Case Study Webinar: Vendor Risk Management at Global Lending Services

Similar documents
Vendor Risk Management Scoring PROCESSUNITY WEBINAR

Vendor Due Diligence: Keep The Risk Out!

Enterprise Compliance Management for Credit Unions

Building a Framework for Effective Third-Party Risk Management (TPRM)

Supplier Risk Management. Do You Really Have the Right Level of Visibility to Minimise Risk?

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Don t make the same mistake twice! Avoiding repeat violations of Reliability Standards

How to Measure the Value of Your Internal Audit Group

Why SAM-iQ? 2 SAM-iQ Specification 3 SAM-iQ Online Tools 4 The Four Distinct Phases 6 SAM-iQ Portal 7 SAM-iQ Assessments 8 The SAM Maturity

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Emerging trends in tax data management, visualizations and analytics

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

MEGA S SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

IT Management Maturity. Phase 3: Moving from Proactive to Aligned

DFS-Sphere Human Resources Automation Efficient processes, Compliance and Audit Trails: Keys to Success

Navigating the New Health Economy

VENDOR RISK MANAGEMENT FCC SERVICES

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

Top 6 Challenges of the Pharmaceutical Manufacturing Industry & Their Solutions

REGULATORY HOT TOPICS FOR INTERNAL AUDITORS: EVALUATING THE USE OF AML TECHNOLOGY

Office 365 Governance & Security

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)

Identifying and assessing thirdparty intermediaries for anti-bribery and corruption risks

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

DRAFT. Fusion ERP Cloud Service October Oracle Fusion ERP Cloud Service. Magdalene Ritter

Internal Audit Challenges & Opportunities Speaker: Laurie Shen, Director, Grant Thornton LLP

Aprimo Marketing Productivity

NETSUITE FOR MEDIA COMPANIES A Unified Cloud Solution to Manage Your Media Business

Mind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic

IT Alignment and The Cloud. How Cloud Computing Can Help Your Organization s Technology Management

Explore the Media Industry s No. 1 Sales, Delivery & Revenue Management Cloud-Based Platform

The definitive end-to-end platform for automotive finance.

Managing Risk in Your P2P Process: 10 Ways that Automation Can Help Mitigate Risk

A Case Study: How Effective Risk Management Drives Global Supply Chain Optimization.

Extended Enterprise Risk Management

USAA's Supplier Governance Transformation that Optimizes Value and Addresses Risk

Third Party Risk Management ( TPRM ) Transformation

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

Lean Data Management. Speakers Today. Abid Mohammed Senior Manager, Asia Pacific Business. Raja Reddy Solutions Engineer, Asia Pacific

Prepare for GDPR today with Microsoft 365

Effective Risk Management With AML Risk Assessment. January 25, 2017

ARC System Upgrade. What s New with 9.2. Presentations: January & February 2017

GLP Compliance Assurance vs. Quality Assurance. Quality Beyond GLP Compliance

Leading Solutions for Investment Services. Copyright 2017 Silver Management Group, Inc. All Rights Reserved

Oracle Partner Management

SHOULD YOUR BARCODE LABELING SOLUTION BE FULLY INTEGRATED WITH YOUR BUSINESS SYSTEM?

CORROSION MANAGEMENT MATURITY MODEL

Cloud Computing: HCM SaaS

Infor Service Management for manufacturing and distribution

YardiForum ACCOUNTING/FINANCE AFFORDABLE HOUSING & PHA/2016. November 17 18, Atlanta, Georgia. AC131 Voyager Bank Reconciliation

SPHERA CUSTOMER CASE STUDIES. ADVANCING OPERATIONAL EXCELLENCE A focus on Incident Management

See your auditor clearly. Transparency report: How we perform quality audit engagements

IT Strategic Plan Portland Community College 2017 Office of the CIO

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

RSA Archer Compliance Management 5.2 Webcast

Solution Sheet. Profitable Small Business Lending

Why you should be using SAP FSCM Dispute & Collections Management? Mark Chalfen Bluefin Solutions

Bank of Ireland. Service Integration as a means to govern a multivendor. 11 th October 2013

Best Practices for IT Service Management in 2017+

Fulfilling CDM Phase II with Identity Governance and Provisioning

Innovative Technology Solutions and Intelligent Property Solutions for the financial services industry.

AVEPOINT RISK INTELLIGENCE SYSTEM

Shared Services Management - Chargeback

Identity and Access Management. Program Primer

SAP Road Map for Governance, Risk, and Compliance Solutions

26th Annual Health Sciences Tax Conference

Oracle Banking Enterprise Collections


Four Best Practices To Improve Quality In the Supply Chain. Lower supply chain risks and cost of quality

POWER YOUR BUSINESS WITH PEOPLE POWER

Contract Management. Larry Johnson IT Service Management. January 2018

Scaling Success Through Layered Communication

Reduce risk. Reduce cost. Raise performance.

Enabling Procurement Transformation and Maximizing Business Results through a Global Technology Platform

Article from: CompAct. April 2013 Issue No. 47

SAP Jam Collaboration, advanced plus edition

CHEMICAL COMPLIANCE THEWERCS.COM 1

Solutions. Cash & Logistics Intelligent and Integrated Solutions to Optimize Currency Levels, Reduce Expenses and Improve Control

Advanced Enterprise Work and Asset Management for Performance-Driven Utilities

NETWORKING EVENTS. The SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers.

NiceLabel 2017 Label Management System (LMS)

EMC Documentum. Insurance. Solutions for. Solutions for Life, Property & Casualty, Health and Reinsurance

Best Practices in Vendor Management. How to Drive Performance and Compliance in Your Vendor Network

Social Networking Advisory Services

UNLEASH THE POWER TO GROW. Start

Accounts Payable Service Center. Johns Hopkins Enterprise Service Level Agreement

AP Automation: Struggles, Strategies and Solutions

Feature Scope Description for SAP Assurance and Compliance Software for SAP S/4HANA

Best of Breed Automation September 2014

Asset Acceptance Capital Corp.

Cisco Intelligent Automation for Cloud

of an International Assignment

Excellence in Third Party Risk Management (TPRM)

GOVERNANCE AUTOMATION ONLINE

HIGHLY EFFICIENT ACCOUNTANTS

Tier Level Essential Standard Advanced Enterprise Enterprise Plus

Turn Your Business Vision into Reality with Microsoft Dynamics GP

FAMIS SOFTWARE FACILITIES MAINTENANCE, SPACE PLANNING AND ENERGY MANAGEMENT

Webinar Series Physician Relations. Referral Development. Advancing the Physician Relations Program Structure

Transcription:

Case Study Webinar: Vendor Risk Management at Global Lending Services Al Palmer, SVP Compliance, Global Lending Services LLC (GLS) Melissa Brown, Compliance Manager, Global Lending Services LLC (GLS) John Tondreau, Senior Director of Customer Success, ProcessUnity Hosted by Compliance Week s Assistant Director, Events, Tsvetelina Gabin 1

Agenda for Today s Webcast This webcast will last for 60 minutes 2:00 p.m. Introduction 2:05 p.m. Panel Discussion Tsvetelina Gabin Compliance Week Speakers: Al Palmer Global Lending Services LLC (GLS) Melissa Brown Global Lending Services LLC (GLS) John Tondreau ProcessUnity 2:50 p.m. Q&A 3:00 p.m. Closing Tsvetelina Gabin Compliance Week Sponsored by 2

Introduction The Series, Schedule and Instructions Sponsored by 3

Speakers Al Palmer is Senior Vice President, Compliance and Audit at GLS, responsible for the company s Compliance Management System including Corporate Compliance, Compliance Monitoring & QA, Internal Audit and Vendor Management Program. Prior to joining GLS, he worked as a regulatory remediation consultant from 2010 through 2015 assisting client banks by addressing requirements of consent orders and other formal agreements. As Compliance Manager at Global Lending Services, Melissa Brown is responsible for Compliance Policy, Quality Assurance and Vendor Management. Melissa has over 10 years of experience in the auto finance industry. She is a Certified Consumer Compliance Professional and graduated from Strayer University with a BBA in Human Resource Management. John Tondreau is a Senior Director on ProcessUnity Customer Success team. He has been with ProcessUnity for 3 years and has helped more than 50 customers automate their risk and compliance programs. Prior to joining ProcessUnity John worked in a consulting capacity with the Big 4 and stood up the Vendor Risk Management program at Citizens Bank. Sponsored by 4

About ProcessUnity Risk & Compliance Automation Risk & Compliance SIMPLIFIED Third-Party Risk Management Policy & Procedure Management Risk Management Compliance Management HQ: Concord, Massachusetts 2003 FOUNDED 5

Today s Agenda Getting Started: What is TPRM? Why is TPRM important? Standing up an effective program TPRM in action at Global Lending Services Steps to mature your program 6

What is Third-Party Risk? 7

Third-Party Risk Lifecycle Onboarding Establish an enterprise-wide process to introduce potential providers Due Diligence Enforce objectivity within your vendor due diligence process Self-Assessments Streamline the assessment process while reducing potential errors On-Site Control Assessments Systematically conduct and document on-site control assessments Performance Reviews Manage performance reviews in a consistent, manageable process Contract Reviews Create a unified process for contract management SLA Monitoring Documents KPIs, monitor activity and record observations Issue Management Implement a formal process for tracking vendor issues 8

Basic VRM Flow A very simple VRM workflow as it is configured in ProcessUnity is shown below. This represents the skeletal (core) components that are configured and the workflow used for vendor due diligence. This is not intended to represent all aspects of a mature VRM program. 1 Vendor Master* 2 2 Questionnaire Templates 4 Vendor Portal Vendors Profile Data Ratings Risk Tier Other Sections Questions Sub-Questions Preferred Responses Scoring Reference Materials Provide Responses Attach Evidence / Documents Update Vendor Master Data Vendor Services* Skip Rules Email / Instructions Send (Resend) External (Vendor) Access Only Vendor Contacts Attachments Facilities Fourth Parties SLA/Metrics Assessments Vendor Contacts Attachments Facilities Fourth Parties SLA/Metrics Assessments 3 Assessments Internal Due Diligence Inherent Risk Classification Vendor Due Diligence Internal Performance Evaluation FinServ Regulatory Compliance Others Scope Dates People Status Scores Follow-up Workflow* Submit 5 Remediation Close Assessment Internal External Update Profile Data / Risk Tier Raise Issues* 9 6 Vendor Requests* 1. Vendor Request Form 2. Draft Vendors / Approval 3. Externally Managed *subscription ProcessUnity, agreement determines Inc. All Rights which features Reserved. are enabled Upon completion Add Findings Deliver final report(s) Schedule Next Assessment

Why is TPRM Important? 10

Program Maturity Maturity Informal Compliant but at a high cost to business Manual control Adhoc approach No best practices Reactive Risks are documented Manual risk assessment and reporting Tactical approach After the fact reporting Proactive Policies are enforced Automated Process Unified, standardized & strategic approach Regulator Ready Optimized Analyze and trend Automated risk mitigation / Predictive risk assessments Objectives embedded throughout the organization How do you get from here to here? Time 11

TPRM Building Blocks Vendor Identification Service Identification Inherent Risk Methodology 12

Inherent Risk Questions Will this vendor provide products or services essential to the operation of the company? Will this vendor have access to non-public personal information (NPI)? Will this vendor provide customer/borrowerfacing services/products? Will this vendor require exchange of information outside of Company network? Will this vendor require exchange of information outside of Company network? Will this vendor host our information on their system? Will this vendor have access to employee data, customer/borrower data or Company affiliate data? How difficult would it be to replace this vendor with an alternative vendor? 13

Risk-Based Assessment Approach Focus more resources on higher-risk vendors RESOURCES RISK POSED 14

Defining Your Assessment Content Identity Fourth-Party Information Security Reputation Geographic Compliance Financial Business Continuity Conflict of Interest 15

Content Integration 16

Assessment Scoping HIGH RISK VENDORS MEDIUM RISK VENDORS LOW RISK VENDORS 17

Questionnaire Without Automation 18

Questionnaire with Automation 19

Questionnaire Scoring with Automation 20

Automated Due Diligence 21

Rationalized Response - Residual Risk Inherent Risk Last Assessment Rating Residual Risk Review Frequency Satisfactory Medium Biennial High + Needs Attention Unsatisfactory = High High Annual Annual None Prior High ASAP Satisfactory Low Triennial Medium + Needs Attention Unsatisfactory = Low Medium Biennial Biennial None Prior Medium ASAP Low + Not Required = Low Triennial Review 22

Vendor Risk Management at Global Lending Services Building an Effective and Efficient Program Through Automation

Introductions Al Palmer SVP Compliance Corporate Compliance, Internal Audit, Quality Assurance and Centralized Vendor Management Coordination Melissa Brown Compliance Manager Compliance Policy, Quality Assurance and Vendor Management 24

About Global Lending Services Global Lending Services LLC founded in 2012 Indirect Auto Finance Company Subprime Focus Headquartered in Atlanta, with Operations in Greenville SC and Phoenix AZ Purchase Retail Installment Sales Contracts from Auto Dealerships in 47 States Service approximately 45,000 contracts totaling $730 million Vendor Utilization Profile: (100 Vendors) Core System Providers, Telephony Providers, External Call Centers, Statement and Letter Servicers, Repo Forwarders & Agents (4 th Party), Remarketing Servicers, Recovery Agents, Consumer Reporting Agencies 25

The GLS Team The Team 6 Team Members Covering: Compliance, Compliance Monitoring & Independent QA, Internal Audit, and Vendor Management Coordination Vendor Management Coordination is Centralized: the Vendor Management Specialist works with assigned Vendor Managers in the business (Operations, IT, Analytics etc.) as well as our Legal team to manage and report activities. Team Goals: Ensure that-up front risk assessments and appropriate due diligence is performed prior to contracting with new vendors / partners. Have consistent monitoring and oversight processes that are based on the risk profile of the Third Party. Create greater visibility into our third-party service providers and the activities to oversee them and manage related risks. 26

Our Challenges (Pre-Automation) Increasing Regulatory Expectations and Requirements Maintaining a current List of Third Party Service Providers Contracts were not fully centralized Risk Assessments were accurate but not standardized Risk Management and Oversight approaches varied across the organization Relied exclusively on Spreadsheets and Word Documents Vendor Management efforts were not visible 27

Moving to Automation Our selection committee consisted of individuals from across the organization Key Features / Requirements Support Initial Vendor Due Diligence & Ongoing Oversight Customizable Risk Assessments and Questionnaires Vendor Communications (Portal feature) Tracks Actions, Issues and Due Dates Flexible Reporting Capabilities Supports VM Processes that meet Regulatory Expectations We invited four different companies to present demo s. They ranged from simple software to a full, managed service options that would essentially take the vendor management and risk assessments out of our hands. ProcessUnity was recommended by one of the other solution providers 28

The Implementation Process Implementation process took roughly 6 weeks from contract to the first assessment questionnaires going out Pre-Implementation Prep - Final Inventory of Vendors including key contact information - Consolidating Contracts and documentation - Determining Risk Levels Implementation Worked with assigned ProcessUnity implementation specialist Received admin and user training Finalize Risk Assessment Questionnaires combination of our existing with ProcessUnity s Vendor Cloud Standard Questionnaire Provided other required information which was uploaded into the system No issues with the implementation stress free 29

Consistent Program Improvements 2016 Risk Assessments and Vendor Questionnaires Completed for existing Vendors On site assessments continued for highest risk Vendors Implemented formal due diligence process for potential new relationships Tracked identified issues for resolution Regular Reporting to Enterprise Risk Committee and BOD 2017 Annual Risk Assessment updates aligned with Contract Renewals Further Refinement of Vendor Questionnaires Expanded on-site assessments to additional vendors Increase in new vendors pre-contract due diligence is common place Discontinued services with existing vendors that failed to address issues 30

Measurable Results Consistent practices for managing and overseeing Vendors Documentation that fully supports our risk assessments and monitoring activities Streamlined due-diligence process for new Vendors - Partnership with Legal Department involved early in the process More Collaborative risk discussions, issues and viable solutions Greater focus on spend during the contract renewal process Greater visibility 31

Global Lending Services Vendor Risk Dashboard 32

What s Next? Continue to refine risk assessments and vendor questionnaires Build in SLA metrics and tracking Consider external data sources that provide more frequent or continuous risk indicators 33

Automate Third-Party Risk 1 2 3 4 Less Busy Work Automated emails, notifications, electronic questionnaires and scoring reduce tedious, manual tasks. Streamlined Vendor Assessments Automatically determine questionnaire scope and complete assessments for more vendors in less time. Better Reporting Interactive reports and dashboards provide real-time access to the state of third-party risk. Integration with Other Tools Connect external news feeds and enterprise systems for full visibility into vendor risk. 34

Third-Party Risk Management Pre-Assessment Assessment Ongoing Monitoring FINDINGS ASSESSMENT STATUS ISSUES DASHBOARDS Schedule Your Deep-Dive Demonstration www.processunity.com/contact 35

Speakers Al Palmer, SVP Compliance, Global Lending Services LLC (GLS) Melissa Brown, Compliance Manager, Global Lending Services LLC (GLS) John Tondreau, Senior Director of Customer Success, ProcessUnity Moderator Tsvetelina Gabin, Assistant Director, Event, Compliance Week You can submit questions using the Ask a Question button on the left side of your screen.

Thank You for Joining Us CPE Credit information The CPE test will appear in a separate window at the conclusion of the webcast. If you have trouble accessing the test, please email us at info@complianceweek.com. Please note that a passing score of 80% or higher is needed to receive CPE credit. Be sure to disable your pop-up blockers to access the automatic CPE exam presented at the conclusion of the webcast. CPE certificates will be emailed to you separately following completion of the exam. Visit Compliance Week s website for more information on upcoming webcast: www.complianceweek.com/webcast Please send feedback to info@complianceweek.com Sponsored by 37

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback