Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    RE: TPRM Program

    I don't think I can provide the actual Policy or Program guides... but maybe the table of contents will help. ? And the interagency guidance from last years RFC (see FDIC FIL 50-2021).. when I look at the proposed guidance the big miss for me is addressing ... More

    1 person likes this.
  • I 100% second all of the comments in this thread! Critical vendor creep is real. We had gone through all of our critical vendors about 18 months ago, re-reviewed and risk rated and got the number down to about 13% of total vendor population. That ... More

  • Profile Picture

    TPRM Program

    This message was posted by a user wishing to remain anonymous As BaaS and Fintech's are under more scrutiny in the banking industry, we are looking to align our TPRM Program with suggested guidance. Has anyone updated their banking TPRM Policy and Program ... More

  • The word that is overly abused and misused so often it should be it's own risk category. (j/k) :-) I've gotten to the point that we have Strategically Critical (where most just use Critical) The definition is: Strategically Critical Third Party shall ... More

  • Christi, Great question. When I started the TPRM process for Penn National Insurance I talked to several individuals who work in the space. As a rule of thumb they mentioned the 5 - 10% you referenced. However, that can vary by your organization's definition ... More

Polls