The Certified Regulatory Vendor Program Manager (CRVPM®) Level II expands upon existing concepts from the CRVPM Level I course and introduces new concepts and content.

The course begins with setting up Lines of Defense, a classic risk management approach to structuring your vendor management program, and how to apply it the basic hub & spoke vendor management structure discussed in CRVPM Level I. The course then goes on to addresses the five components of the vendor management lifecycle including:

• Outsource Planning
  
• Vendor Selection/Due Diligence
  
• Contract Management
  
• Periodic Review and Oversight
  
• Exit Strategy

In addition, it also introduces advanced concepts in vendor management and expands upon existing concepts covered in the CRVPM Level 1 course so that the vendor management professional can continue to expand their vendor management knowledge and augment their program.

---

Agenda

---

Chapter 1: Lines of Defense and Outsource Planning

Setting up Lines of Defense is a risk management best practice that any size institution can implement in order to formalize responsibilities and enhance the checks and balances required to ensure that vendor management policy is complied with (Governance - 2nd line of defense) enterprise-wide. This chapter expands upon the hub & spoke vendor management model to provide a more detailed look at the vendor management structure, process and the responsibilities for each line of defense. Chapter 1 then continues into Outsource Planning and examines the 12 components of the Outsource Planning process.

Chapter 2: Due Diligence/Vendor Selection

CRVPM® Level 1 covered the basic concept and process of conducting due diligence to ensure that the vendor can support the institution operationally and financially (adequate financial strength). CRVPM® Level II examines some specifics of Due Diligence including:

• Vendor Fraud
  
• PCI DSS Compliance
  
• Conducting vendor site visits
  
• Vendor's business resilience capabilities and Appendix

Chapter 3: Contract Management

While Guidance provides recommendations on contract structuring, Technology Service Provider contracts frequently leave the institution exposed to a number of dimensions of risk that Guidance never warns you about. Attorneys and those skilled in contract review may help the institution mitigate risk when it comes time to dot the I's and cross the T's but if they are not well versed in technology issues then there are a number of exposures to be concerned about. This chapter covers the following exposures that anyone doing business with TSP's should be concerned about:

• Technology
  
• Data
  
• Financial
  
• Compliance
  
• Legal
  
• Cyber Security

Chapter 4: Periodic Review and Ongoing Monitoring

While we know that we need to monitor our vendors on an ongoing basis and conduct periodic reviews in order to assess Controls, Condition and Performance, Chapter 4 discusses setting a baseline for that monitoring and review and the red flags/green flags to look for during the course of the relationship. Included in this chapter are:

• Key Performance Indicators (KPI's)
  
• Key Risk Indicators (KRI's)
  
• Vendor Value

Chapter 5: Exit Strategy

Considered as the first step in outsourcing, it is crucial to have an exit strategy prior to even engaging a vendor. There inevitably comes a time when most institutions decide to transition an outsourced service away from their current vendor and either move it to a new vendor or bring it back in house. All too often, this exercise is conducted reactively rather than proactively and leaves the institution exposed to many risks, expenses and legal issues. This chapter covers the following 6 components of a vendor exit strategy:

• Risk Management
  
• Criticality/Ease of Replacement
  
• Contract Issues
  
• Knowledge Base
  
• Total Cost of Ownership
  
• Project Planning & Management

Upon Successful Completion Of This Course:

Those successfully completing the course receive:

• Certificate
  
• CRVPM ll designation
  
• Our CRVPM Level ll Advanced Reference Guide, which is updated throughout the year as new rules, regulations, and Guidance are issue and as new exam trends emerge and best practices are identified
  
• Vendor Site Visit ScoreCard
  
• Vendor BCP Feasibility ScoreCard
  
• Comprehensive Vendor Exit Strategy document
  
• One year of free telephone/email consulting support for vendor management issues/questions and GLBA 501(b) issues
  
• Additional documents and tools to support your vendor management program

Achieving Your Certification:

In order to achieve your CRVPM Level II certification, you must pass each of the chapter quizzes and a final exam. Your Certificate then is mailed within seven business days of passing your exam. Your Certificate demonstrates your professional growth and that you have attained an advanced level of regulatory knowledge, plus shows examiners and auditors the institution's commitment to regulatory compliance.

Who Should Take This Course:

Level 1 is a pre-requisite. Risk Officers, Compliance Officers, CIOs, CFOs, Auditors, Examiners, Vendor Management Specialists, Operations Officers, Info Security Officers, and anyone involved in building and managing a compliant vendor management program.

Prerequisite:

How To Access This Course:

This course, as well as the Certification, is provided through the Compliance Education Institute. The Institute will email you directly with access instructions for taking your course and starting the process towards earning your CRVPM Certification once you order the course! The course will take approximately 12 hours to complete and you will have access for 60 days.

Continuing Education Credits:

Click the 'Credits' tab above for information on PHR/SPHR, PDCs, and other CE credits offered by taking this course.