As more companies seek to reduce costs, improve efficiency and ultimately improve profitability, many of them are using third-parties such as vendors and suppliers to outsource their key functions, processes and operations. Despite the advantages associated with outsourcing, there exist various risks that companies need to consider in order to maximize the benefits of outsourcing. To control these risks, many companies are building third-party (vendor/supplier) risk management programs to help them identify, analyze, assess, mitigate and monitor those risks. For more information about how to build a third-party risk management program, please refer to the resources below. 

 

Third-Party Oversight Regulations for Financial Institutions

•  OCC 2013-29 Third-Party Risk Management

• FDIC Guidance on Third-Party Risk Management

• FRB SR 13-19 Guidance on Managing Outsourcing Risk 

​

Training Guides, Templates and Checklists Created by Catherine Tibaaga​

• Beginner's Guide to Vendor, Supplier and Third-Party Risk Management

• Introduction to Vendor Management

• The Importance of Third-Party Risk Assessments for Financial Institutions

• Integrating Data Analytics within Third-Party Risk Management (TPRM)

• Sample Inherent Risk Questionnaire

• Sample Preliminary Due Diligence Questionnaire (DDQ)

• Sample Inherent Risk Register

• Sample Residual Risk Register

• Sample Risk Mitigation Action Plan (R-MAP)

• Sample Questions to Consider when Choosing a Third-Party Risk Management Tool

• Sample Risk Classification Scheme and Assessment Type

​

Other Training Guides, Templates and Checklists ​

• Sample Third Party Security Risk Assessment

• Sample IT Security Risk Assessment Checklist

• Sample Vendor Security Risk Assessment​