Certified Regulatory Vendor Program Manager Level III

Other Vendor Management courses through Compliance Education Institute

Web-based, self-paced eLearning course

Course:                   5 chapters, each with exam at the end (80% to pass)

Prerequisite:     CRVPM® Level I and CRVPM® ll

Time Required:   12 hours

CPE Eligible:....   14.4 cpe credits (based on 1 credit per 50 minutes)

Cost:                      $499.00 per person


The Certified Regulatory Vendor Program Manager (CRVPM®) Level IlI expands upon existing concepts from the CRVPM Level I and Level ll courses, diving deeper and expanding upon a number of areas previously studied as well as introducing new concepts and content.

The course begins with a study of the Business Value of a 3rd Party Risk Management Program, an area that is frequently overlooked by senior executives and lost in the frenzy of managing vendors. Perceived as a necessary evil and a checklist to satisfy examiners and auditors, the purpose of the program is to drive both tangible and intangible value throughout the framework, operating model and each stage of the lifecycle in support of strategic objectives.

The Level lll course then goes on to addresses the following:

  1. RFP Framework
  2. Concentration Risk
  3. 3rd Party Cybersecurity
  4. GDPR and European Banking Authority as it applies to 3rd party risk management


Course Description:

Chapter 1 – The Business Value of a 3rd Party Risk Management Program
This picks up where CRVPM ll left off and dives into the 3rd party risk management program framework and each stage of its lifecycle, demonstrating the business value that should be driven from it. If you’re trying to build a business case for further investment in your program or need to better understand whether you’re on track to attain the goals you hoped to achieve through outsourcing, this will help you identify and articulate the value proposition of a sound program.

Chapter 2: Formalizing the RFP Process and Creating Transparency and Fairness
All too often there is confusion as to the difference between an RFI (Request for Information) and an RFP (Request for Proposal) and when to use them. Many RFP’s are confusing, too broad, don’t differentiate between needs and wants, and are written to the strengths of one particular vendor. This ultimately results in a less than ideal proposed solution and the client (you) turns out being the loser. This chapter dives into the RFP process and covers the following:

Chapter 3 – Concentration Risk
Concentration Risk has been a formal regulatory issue but has only recently been a topic of examiner focus. Having all of your eggs in one vendor’s basket is never a good thing due to the huge impact it has on business resilience. However, there are many other facets of concentration risk to be concerned about as shown below.

  • SystemicVendor-based
  • Service-basedGeographic
  • 4th PartyEconomic
  • Sector-basedReverse Concentration Risk
  • Socio-Political

Attempting to tackle the many facets of concentration risk is difficult without a framework and a set of business rules to flag concentration risk outside of the institution’s tolerances. This chapter dives into the types of concentration risk, vulnerabilities, mitigating controls and the development of a Unified Concentration Risk Framework (UCRF).

Chapter 4 – 3rd Party Cybersecurity
A hot topic everywhere that everyone should be concerned about! Are your vendors as prepared as you are? Within this chapter we discuss:

  • Cyber Security Landscape
  • Why We Should Worry
  • Cyber Security vs Cyber Resilience vs Cyber Risk
  • Mitigating controls (physical, technical, administrative, contractual)
  • Approach to a 3rd Party Cyber Security Risk Assessment

Chapter 5 – GDPR and European Banking Authority
The General Data Protection Regulation (GDPR) has been a highly visible topic given today’s global economy, data theft, and numerous standards for data privacy and protection. With the standardization of the General Data Protection Regulation throughout the European Union, this chapter dives into the Articles pertaining to Vendor Management, key elements, terms, basic principles, regulatory expectations and whether you should even be concerned about it based upon your business model and customer base.

Register Online Form

Questions: NYBA Professional Development at (212) 297-1679 or education@nyba.com.