Vendor Management: The Big Picture

Other Vendor Management courses through Compliance Education Institute

Web-based ... On demand

Building, implementing and managing a compliant vendor management program is no easy task given the proliferation of regulations, rules and Guidance, many of which overlap. And with increased regulatory scrutiny due to high profile breaches, financial institutions must have a solid understanding of the driving regulatory issues that surround vendor management, the key ideas required to build and implement a successful and compliant program, and the expectations of examiners and auditors.


Vendor Management: The Big Picture covers the topics that will help you address questions about building, implementing and managing a compliant vendor management program.

Time Required: 60 minutes

Cost: $249 per enrollment, a single registration allows for an unlimited number of listeners

You Will Receive: Presentation Workbook

Register Online Form


Senior executives, anyone needing a primer of vendor management, vendor relationship owners, vendor management staff, IT staff, COO, CIO, BCP/DR team, compliance and risk.


  • Regulations: Key regulations, guidance and rules that you must comply with from FFIEC Guidance, GLBA 501(b), FACTA, FCRA, FTC, Red Flags, Disposal Rule and the most recent OCC and FRB Guidance.
  • Benefits: Complying is not just about “not being fined.” We discuss the key business benefits of a compliant vendor management program and why it makes sense to invest in building one or enhancing an existing one.
  • Key Components of a Compliant Program, including:
    • Which vendors to include in your inventory
    • Risk rating methodology
    • Due diligence
    • Periodic review
    • Contract review
    • Contract tracking
    • Policy
  • Implementation: A discussion of how you gain executive sponsorship, stakeholder buy-in, centralized management/decentralized ownership, vendor stratification, questionnaire development and creating a document repository.
  • Vendor Red Flags: There are a number of red flags to look for when collecting documentation that might indicate you should avoid this vendor.
  • Examiner Expectations: Eliminate the guesswork as to what examiners are looking for and find out which reports and documentation you need to provide. Understand the difference between SSAE 16’s, different types of cloud computing environments and what you should be doing about Complimentary User Entity Controls.


R.I.S.C. Associates/Compliance Education Institute (CEI) – CEI is the education division of RISC Associates, a leading regulatory compliance consultancy with deep expertise in GLBA 501(b). Leveraging its more than 30 years of banking, compliance and information security expertise and field experience, RISC has put together a series of educational courses offered through its CEI division to help bankers better prepare for the compliance issues that they deal with on a daily basis.

Register Online Form

Questions: NYBA Professional Development at (212) 297-1679 or