There’s ever-increasing focus by regulators and expectations by members around vendor risk to ensure your credit union maintains an effective third-party management program. From data breaches to unfair practices, enforcement actions are on the rise and the level of scrutiny has never been greater. This session will cover third-party risk related regulations and how to be compliant.
As the Head of Third-Party Risk Advisory, Graig is responsible for providing council to both prospects and customers to assist their understanding of third-party risk management principles and relevant regulatory implications as well as to review and support development and documentation of the Policy and Program level.
Graig started his career as an IT professional within the pharmaceutical sector but has spent the majority of his career in the business continuity and third-party risk space. He developed and led a regulated global third-party continuity program, served on risk committees, and has supported development of regulated third-party lifecycle processes. Graig served as a primary subject matter expert for business continuity, incident management, and disaster recovery domains for 10 years of due diligence reviews. Graig has also led global business continuity, crisis management, and pandemic management teams.
A piece of your third-party risk management program foundation is the policy document, and a sophisticated program as a well-written one. This session will cover what you need to cover in a policy, regulatory guidance to consider, tips on writing and updating a policy, and creation and updating logistics.
If there’s a natural disaster or issue causing disruption to your organization’s operations, can the vendor step up? What happens if the situation is reversed? A business continuity plan (BCP) and disaster recovery plan (DRP) ensure your organization can withstand worst case scenarios. This session will cover the importance of the plans, how to review them, and what to watch out for.
When there’s an issue with a vendor, it’s important to manage, track, and remediate. This session will cover reasonings why managing vendor issues is important for the success of the relationship and program, steps to take when there’s a problem, and best practices to help the issue management process.