVPM® Level II designation, you must:
By becoming a CRVPM® Level II, you receive:
Setting up Lines of Defense is a risk management best practice that any size institution can implement in order to formalize responsibilities and enhance the checks and balances required to ensure that vendor management policy is complied with (Governance – 2nd line of defense) enterprise-wide. This chapter expands upon the hub & spoke vendor management model to provide a more detailed look at the vendor management structure and process, and the responsibilities for each line of defense. Chapter 1 then continues into Outsource Planning and examines the 12 components of the Outsource Planning process.
CRVPM® Level 1 covered the basic concept and process of conducting due diligence to ensure that the vendor can support the institution operationally and financially (adequate financial strength). CRVPM® Level II examines some specifics of due diligence including:
While guidance provides recommendations on contract structuring, technology service provider (TSP) contracts frequently leave the institution exposed to a number of dimensions of risk that guidance never warns you about. Attorneys and those skilled in contract review may help the institution mitigate risk when it comes time to dot the I’s and cross the T’s but if they are not well versed in technology issues then there are a number of exposures to be concerned about. This chapter covers the following exposures that anyone doing business with TSPs should be concerned about:
While we know that we need to monitor our vendors on an ongoing basis and conduct periodic reviews in order to assess Controls, Condition and Performance, Chapter 4 discusses setting a baseline for that monitoring and review, and the red flags/green flags to look for during the course of the relationship. This chapter includes:
Considered as the first step in outsourcing, it is crucial to have an exit strategy prior to even engaging a vendor. There inevitably comes a time when most institutions decide to transition an outsourced service away from their current vendor and either move it to a new vendor or bring it back in house. All too often, this exercise is conducted reactively rather than proactively and leaves the institution exposed to many risks, expenses and legal issues. This chapter covers the following 6 components of a vendor exit strategy:
Mick Kless is the founder and CEO of RISC Associates, a regulatory compliance consultancy and compliance automation tools developer, and Compliance Education Institute, the training and education division of RISC. He is a recognized industry expert on vendor management and the creator of the Certified Regulatory Vendor Program Manager (CRVPM) course. Mick has spent more than 30 years in financial services, has focused on GLBA 501(b) issues since 2001 and has specialized in vendor management regulatory issues since 2004.
For course access questions, email support@compliance-edu.com.
Course length: 12 hours