Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    Seeking Credit Union Examples of Exempt / Out‑of‑Scope Vendor Definitions

    By: Anonymous Member , 15 hours ago

    This message was posted by a user wishing to remain anonymous We're currently working to refine our Exempt / Out ‑ of ‑ Scope vendor definition and governance framework and want to ensure clarity and consistency. I'm specifically looking for credit ... More

  • Profile Picture

    RE: Criticality criteria for third party vendors

    By: Anonymous Member , 5 days ago

    This message was posted by a user wishing to remain anonymous We think of "critical" in terms of impact - what would happen to our operations if something happened with this vendor? An example: If the electricity went out, that would have a huge impact ... More

  • Profile Picture

    RE: Where do your New Vendors come from?

    By: Anonymous Member , 5 days ago

    This message was posted by a user wishing to remain anonymous Thank you for your input, Jennifer! More

  • Profile Picture

    RE: Where do your New Vendors come from?

    By: Anonymous Member , 6 days ago

    This message was posted by a user wishing to remain anonymous We request COIs as part of the onboarding due diligence process and the ongoing DD process. One of the Risk SMEs reviews these to ensure coverage is adequate. More

  • Profile Picture

    RE: Criticality criteria for third party vendors

    By: Jennifer Wilkinson , 6 days ago

    We use first a materiality assessment of 7 questions that include- Will this vendor access borrower or employee confidential data? Will this vendor have major impact on our ability to operate our business? Are there significant internal resources needed ... More

Polls

Most Active Users List