Vendor Management Regulatory Compliance

Third Party Risk Management Process

Source: OCC

Download Our OCC Third Party Risk Management Process Overview PDF

VendorInsight® vendor management software is certified to conform with the revised and updated third party risk management process guidance issued by the OCC on October 30, 2013 (OCC Bulletin 2013-29, “Third Party Relationships: Risk Management Guidance”). This guidance prescribes many new requirements not met by other vendor management systems and requires the high degree of customizability that is already available in VendorInsight®.

Contact Us to receive a Free Policy Review, Policy Template and Business Case/ROI Justification Document. Learn how your program can be improved and be automated with VendorInsight® today.

Our Implementation Services include policy review, consulting, training, and Program Administrator services (contract review, data entry, setup and user training) are included with every VendorInsight® relationship to ensure your financial institution's policies, procedures and program are completely up-to-date.

Meet The Most Stringent Requirements

BECAUSE the standards for vendor management and risk management are set high for financial institutions by federal and state regulators and examiners, VendorInsight® was designed to meet ALL of these standards in order to provide a best-in-class solution for all industries.

If you ARE a financial institution, VendorInsight® is the vendor management software for banks that will give you the confidence and protection you need. Just ask our many financial institution customers that range from multi-national banks, to multi-affiliate super-regionals to mid-tier banks to community banks and credit unions.

If you ARE NOT a financial institution, you will find that VendorInsight® delivers robust vendor risk management with ease-of-use, scalability, and features that streamline your vendor management program, enables your businesses with intelligence about your vendors, and automates the entire process of vendor management and due diligence, from contract management to information security reviews. We have Fortune 500 customers and customers in regulated and non-regulated industries.

VendorInsight® is 100% Compliant with the Guidance of these Regulatory Agencies

  • FFIEC - Guidance on Social Media (January 2013) - The FFIEC prescribes uniform principles and standards for six regulatory entities in the supervision of financial institutions: CFPB, FDIC, Federal Reserve, NCUA, OCC and SLC.
  • FFIEC IT Examiners Handbook (Updated March 2008) - This FFIEC publication describes the fundamental requirements and expectations of examiners for vendor management. The standards applied from this publication transcend IT vendors and have become expectations for all vendors, especially critical vendors and third parties.
  • Federal Reserve - FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013).
  • GLBA - FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013).
  • OCC - On October 30 2013 the OCC issued Bulletin 2013-29 titled “Third Party Relationships: Risk Management Guidance” and rescinded its previously published bulletin 2001-47, “Third Party Relationships: Risk Management” and its previous advisory letter 2000-9, “Third Party Risk.” In the new guidance, OCC defines five stages of a new “Continuous Life Cycle” of vendor management. For each of these stages, OCC prescribes activities and analyses that expand the requirements for vendor management and third party risk management from previous guidance and expectations.
  • FDIC - FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013).
  • CFPB - FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013).