SlideShare a Scribd company logo

third party risk management best practices

SALIH AHMED ISLAM
SALIH AHMED ISLAM

A model third party risk management program, we've put together an informative info-graphic covering 14 of the best practices we have seen used.

Business
1 of 1
Download to read offline
GET OUT OF YOUR COMFORT ZONE To raise the bar in vendor management, you must engage with all parties within your organization. Failure to do so may result in you working in a silo and not having key information regarding your vendor’s performance. Meet regularly with account payable, sales, operations and the executive team. LEARN THE REGULATORY GUIDANCE Not just your own regulator, but all of them – they compare notes and follow each other’s best practices. WRITE A THOROUGH SET OF THIRD PARTY RISK MANAGEMENT DOCUMENTATION Including a policy, a program and robust procedures. PRINTABLE VERSION 2019 Venminder, Inc. 400 Ring Road, Suite 131, Elizabethtown, KY 42701 | (270) 506-5140 www.venminder.com Copyright © 2019 by Venminder, Inc. Download free due diligence samples and see how Venminder can help your institution reduce your workload. DOWNLOAD NOW Third Party Risk Management Best Practices 14 1 2 3 4 After working in the third party risk industry for many years, we’ve seen the very best of third party risk management and some of the worst. TAKE STOCK OF YOUR VENDOR LIST This is a useful practice to gain a better understanding of your current vendor profile. It’s even more important if you are running a decentralized vendor management system. If you have a line of business with contract signing authority outside of the normal vendor management process, the risk oversight responsibility is likely to still rest with you. Review your vendor list on a regular basis and ensure you have a firm process for adding new vendors or terminating them. And, be familiar with who are your critical vendors and high, medium and low risk vendors. 9 DON’T ALLOW DUE DILIGENCE TO BECOME A “CHECK THE BOX” ACTIVITY Due diligence isn’t just collecting documents and filing them away; it requires thorough and expert analysis. 10 KEEP YOUR DOCUMENTATION UP-TO-DATE Whether that means incorporating new guidance or simply making sure that your work matches what’s described in the documentation, it’s always a good idea to dust it off once in a while. And, make sure those updates are communicated to all the relevant parties, both inside and outside of your institution. 11 SELF-AUDIT If you don’t have your own internal audit department, then enlist other department, such as Compliance, help or an external audit firm to review your policies and procedures. Ultimately, you want to make sure that your day-to-day practices align to the documentation. After all, the regulator or examiner uses those as their baseline. 6 PLAN AHEAD Give yourself time to complete your tasks so you can better meet your timing goals/requirements. Vendors need time to organize and prepare, too, just like when something is requested of you. Allow time for seasonal activity, workload capacity and availability of key people with whom you need to engage. 7 ASK FOR HELP WHEN NEEDED Maybe it’s more budget dollars, maybe it’s more staffing, maybe it’s outside assistance – you’ll never get it if you don’t ask. 8 INVOLVE YOUR BOARD AND SENIOR MANAGEMENT TEAM Have them participate in setting direction, ask them to set “the tone from the top”. Regulatory guidance mandates active board involvement. Make sure you have proper reporting in place to help the process. We’ve got 14 vendor management best practices to share to help you keep your program top notch. Here’s the list: 5 COVER ALL OF THE BASES OF THIRD PARTY RISK MANAGEMENT Establish scalable processes for conducting a new vendor risk assessment, due diligence, ongoing monitoring, contract structuring and keeping your board informed – they are all absolutely essential. And, review those items annually; a lot can happen during a year! 12 KEEP ON LEARNING Webinars and conferences are a great way to go, so is simply reading the news and analysis. 13 FIND CREATIVE SOLUTIONS This could also say “don’t settle for “no” too easily” – for example, if you can’t get financials, consider what alternatives you might have…perhaps meet with their financial analyst or ask for an accountant’s statement. 14 READ ENFORCEMENT ACTIONS Ask yourself if you see anything that could be present in your institution that sounds like what’s in this enforcement action. If you do those 14 items well, you’ll have a model third party risk management program to show off to auditors and, more importantly, be doing the right actions to protect your institution, consumers and shareholders. Ultimately, while you can outsource nearly every product or function, you cannot outsource the responsibility for compliance.

Recommended

A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programCharles Steve
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Third party risk management and it’s complexities
Third party risk management and it’s complexitiesThird party risk management and it’s complexities
Third party risk management and it’s complexitieskevinmass30
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 

Recommended

A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementDevOps.com
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
Why does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programWhy does-your-company-need-a-third-party-risk-management-program
Why does-your-company-need-a-third-party-risk-management-programCharles Steve
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Third party risk management and it’s complexities
Third party risk management and it’s complexitiesThird party risk management and it’s complexities
Third party risk management and it’s complexitieskevinmass30
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementCharles Steve
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeDVV Solutions Third Party Risk Management
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party RiskThe Business Council of Mongolia
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
The challenges for the internal auditor
The challenges for the internal auditorThe challenges for the internal auditor
The challenges for the internal auditorRodoljub Kajganić
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler, MBA CPA
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorGrayline
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?Bureau van Dijk
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Risk Management Institution of Australasia
 
Is your company risking Non-Compliance
Is your company risking Non-ComplianceIs your company risking Non-Compliance
Is your company risking Non-ComplianceSiddharth Joshi
 
Adviser solicitor introducer relationships
Adviser solicitor introducer relationshipsAdviser solicitor introducer relationships
Adviser solicitor introducer relationshipsKevin Raftery
 

More Related Content

What's hot

CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk ManagementMark Scales
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsKate Tomlinson
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementCharles Steve
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeDVV Solutions Third Party Risk Management
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
The challenges for the internal auditor
The challenges for the internal auditorThe challenges for the internal auditor
The challenges for the internal auditorRodoljub Kajganić
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler, MBA CPA
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorGrayline
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?Bureau van Dijk
 

What's hot (20)

FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
 
Third-Party Risk Management
Third-Party Risk ManagementThird-Party Risk Management
Third-Party Risk Management
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
 
TI Managing Third Party Risk
TI Managing Third Party RiskTI Managing Third Party Risk
TI Managing Third Party Risk
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
The challenges for the internal auditor
The challenges for the internal auditorThe challenges for the internal auditor
The challenges for the internal auditor
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT Risks
 
Virtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk AdvisorVirtual Risk Officer / Virtual Risk Advisor
Virtual Risk Officer / Virtual Risk Advisor
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 

Similar to third party risk management best practices

Is your company risking Non-Compliance
Is your company risking Non-ComplianceIs your company risking Non-Compliance
Is your company risking Non-ComplianceSiddharth Joshi
 
Adviser solicitor introducer relationships
Adviser solicitor introducer relationshipsAdviser solicitor introducer relationships
Adviser solicitor introducer relationshipsKevin Raftery
 
Vendor Onboarding The Ultimate Guide
Vendor Onboarding The Ultimate GuideVendor Onboarding The Ultimate Guide
Vendor Onboarding The Ultimate GuideKashish Trivedi
 
20 Key Considerations for Implementing an Effective Corporate Compliance Program
20 Key Considerations for Implementing an Effective Corporate Compliance Program20 Key Considerations for Implementing an Effective Corporate Compliance Program
20 Key Considerations for Implementing an Effective Corporate Compliance ProgramMarket iT
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementJacky Hodges
 
The Business Of Law
The Business Of LawThe Business Of Law
The Business Of Lawguestdf7e71
 
Acquisitions - To do, or not to do? That is the question.
Acquisitions - To do, or not to do? That is the question.Acquisitions - To do, or not to do? That is the question.
Acquisitions - To do, or not to do? That is the question.Brad D. Cherniak
 
Ten Tips to Help You Control Your Employee Spending
Ten Tips to Help You Control Your Employee SpendingTen Tips to Help You Control Your Employee Spending
Ten Tips to Help You Control Your Employee SpendingInsperity
 
Chapter SixSmall Business Entry Paths to EntrepreneurshipCo.docx
Chapter SixSmall Business Entry Paths to EntrepreneurshipCo.docxChapter SixSmall Business Entry Paths to EntrepreneurshipCo.docx
Chapter SixSmall Business Entry Paths to EntrepreneurshipCo.docxbartholomeocoombs
 
Exit Strategies for Small Businesses
Exit Strategies for Small BusinessesExit Strategies for Small Businesses
Exit Strategies for Small BusinessesGround Floor Partners
 
Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Sunbelt Business Brokers Canada
 
Video business continuity planning and disaster recovery
Video business continuity planning and disaster recoveryVideo business continuity planning and disaster recovery
Video business continuity planning and disaster recoveryClive Bonny
 
Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance ReadyPeak 10
 
FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...
FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...
FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...Michael Swit
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryRachel Hamilton
 
KeyVision PRO - the perfect solution for lawyers and law firms
KeyVision PRO - the perfect solution for lawyers and law firmsKeyVision PRO - the perfect solution for lawyers and law firms
KeyVision PRO - the perfect solution for lawyers and law firmsgbarcun
 
The Disclosure Management Cycle
The Disclosure Management CycleThe Disclosure Management Cycle
The Disclosure Management CycleDisclosureNet
 

Similar to third party risk management best practices (20)

Is your company risking Non-Compliance
Is your company risking Non-ComplianceIs your company risking Non-Compliance
Is your company risking Non-Compliance
 
Adviser solicitor introducer relationships
Adviser solicitor introducer relationshipsAdviser solicitor introducer relationships
Adviser solicitor introducer relationships
 
Vendor Onboarding The Ultimate Guide
Vendor Onboarding The Ultimate GuideVendor Onboarding The Ultimate Guide
Vendor Onboarding The Ultimate Guide
 
20 Key Considerations for Implementing an Effective Corporate Compliance Program
20 Key Considerations for Implementing an Effective Corporate Compliance Program20 Key Considerations for Implementing an Effective Corporate Compliance Program
20 Key Considerations for Implementing an Effective Corporate Compliance Program
 
BOOK SAMPLE: Hot new WORKING FROM HOME LEGAL-MARKETING BOOK for law firm PART...
BOOK SAMPLE: Hot new WORKING FROM HOME LEGAL-MARKETING BOOK for law firm PART...BOOK SAMPLE: Hot new WORKING FROM HOME LEGAL-MARKETING BOOK for law firm PART...
BOOK SAMPLE: Hot new WORKING FROM HOME LEGAL-MARKETING BOOK for law firm PART...
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
The Business Of Law
The Business Of LawThe Business Of Law
The Business Of Law
 
Acquisitions - To do, or not to do? That is the question.
Acquisitions - To do, or not to do? That is the question.Acquisitions - To do, or not to do? That is the question.
Acquisitions - To do, or not to do? That is the question.
 
Ten Tips to Help You Control Your Employee Spending
Ten Tips to Help You Control Your Employee SpendingTen Tips to Help You Control Your Employee Spending
Ten Tips to Help You Control Your Employee Spending
 
Chapter SixSmall Business Entry Paths to EntrepreneurshipCo.docx
Chapter SixSmall Business Entry Paths to EntrepreneurshipCo.docxChapter SixSmall Business Entry Paths to EntrepreneurshipCo.docx
Chapter SixSmall Business Entry Paths to EntrepreneurshipCo.docx
 
Exit Strategies for Small Businesses
Exit Strategies for Small BusinessesExit Strategies for Small Businesses
Exit Strategies for Small Businesses
 
Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...Building Value in Your Business: financial, operational and organizational fa...
Building Value in Your Business: financial, operational and organizational fa...
 
Code of conduct
Code of conductCode of conduct
Code of conduct
 
Video business continuity planning and disaster recovery
Video business continuity planning and disaster recoveryVideo business continuity planning and disaster recovery
Video business continuity planning and disaster recovery
 
Code of success
Code of successCode of success
Code of success
 
Tips For Being Compliance Ready
Tips For Being Compliance ReadyTips For Being Compliance Ready
Tips For Being Compliance Ready
 
FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...
FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...
FDA Regulation of Promotion & Advertising -- Part 8: Handling Promotional Com...
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance Industry
 
KeyVision PRO - the perfect solution for lawyers and law firms
KeyVision PRO - the perfect solution for lawyers and law firmsKeyVision PRO - the perfect solution for lawyers and law firms
KeyVision PRO - the perfect solution for lawyers and law firms
 
The Disclosure Management Cycle
The Disclosure Management CycleThe Disclosure Management Cycle
The Disclosure Management Cycle
 

More from SALIH AHMED ISLAM

8 moves to becoming an agile internal audit
8 moves to becoming an agile internal audit8 moves to becoming an agile internal audit
8 moves to becoming an agile internal auditSALIH AHMED ISLAM
 
7 musts to establish a strategic plan
7 musts to establish a strategic plan7 musts to establish a strategic plan
7 musts to establish a strategic planSALIH AHMED ISLAM
 
6 implications of internal audit
6 implications of internal audit6 implications of internal audit
6 implications of internal auditSALIH AHMED ISLAM
 
6 benefits of internal auditing
6 benefits of internal auditing6 benefits of internal auditing
6 benefits of internal auditingSALIH AHMED ISLAM
 
5 benefits of a whistleblower hotline
5 benefits of a whistleblower hotline5 benefits of a whistleblower hotline
5 benefits of a whistleblower hotlineSALIH AHMED ISLAM
 
5 critical tasks of Internal Audit
5 critical tasks of Internal Audit5 critical tasks of Internal Audit
5 critical tasks of Internal AuditSALIH AHMED ISLAM
 
What do internal auditors do?
What do internal auditors do?What do internal auditors do?
What do internal auditors do?SALIH AHMED ISLAM
 
CORRUPTION PERCEPTIONS INDEX 2020
CORRUPTION PERCEPTIONS INDEX 2020CORRUPTION PERCEPTIONS INDEX 2020
CORRUPTION PERCEPTIONS INDEX 2020SALIH AHMED ISLAM
 
Cpi 2020 - main -infographic
Cpi 2020 - main -infographicCpi 2020 - main -infographic
Cpi 2020 - main -infographicSALIH AHMED ISLAM
 
Cpi 2020-western-europe-and-european-union-infographic
Cpi 2020-western-europe-and-european-union-infographicCpi 2020-western-europe-and-european-union-infographic
Cpi 2020-western-europe-and-european-union-infographicSALIH AHMED ISLAM
 
Cpi 2020-sub-saharan-africa-infographic v2
Cpi 2020-sub-saharan-africa-infographic v2Cpi 2020-sub-saharan-africa-infographic v2
Cpi 2020-sub-saharan-africa-infographic v2SALIH AHMED ISLAM
 
Cpi 2020-middle-east-and-north-africa-infographic
Cpi 2020-middle-east-and-north-africa-infographicCpi 2020-middle-east-and-north-africa-infographic
Cpi 2020-middle-east-and-north-africa-infographicSALIH AHMED ISLAM
 
Cpi 2020-eastern-europe-and-central-asia-infographic
Cpi 2020-eastern-europe-and-central-asia-infographicCpi 2020-eastern-europe-and-central-asia-infographic
Cpi 2020-eastern-europe-and-central-asia-infographicSALIH AHMED ISLAM
 
Cpi 2020-asia-pacific-infographic
Cpi 2020-asia-pacific-infographicCpi 2020-asia-pacific-infographic
Cpi 2020-asia-pacific-infographicSALIH AHMED ISLAM
 
CPI 2020 - Americas - Info-graphic
CPI 2020 - Americas - Info-graphicCPI 2020 - Americas - Info-graphic
CPI 2020 - Americas - Info-graphicSALIH AHMED ISLAM
 

More from SALIH AHMED ISLAM (20)

10 advice for ia executives
10 advice for ia executives10 advice for ia executives
10 advice for ia executives
 
8 moves to becoming an agile internal audit
8 moves to becoming an agile internal audit8 moves to becoming an agile internal audit
8 moves to becoming an agile internal audit
 
7 musts to establish a strategic plan
7 musts to establish a strategic plan7 musts to establish a strategic plan
7 musts to establish a strategic plan
 
6 implications of internal audit
6 implications of internal audit6 implications of internal audit
6 implications of internal audit
 
6 benefits of internal auditing
6 benefits of internal auditing6 benefits of internal auditing
6 benefits of internal auditing
 
5 benefits of a whistleblower hotline
5 benefits of a whistleblower hotline5 benefits of a whistleblower hotline
5 benefits of a whistleblower hotline
 
What is risk management
What is risk managementWhat is risk management
What is risk management
 
5 critical tasks of Internal Audit
5 critical tasks of Internal Audit5 critical tasks of Internal Audit
5 critical tasks of Internal Audit
 
5 fraud tips
5 fraud tips5 fraud tips
5 fraud tips
 
What do internal auditors do?
What do internal auditors do?What do internal auditors do?
What do internal auditors do?
 
Code of Conduct
Code of ConductCode of Conduct
Code of Conduct
 
CORRUPTION PERCEPTIONS INDEX 2020
CORRUPTION PERCEPTIONS INDEX 2020CORRUPTION PERCEPTIONS INDEX 2020
CORRUPTION PERCEPTIONS INDEX 2020
 
Fraud awareness training
Fraud awareness trainingFraud awareness training
Fraud awareness training
 
Cpi 2020 - main -infographic
Cpi 2020 - main -infographicCpi 2020 - main -infographic
Cpi 2020 - main -infographic
 
Cpi 2020-western-europe-and-european-union-infographic
Cpi 2020-western-europe-and-european-union-infographicCpi 2020-western-europe-and-european-union-infographic
Cpi 2020-western-europe-and-european-union-infographic
 
Cpi 2020-sub-saharan-africa-infographic v2
Cpi 2020-sub-saharan-africa-infographic v2Cpi 2020-sub-saharan-africa-infographic v2
Cpi 2020-sub-saharan-africa-infographic v2
 
Cpi 2020-middle-east-and-north-africa-infographic
Cpi 2020-middle-east-and-north-africa-infographicCpi 2020-middle-east-and-north-africa-infographic
Cpi 2020-middle-east-and-north-africa-infographic
 
Cpi 2020-eastern-europe-and-central-asia-infographic
Cpi 2020-eastern-europe-and-central-asia-infographicCpi 2020-eastern-europe-and-central-asia-infographic
Cpi 2020-eastern-europe-and-central-asia-infographic
 
Cpi 2020-asia-pacific-infographic
Cpi 2020-asia-pacific-infographicCpi 2020-asia-pacific-infographic
Cpi 2020-asia-pacific-infographic
 
CPI 2020 - Americas - Info-graphic
CPI 2020 - Americas - Info-graphicCPI 2020 - Americas - Info-graphic
CPI 2020 - Americas - Info-graphic
 

Recently uploaded

Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCRsoniya singh
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechNewman George Leech
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckHajeJanKamps
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 

Recently uploaded (20)

Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Mahipalpur 🔝 Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman LeechRE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 

third party risk management best practices

  • 1. GET OUT OF YOUR COMFORT ZONE To raise the bar in vendor management, you must engage with all parties within your organization. Failure to do so may result in you working in a silo and not having key information regarding your vendor’s performance. Meet regularly with account payable, sales, operations and the executive team. LEARN THE REGULATORY GUIDANCE Not just your own regulator, but all of them – they compare notes and follow each other’s best practices. WRITE A THOROUGH SET OF THIRD PARTY RISK MANAGEMENT DOCUMENTATION Including a policy, a program and robust procedures. PRINTABLE VERSION 2019 Venminder, Inc. 400 Ring Road, Suite 131, Elizabethtown, KY 42701 | (270) 506-5140 www.venminder.com Copyright © 2019 by Venminder, Inc. Download free due diligence samples and see how Venminder can help your institution reduce your workload. DOWNLOAD NOW Third Party Risk Management Best Practices 14 1 2 3 4 After working in the third party risk industry for many years, we’ve seen the very best of third party risk management and some of the worst. TAKE STOCK OF YOUR VENDOR LIST This is a useful practice to gain a better understanding of your current vendor profile. It’s even more important if you are running a decentralized vendor management system. If you have a line of business with contract signing authority outside of the normal vendor management process, the risk oversight responsibility is likely to still rest with you. Review your vendor list on a regular basis and ensure you have a firm process for adding new vendors or terminating them. And, be familiar with who are your critical vendors and high, medium and low risk vendors. 9 DON’T ALLOW DUE DILIGENCE TO BECOME A “CHECK THE BOX” ACTIVITY Due diligence isn’t just collecting documents and filing them away; it requires thorough and expert analysis. 10 KEEP YOUR DOCUMENTATION UP-TO-DATE Whether that means incorporating new guidance or simply making sure that your work matches what’s described in the documentation, it’s always a good idea to dust it off once in a while. And, make sure those updates are communicated to all the relevant parties, both inside and outside of your institution. 11 SELF-AUDIT If you don’t have your own internal audit department, then enlist other department, such as Compliance, help or an external audit firm to review your policies and procedures. Ultimately, you want to make sure that your day-to-day practices align to the documentation. After all, the regulator or examiner uses those as their baseline. 6 PLAN AHEAD Give yourself time to complete your tasks so you can better meet your timing goals/requirements. Vendors need time to organize and prepare, too, just like when something is requested of you. Allow time for seasonal activity, workload capacity and availability of key people with whom you need to engage. 7 ASK FOR HELP WHEN NEEDED Maybe it’s more budget dollars, maybe it’s more staffing, maybe it’s outside assistance – you’ll never get it if you don’t ask. 8 INVOLVE YOUR BOARD AND SENIOR MANAGEMENT TEAM Have them participate in setting direction, ask them to set “the tone from the top”. Regulatory guidance mandates active board involvement. Make sure you have proper reporting in place to help the process. We’ve got 14 vendor management best practices to share to help you keep your program top notch. Here’s the list: 5 COVER ALL OF THE BASES OF THIRD PARTY RISK MANAGEMENT Establish scalable processes for conducting a new vendor risk assessment, due diligence, ongoing monitoring, contract structuring and keeping your board informed – they are all absolutely essential. And, review those items annually; a lot can happen during a year! 12 KEEP ON LEARNING Webinars and conferences are a great way to go, so is simply reading the news and analysis. 13 FIND CREATIVE SOLUTIONS This could also say “don’t settle for “no” too easily” – for example, if you can’t get financials, consider what alternatives you might have…perhaps meet with their financial analyst or ask for an accountant’s statement. 14 READ ENFORCEMENT ACTIONS Ask yourself if you see anything that could be present in your institution that sounds like what’s in this enforcement action. If you do those 14 items well, you’ll have a model third party risk management program to show off to auditors and, more importantly, be doing the right actions to protect your institution, consumers and shareholders. Ultimately, while you can outsource nearly every product or function, you cannot outsource the responsibility for compliance.