Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • I am very new to vendor management and have some questions I am hoping y'all may be able to provide recommendations on. I get the thought behind scoping public utility companies out of policy. What about utilities brokers? Do you have them in scope? ... More

  • Thank you Sent from my iPhone More

  • I am reviewing our Third party inherent risk tiers and I am finding that the Low and Minimal are really too similar and likely looking to combine those into one rating. Moderate, however is too big with too many variations and nuance. I would like to ... More

  • Profile Picture

    Document Retention - Validation

    This message was posted by a user wishing to remain anonymous Good afternoon, We currently have a Record Retention policy that was created several years ago and the original creator of the policy is no longer with our Bank. During our annual renewal ... More

    1 person likes this.
  • I've attached the Venminder TPRM policy template and supporting documents that might be helpful! More

Polls