Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    RE: Other Banks as Vendors

    This message was posted by a user wishing to remain anonymous We include Banks within our list of vendors but don't run them through our full due diligence process. We will also periodically review their call report data. But, as you've discovered, ... More

  • Profile Picture

    Other Banks as Vendors

    This message was posted by a user wishing to remain anonymous Hello, I would like to get everyone's opinion on something: We are updating our policy and the discussion of whether to include other regulated financial institutions as vendors came ... More

  • Profile Picture

    Contract Clause Framework

    This message was posted by a user wishing to remain anonymous What approach have you used when implementing a contract clause framework for third-party contracts? How do you prioritise which clauses to include how do you balance risk mitigation ... More

  • Good afternoon. Charitable organizations that receive donations or sponsorships from a company are often governed by the company's Charitable Giving Policy rather than its Vendor Management Policy. This distinction is primarily because these entities ... More

  • This message was posted by a user wishing to remain anonymous Hello everyone. I am working on our policy/procedure documentation review, and I am adding a section to cover what we consider to be in and out of scope for our program. I have been looking ... More

    1 person likes this.

Polls