CPEs: 24
Instructor: Dennis Cox
Level: Intermediate
Tuition: £2,495.00
Register Now

NEW USA Rules on Third- Party Relationship Risk Management in Banking RM096

Location: UK EU MENA GCC Time Zones

First Date: Oct 10 - 12 2022

Duration: 3 days

Programme Director: Dennis Cox

All Dates & Locations
Venue Details

Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risk Reward.

All our 2022 Virtual Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises and case studies for a tried -and- true engaging and gratifying learning experience.

Need Face to Face or bring into your organisation? Simply contact us for significant cost savings and dates to best suit your professional development and business goals.

"Materials were good, if high-level. Instructor is very good, speaks well and is extremely knowledgeable and well-informed. This is the 2nd class I've attended of his and he is very good (D. Cox)."
Bank Internal Auditor, US Bank, New York
Agenda Highlights

0830 – 430 PM European Central Time Daily

Day 1

Session 1: The Importance of Third-Party Risk Management

Session 2:  Assessment of Third-Party Service Providers

Session 3:  The Governance Framework

Day 2

Session 4:  Risk Assessing Third Parties

Session 5:  The Process of Taking on  Third-Party Service Provider

Session 6:  High Risk Areas

Day 3

Session 7:  Technical areas and third-party risk management

Session 8:  What this is likely to mean in practice

Session 9 -10: Case Studies, Q&A, Group Discussion

"Overall, the class material was great and the materials taught were very timely in the current COVID-19 environment. "
Risk manager, US Bank, New York

Identified by the USA OCC as among the top ten concerns for banks in 2022

The recent crisis has raised the profile of third-party risk management often referred to as outsourcing.

Banks started to use different ways of working and communicating and in so doing changed their risk profiles. Third parties represent part of the way that any bank operates, with increasing reliance upon an ever increasing number of independent firms.  Their effective and efficient operation has become mission critical to the success of any bank.

The US regulators have raised concerns about third-party risks and whether these have been appropriately managed within banks, impacting customer service and regulatory compliance. In July 2021 the FDIC, the OCC and Federal Reserve Board published proposed interagency guidance on Third-Party Relationships and the management of risks. These important guidelines raise a number of important issues which any bank firm would seek to address.

Case studies driven, delegates will explore each of the latest regulatory requirements, the impact on their organisation and review what this is likely to mean in practice.

""Good overall look at bank environment and related risks, and a nice refresher for me having been out of the audit environment for quite a while. I appreciated Dennis' diverse level of experience in audit/fraud/risk.""
Bank Internal Auditor, US Bank, New York
Who Should Attend

Designed primarily for Risk Managers, Internal Auditors, Business Managers, Compliance staff, Controls staff and Senior management, yet recent delegates included those from IT, Operations, Legal and HR.

Delegates who complete the course will receive a Certificate in New USA Rules on Third- Party Relationship Risk Management in Banking, and for those who require a demonstration of competency by examination for CPE/CPD points a 20-multiple choice questions exam, fully proctored via email with results report, is available at no additional charge.

Additional Course Information

What Does It Cover?

The Importance of Third-Party Risk Management

  • Why is third party risk management of critical importance now?
  • What have been the regulators concerns?
  • What is third party risk management?
  • Third party risk and interconnectedness
  • The risks relating to third parties
  •  Overview of joint US guidance
  • The background paper from the BIS
  • Responsibility
  • The third-party risk management program
  • Identification of critical activities and significant bank functions
  • Third-party relationship life cycle

Case Study:  What makes a third-party service provider critical?

Due Diligence, Collaborative Arrangements and Third-Party Selection

  •  Planning for a third-party relationship
  • Collaborative arrangements
  •  Assessment processes and procedures
  •  Information security
  •  Due diligence and third-party selection
  • Strategies and goals
  • Legal and regulatory compliance
  • Financial condition
  • Business experience
  • Fee structure and incentives
  • Qualifications and background
  •  Third-party risk management
  • Management of information systems
  • Operational resilience
  • Incident reporting and management programs
  • Physical security
  • Human resource management
  • Reliance on subcontractors
  • Insurance coverage
  • Contracting issue

 Case Study:  What should be the contents of the due diligence conducted?  What are the key issues that are identified in specific cases?

 Contract Negotiation

  • Nature and scope of arrangement
  • Performance measures or benchmarks
  •  Responsibilities for providing, receiving, and retaining information
  • The right to audit and require remediation
  • Responsibility for compliance
  • Cost and compensation
  •  Ownership and license
  •  Confidentiality and integrity
  •  Operational resilience and business continuity
  •  Indemnification
  •  Insurance
  •  Dispute resolution
  •  Limits on liability
  •  Default and termination
  •  Customer complaints
  •  Subcontracting
  •  Foreign-based third parties
  •  Regulatory supervision

 Oversight and Accountability

  • The role of the Board
  •  Management responsibilities
  •  Policy and procedures
  •  Independent reviews
  •  Documentation and reporting
  •  Inventory of third-party relationships
  •  Risk assessment
  •  Role of internal audit
  •  Reporting and monitoring

Case Study: In which areas are outsourcing policies required? What do they need to address?

Case Study: What approach should internal audit take with regard to outsourcing and third-party risk management?

Risk Assessing Third Parties

• How to ensure that all third-parties are identified
• Considering occasional providers
• Risk assessing third parties
• What perspective is appropriate?
• Where is the data?
• How often should this be reconsidered?
• What is the impact of the analysis?

Case Study: What are the constituents of the risk assessment grid?

Ongoing Monitoring

• The role of monitoring
• Key factors
• Reviewing goal alignment
• Reviewing audits
• Monitoring performance
• Monitoring information security
• Monitoring business resumption contingency planning
• Monitoring recovery processes
• Monitoring complaints


• The issues to address
• Factors that matter
• Information security
• Associated risks

High Risk Areas

• Cloud computing
• Software vendors and suppliers
• Payment service providers
• Business continuity providers
• Systems testing

Case Studies: Consider the risk management implications of each of these areas.

Technical areas and third-party risk management

• Legal
• Accountants
• Tax advisors
• Economists
• Consultants

Case Study: What work should be undertaken on specialists and how should they be bought into third-party risk management?

 Supervisory Reviews of Third-Party Relationships

• What matters to regulators
• Review of risk management processes
• Review risk assessment

What this is likely to mean in practice

  •  Putting this together
    • Building a control structure
    • Implementing governance procedures
    • The register and its integration
    • Monitoring and action
    • Dealing with exceptions
    • Substitutability
    • Exit routes and issues

Case Study: What is the impact on your ability to manage your bank?

Summary with Group Discussion, Q&A

Learning Objectives

Delegates will gain a thorough understanding of the management of third-party risk management and the requirements set out in the proposed US guidelines. This knowledge will enable learners to grasp what this is likely to mean in practice and how the risk should be assessed and mitigated, specifically

• The role of third-party risk management
• The governance and reporting requirements
• How to risk assess a third-party
• What makes a third-party critical and what that is likely to mean in practice
• The level of due diligence to be conducted
• How to incorporate third-party risk management into operational resilience
• The impact on internal audit

A Tier 1 Global Bank risk expert  will lead group case studies for an on- the- job learning style experience to immediately result in the application of learned concepts in the workplace immediately.

Social Learning & Methods

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)


NEW USA Rules on Third- Party Relationship Risk Management in Banking

Course Fee

Course Fee (per person):
GBP £2,495.00 (+ UK VAT when applicable)

Number of delegates:

Data Privacy & Update of Contact Details Risk Reward Limited is fully compliant with the Data Protection Act. The information you provide will be safeguarded by Risk Reward Ltd. We do not rent, sell or exchange your details to anyone without your consent. Your details are never given to third parties. If you wish to update your details, please email: with your OLD and NEW details. Please allow 10 days to see the changes take effect. Thank you.

Terms and Conditions: You can cancel at any time. Due to the on-going COVID 19 environment cancellations may be made at any time for either a full refund or a credit towards another event occurring within the following 6 month period. Simply email or telephone the London Client Services team at to advise your preference and we will do our best to accommodate your circumstances. Risk Reward Ltd receives the right to a final decision in the event of a dispute.

All Risk Reward public courses are guaranteed to run although those offered by affiliates are subject to demand
SKU: RM096-1 Categories: ,

Quick Contact

    Get in touch and see how Risk Reward can help you

    Our London team are ready to answer questions, provide information & choices to help make your public seminar booking in a prompt, professional & friendly manner.

    Get in touch and see how Risk Reward can help you

    Our London team is ready to listen carefully to your needs, take the brief, explore options, offer suggestions and help you in a professional and friendly manner.