Policy, Program, and Procedures

 View Only

Welcome to the Policy, Program, and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program, and procedures; best practices; ideas; tips; guidance; how to implement; and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Policy, Program, and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program, and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    Question on Third Party Service Providers as Referrals

    By: Tiffany Haspil , 4 days ago

    I wanted to reach out to get your perspective on how others are addressing third-party service provider referral processes and whether you have a similar framework in place. We are working through an issue involving a department within a financial ... More

  • Profile Picture

    Managing Vendors with New AI Capabilities After Onboarding

    By: Tiffany Haspil , 4 days ago

    How are your teams managing vendors with AI capabilities? I work at a financial institution regulated by the OCC, for context. We have a GenAI review group and a somewhat half-baked process for approving AI capabilities. It works reasonably well for ... More

    1 person likes this.
  • Profile Picture

    RE: Seeking Credit Union Examples of Exempt / Out‑of‑Scope Vendor Definitions

    By: Greg Schilder , 11 days ago

    Hello - I'm wondering if anyone has rules around required documents being tardy and having to keep asking for? Do you wait 1-week, 2 weeks any penalties? How do you escalate? More

  • Profile Picture

    RE: Seeking Credit Union Examples of Exempt / Out‑of‑Scope Vendor Definitions

    By: Katie Decker , 11 days ago

    It's a risk-based decision for us. The easiest and most common categories that are out of scope are memberships, dues, sponsorships, conferences, professional associations. Our exempt providers are on a case-by-case basis, whereas the out-of-scope categories ... More

  • Profile Picture

    TPRM Process SLA

    By: Anonymous Member , 17 days ago

    This message was posted by a user wishing to remain anonymous Our company is composed of multiple divisions and organizations that utilize the same vendors. TPRM usually takes time, and since we handle multiple engagement assessments, there are several ... More

Polls

Most Active Users List