.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
2 min read
A common question we hear is “How do we know what the examiners will ask related to vendor risk management?” It’s one that does not lend itself to an exact and easy answer. However, there are many ways to learn what the examiners will expect.
What to Do to Prepare for Examiner Vendor Management Questions
- Look back at your last exam – hopefully, you kept detailed notes and can also review the report of examination. Please be sure to look for any open items that need to be addressed and handle them before the exam starts – make sure the actions are thorough and well-documented and, most importantly, fully responsive to any deficiencies or gaps noted.
- Read their playbook. That’s right – you actually can. The FFIEC and the OCC have the best guides on what examiners will be expecting to see. The FFIEC examination handbook is particularly detailed and illustrative – remember that ALL of the major federal regulators participate in the FFIEC, not just the banking regulators.
- As mentioned above, the OCC has also recently updated its supplemental examination guide for third party risk management. Bulletin 2017-7 is like a play by play of what to expect – couple that with their FAQ’s on third party risk in Bulletin 2017-21 and you’ve practically read over the shoulders as to what they will expect.
A Few Other Helpful Vendor Risk Management Exam Hints
Here are a few other helpful hints to use along the way:- The FFIEC’s most pointed commentary in the examination guide can be found in Appendix J and Appendix E – both of which have been updated in the past couple of years.
- It’s also worth looking at the CFPB updates as to areas they’re focusing on and then go to Payment Law Advisor and look at their UDAAP tracker – it’s a good way to look objectively at your own institution and ask yourself if you may be facing similar issues.
- All that in hand, it’s also a great practice to consult your internal audit team, compliance, general counsel and subject matter experts for any areas of concern or input.
You’ve studied well – ace that exam!
To learn more about OCC exam preparation, download our OCC Vendor Management Examination Priorities for 2018 ebook.
Related Posts
Critical vs High-Risk Vendors – What's the Difference?
It’s a common misconception that critical vendors and high-risk vendors are the same. However,...
What Makes a Vendor High Risk?
One of the most important concepts to understand about third-party risk management is that all...
Vendor Risk Management and the OCC
As vendor risk management, also known as third party risk management or just vendor management, has...
Subscribe to Venminder
Get expert insights straight to your inbox.
Ready to Get Started?
Schedule a personalized solution demonstration to see if Venminder is a fit for you.