|The Certified Regulatory Vendor Program Manager (CRVPM®) Level II expands upon existing concepts from the CRVPM Level I course and introduces new concepts and content.
The course begins with setting up Lines of Defense, a classic risk management approach to structuring your vendor management program, and how to apply it the basic hub & spoke vendor management structure discussed in CRVPM Level I. The course then goes on to addresses the five components of the vendor management lifecycle including:
In addition, it also introduces advanced concepts in vendor management and expands upon existing concepts covered in the CRVPM Level 1 course so that the vendor management professional can continue to expand their vendor management knowledge and augment their program.
- Outsource Planning
- Vendor Selection/Due Diligence
- Contract Management
- Periodic Review and Oversight
- Exit Strategy
Chapter 1: Lines of Defense and Outsource Planning
Setting up Lines of Defense is a risk management best practice that any size institution can implement in order to formalize responsibilities and enhance the checks and balances required to ensure that vendor management policy is complied with (Governance – 2nd line of defense) enterprise-wide. This chapter expands upon the hub & spoke vendor management model to provide a more detailed look at the vendor management structure, process and the responsibilities for each line of defense. Chapter 1 then continues into Outsource Planning and examines the 12 components of the Outsource Planning process.
Chapter 2: Due Diligence/Vendor Selection
CRVPM® Level 1 covered the basic concept and process of conducting due diligence to ensure that the vendor can support the institution operationally and financially (adequate financial strength). CRVPM® Level II examines some specifics of Due Diligence including:
Chapter 3: Contract Management
- Vendor Fraud
- PCI DSS Compliance
- Conducting vendor site visits
- Vendor's business resilience capabilities and Appendix
While Guidance provides recommendations on contract structuring, Technology Service Provider contracts frequently leave the institution exposed to a number of dimensions of risk that Guidance never warns you about. Attorneys and those skilled in contract review may help the institution mitigate risk when it comes time to dot the I's and cross the T's but if they are not well versed in technology issues then there are a number of exposures to be concerned about. This chapter covers the following exposures that anyone doing business with TSP's should be concerned about:
Chapter 4: Periodic Review and Ongoing Monitoring
- Cyber Security
While we know that we need to monitor our vendors on an ongoing basis and conduct periodic reviews in order to assess Controls, Condition and Performance, Chapter 4 discusses setting a baseline for that monitoring and review and the red flags/green flags to look for during the course of the relationship. Included in this chapter are:
Chapter 5: Exit Strategy
- Key Performance Indicators (KPI's)
- Key Risk Indicators (KRI's)
- Vendor Value
Considered as the first step in outsourcing, it is crucial to have an exit strategy prior to even engaging a vendor. There inevitably comes a time when most institutions decide to transition an outsourced service away from their current vendor and either move it to a new vendor or bring it back in house. All too often, this exercise is conducted reactively rather than proactively and leaves the institution exposed to many risks, expenses and legal issues. This chapter covers the following 6 components of a vendor exit strategy:
Upon Successful Completion Of This Course:
- Risk Management
- Criticality/Ease of Replacement
- Contract Issues
- Knowledge Base
- Total Cost of Ownership
- Project Planning & Management
Those successfully completing the course receive:
Achieving Your Certification:
- CRVPM ll designation
- Our CRVPM Level ll Advanced Reference Guide, which is updated throughout the year as new rules, regulations, and Guidance are issue and as new exam trends emerge and best practices are identified
- Vendor Site Visit ScoreCard
- Vendor BCP Feasibility ScoreCard
- Comprehensive Vendor Exit Strategy document
- One year of free telephone/email consulting support for vendor management issues/questions and GLBA 501(b) issues
- Additional documents and tools to support your vendor management program
In order to achieve your CRVPM Level II certification, you must pass each of the chapter quizzes and a final exam. Your Certificate then is mailed within seven business days of passing your exam. Your Certificate demonstrates your professional growth and that you have attained an advanced level of regulatory knowledge, plus shows examiners and auditors the institution's commitment to regulatory compliance.
Who Should Take This Course:
Level 1 is a pre-requisite. Risk Officers, Compliance Officers, CIOs, CFOs, Auditors, Examiners, Vendor Management Specialists, Operations Officers, Info Security Officers, and anyone involved in building and managing a compliant vendor management program.
How To Access This Course:
This course, as well as the Certification, is provided through the Compliance Education Institute. The Institute will email you directly with access instructions for taking your course and starting the process towards earning your CRVPM Certification once you order the course! The course will take approximately 12 hours to complete and you will have access for 60 days.
|About The Provider:
||The Compliance Education Institute is the education division of RISC Associates, a leading regulatory compliance consultancy focused on GLBA 501(b) regulatory issues.
Leveraging its more than 30 years of banking, compliance, and information security expertise and field experience, RISC has put together a series of educational courses offered through our CEI division to help bankers better prepare for the compliance issues that they deal with on a daily basis. These course are derived from the popular sessions that we have conducted at various banking conferences around the country, and are focused on helping bankers address the overwhelming regulatory burden.