MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011.

Slides:



Advertisements
Similar presentations
HIGH-RISK: FOREIGN CORRESPONDENT BANKING
Advertisements

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
Control and Accounting Information Systems
What’s New at the OCC: CRE Lending Handbook and Third Party Arrangements Presenters: Bull Garber, Jr., Director of Governmental and External Relations,
Identifying and Mitigating UDAP Risk Chicago Region Regulatory Compliance Call December 17, 2014.
1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Investments Institute of Insurance and Risk Management (IIRM) Hyderabad, India 15 November 2005 Arup Chatterjee – Advisor International Association of.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
1 Supplement to the Guideline on Prevention of Money Laundering Hong Kong Monetary Authority 8 June 2004.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Chapter 4 Internal Control Bus 319 Accounting Information Systems.
Internal Control and Internal Audit
Vendor Management Frequent regulatory findings:
Eurasian Corporate Governance Roundtable
Copyright © 2014 Lender Performance Group, LLC. All rights reserved. Managing risks associated with third-party relationships, in other words Vendor Management.
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Division of Depositor and Consumer Protection Banker Teleconference Series Third-Party Compliance Risk Management Tuesday, June 5, 2012.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
1 Jersey Funds Association Educational training session – 22 June 2010.
Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing
Revisions to the FFIEC BSA/AML Examination Manual and Federal Reserve Board BSA/AML Examination Findings and Issues Timothy P. Leary Senior Special AML.
Due Diligence - The Regulator’s Perspective ABA Telephone/Webcast Briefing August 14, 2001 Cynthia Bonnette, Assistant Director FDIC Bank Technology Group.
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
DAA and GEP Orlando Audit & Compliance or Audit vs. Compliance.
OECD Guidelines on Insurer Governance
Chapter 3 Internal Controls.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
1 International Conference on Enhancing the Effectiveness of Deposit Insurance Operation, Hanoi March, 2007 ENHANCING THE LEGAL FOUNDATION FOR DEPOSIT.
Financial Conglomerates, What are the Inherent Risks? 2006 CIAB Conference Port-of-Spain, Trinidad & Tobago November 16, 2006 Thordur Olafsson, CARTAC.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
1 Regulator Panel FIRMA 25 th Annual Risk Management Training Conference April 19, 2011.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
The Building Block Approach – A tool for regulatory and supervisory reforms for microfinance European MF week 2012, Luxembourg,
FDIC 2010 Overdraft Payment Program Guidance Overview & Frequently-Asked Questions March 29, 2011  Director Mark Pearce, Division of Depositor and Consumer.
© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.
© 2009 EPCOR. All Rights Reserved The Risks and Rewards of Remote Deposit Services 2009 Treasury Management Conference September 10, 2009 Omaha, Nebraska.
May 14, 2014 Presented by Ken Shim. Background April CFPB issued Bulletin Federal Reserve, OCC and FDIC issued similar guidance on vendor.
Proprietary & Confidential © 2011 Fidelity National Information Services, Inc. and its subsidiaries. Risk Assessments Scott Yoshimura, Risk Management.
Overview of Foreign Banking Organization Supervision Program Lisa DeFerrari Manager, International Supervision Federal Reserve Board July 2007.
Courtney Christie-VeitcH CARTAC
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
The Post-MiFID Financial World László Seregdi June 15, 2007 Split.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Internal/External Audit and Internal Controls February 23, 2000 David Dudley Federal Reserve Bank of NY.
World Bank International Standards and their Measures for Financial Institutions and Non-Financial Businesses and Professions to Prevent Money Laundering.
Chapter 8 Auditing in an E-commerce Environment
FIRMA National Risk Management Training Conference – Orlando, FL Wednesday April 9, 2008 Third Party / SAS 70 Reports A Regulatory and Standards Update.
1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.
Managing 3 rd Party Risks Experis | May 7, 2013 I CT1 Danny Shaw SE Practice Leader IT Risk Advisory Services “Are your business partners watching.
Compliance Risk Management
Vendor Management by Banks: How Law Firms Are Affected Peter Swire Huang Professor of Law and Ethics Scheller College of Business Georgia Institute of.
NY DFS Cyber Regulation and the Impact on PA Mutual Insurers
Judy Graham, Program Officer
NCUA Consumer Compliance
Risk Assessment Beginning an Analysis Date by Jim Bowman.
2013 LBA Bank Counsel Conference
Regulatory Compliance
Third-Party Technology Contracts: Issues & Exposures
Optimizing Your Regulatory Compliance Program
The CFPB’s Legal Minefield for CREDIT UNIONS
Vendor Management & Business Value
Presentation transcript:

MANAGING THIRD-PARTY RISK New York Region Regulatory Conference Call March 3, 2011

2 Introduction Dan Frye, Acting Regional Director Dan Frye, Acting Regional Director Guidance on Managing Third Party Risk Guidance on Managing Third Party Risk June 6, 2008 (FIL ) Guidance on Payment Processor Relationships November 7, 2008 (FIL ) Guidance on Payment Processor Relationships November 7, 2008 (FIL ) PowerPoint PowerPoint Presenters Presenters Sherry Antonellis, Senior Review Examiner - Compliance Sherry Antonellis, Senior Review Examiner - Compliance Colleen Marano, Supervisory Examiner - Risk Colleen Marano, Supervisory Examiner - Risk

3 Agenda I.Background II.Potential Risks Arising from Third-Party Relationships III.Risk Management Process IV.Bank Services Company Act V.FDIC Supervision of Third-Party Relationships VI.Questions VII.Closing Remarks

4 I. Background Third-Party Relationships Defined Third-Party Relationships Defined Common Third-Party Relationships Common Third-Party Relationships

5 Third Party Defined Definition – “third party” is broadly defined to include all entities that have entered into a business relationship with the financial institution, regardless if the third party is a bank or a nonbank, affiliated or not affiliated, regulated or non-regulated, domestic or foreign.

6 Common Third Party Relationships Parties that perform functions on a bank’s behalf. Parties that perform functions on a bank’s behalf. Parties that provide access to products and services outside of the bank. Parties that provide access to products and services outside of the bank. Parties that market processes and activities for which the bank has particular capacities and competencies. Parties that market processes and activities for which the bank has particular capacities and competencies. Parties that use the bank’s charter or legal powers. Parties that use the bank’s charter or legal powers. Parties that perform monitoring or audit functions for the bank. Parties that perform monitoring or audit functions for the bank.

7 II. Potential Risks Arising From Third Party Relationships Strategic Strategic Reputation Reputation Transaction Transaction Operational Operational Credit Credit Liquidity Liquidity Compliance Compliance Legal Legal

8 III. Risk Management Process Four Elements of Risk Management A.Risk Assessment B.Due Diligence C.Contracting D.Oversight

9 A. Risk Assessment Strategic Fit Strategic Fit Cost/Benefit Cost/Benefit Dollars and Risk/Reward Dollars and Risk/Reward Management Capability Management Capability Long-Term vs. Short-Term Long-Term vs. Short-Term Key: Adequately assess, measure, control, and monitor risk associated with the relationship.

10 B. Due Diligence Process should include qualitative and quantitative review to determine if the relationship achieves strategic and financial goals Process should include qualitative and quantitative review to determine if the relationship achieves strategic and financial goals Scope and Depth should be directly related to the importance and magnitude of the relationship Scope and Depth should be directly related to the importance and magnitude of the relationship

11 C. Contract Structuring and Review Scope Scope Cost/Compensation Cost/Compensation Performance Standards Performance Standards Reports Reports Audit Audit Confidentiality & Security Confidentiality & Security

12 C. Contract Structuring and Review Customer Complaints Customer Complaints Business Resumption & Contingency Plans Business Resumption & Contingency Plans Default & Termination Default & Termination Ownership and License Ownership and License Indemnification Indemnification Limits on Liability Limits on Liability

13 D. Oversight Management needs to monitor third party and the activity – Bottom line - Is the relationship working as planned? Management needs to monitor third party and the activity – Bottom line - Is the relationship working as planned? Third Party’s financial condition Third Party’s financial condition Adequacy and adherence to policies relating to internal controls and security issues Adequacy and adherence to policies relating to internal controls and security issues Compliance with laws and regulations Compliance with laws and regulations Response to bank’s requests Response to bank’s requests Report the results of monitoring to the Board. Report the results of monitoring to the Board.

14 IV. Bank Services Company Act Primary Federal Regulator Notification Primary Federal Regulator Notification Third Party Relationships involving: Third Party Relationships involving: Check or deposit item processing Core processing Preparation and mailing of checks, statements, notices, etc. Any other clerical, bookkeeping, accounting, statistical, or similar functions

15 V. FDIC Supervision of Third-Party Relationships Board and Management Responsibility Board and Management Responsibility When things go wrong….. When things go wrong….. Examination Procedures Examination Procedures Report of Examination Treatment Report of Examination Treatment Corrective Action Corrective Action

16 VI. Questions and Answers Thank you!

17 Resources FIL Guidance for Managing Third-Party Risk FIL Guidance for Managing Third-Party Risk FIL Guidance on Payment Processor Relationships FIL Guidance on Payment Processor Relationships FFIEC IT Handbooks FFIEC IT Handbooks Outsourcing Technology Services Outsourcing Technology Services Supervision of Technology Service Providers Supervision of Technology Service Providers FIL Revised IT Officer’s Questionnaire FIL Revised IT Officer’s Questionnaire FIL Foreign-Based Third-Party Service Providers FIL Foreign-Based Third-Party Service Providers FIL Guidance on Response Programs FIL Guidance on Response Programs FIL Computer Software Due Diligence FIL Computer Software Due Diligence FIL Country Risk Management FIL Country Risk Management FIL (b) Examination Guidance FIL (b) Examination Guidance FIL Bank Technology Bulletin: Technology Outsourcing Information Documents FIL Bank Technology Bulletin: Technology Outsourcing Information Documents FIL Security Standards for Customer Information FIL Security Standards for Customer Information FIL Risk Management of Technology Outsourcing FIL Risk Management of Technology Outsourcing FIL Bank Service Company Act FIL Bank Service Company Act

18 For further questions related to the material presented in this Regulatory Conference Call, you may contact via Compliance Questions Sherry Antonellis Risk Management Questions Colleen Marano Information Technology Questions Stephanie Williams

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.