Virtual Third-Party/Vendor Risk Management and Oversight Symposium
An Epcor/APP joint event
Join Us Virtually
Event Details
Introduction
12:00 pm – 12:10 pm CTDeep Dive: Learning from Recent Third-Party Risk Management Failure
12:10 pm – 1:00 pm CTTogether we’ll analyze specific consent orders from the past 18 months, identify common deficiencies in vendor oversight programs and cover both issuing-side failures and acquiring-side issues. We’ll also look at case studies showing how inadequate due diligence led to regulatory action, as well as:
- Review actual consent order language and specific deficiencies cited,
- Identify patterns across multiple enforcement actions,
- Examine both technology and operational failures,
- Discuss relevant oversight challenges and
- Analyze cost of remediation and ongoing compliance requirements.
Enhanced Due Diligence Frameworks: Beyond the Checklist Approach
1:10 pm – 2:00 pm CTWe’ll focus on building robust, risk-based due diligence processes that satisfy regulators and address continuous monitoring requirements, financial health assessments and operational resilience testing for critical service providers. This is particularly relevant for push/pull payment processors and card networks where operational disruptions have immediate client impact. We’ll also cover:
- Risk-based tiering methodologies and criteria,
- Financial health assessment techniques and red flags,
- Operational resilience testing and scenario planning,
- Continuous monitoring vs. periodic reviews and
- Documentation standards that satisfy examiners.
Data Security and Privacy in Third-Party Relationships: Managing Shared Accountability
2:10 pm – 3:00 pm CTLet’s examine how financial institutions maintain responsibility for client data protection when working with vendors. We’ll cover incident response protocols, breach notification requirements and contractual frameworks that ensure compliance across the payment ecosystem. This is essential for acquirers, issuers, debit card processing and ACH/wire transfer services. We’ll also talk about:
- Shared liability models and contractual protections,
- Incident response coordination and communication protocols,
- Regulatory notification timelines and requirements,
- Data mapping and inventory across vendor relationships and
- Privacy impact assessments for new vendor arrangements.
Introduction
12:00 pm – 12:10 pm CTBuilding a Comprehensive Third-Party Risk Management Due Diligence Process: From Initial Assessment to Ongoing Monitoring
12:10 pm – 1:00 pm CTTogether we’ll walk through designing and implementing a scalable due diligence framework from the ground up, and cover risk tiering methodologies, questionnaire design, financial analysis requirements and operational assessments. This session also includes practical templates for information security reviews, business continuity evaluations and regulatory compliance verification. We’ll also cover:
- Step-by-step process design and workflow mapping,
- Risk categorization and tiering frameworks,
- Standardized questionnaire development and customization,
- Assessment template creation and validation and
- Transition planning from current state to future state.
Drawing the Line on Outsourcing vs. Vendor Services: Classification and Oversight Requirements
1:10 pm – 2:00 pm CTLet’s discuss the importance of establishing clear guidelines for distinguishing between outsourcing, partnerships and vendor relationships, and their respective oversight requirements. We’ll also cover regulatory definitions and expectations around “critical activities” that require enhanced oversight versus routine services, and address the spectrum from simple technology vendors to complex business process outsourcing arrangements. Additionally, we’ll discuss:
- Regulatory definitions and classification criteria,
- Board reporting and governance requirements,
- Enhanced oversight triggers and thresholds and
- Common misclassification scenarios and consequences.
Regulatory Technology Solutions: Automating Third-Party Risk Management
2:10 pm – 3:00 pm CTJoin us for the ultimate showcase of practical tools and platforms for continuous vendor monitoring, automated risk scoring and regulatory reporting. This includes demonstrations of solutions that can scale across large vendor portfolios while providing the documentation regulators expect during examinations. We’ll also cover:
- Automated risk scoring and rating methodologies,
- Real-time monitoring and alert systems,
- Integration with existing risk management platforms,
- Regulatory reporting and examination preparation tools and
- ROI calculation and implementation best practices.
As regulatory expectations intensify and vendor relationships grow more complex, financial institutions are under mounting pressure to modernize and mature their Third-Party Risk Management Programs. This symposium, offered in partnership with the Association of Payments Professionals, brings together compliance, risk and operations professionals for a two-day deep dive into the evolving Third-Party Risk Management landscape. You’ll hear about lessons learned in recent enforcement actions to practical frameworks, automation strategies and emerging data protection challenges. Join industry experts, compliance leaders and your peers to explore how to build defensible, scalable and proactive oversight programs that meet regulators’ expectations while supporting innovation and operational resilience.
This event is ideal for Chief Risk Officers, Compliance Officers, Legal Counsel, Audit Directors, Risk Analysts, Third-Party Risk Management Program Managers and Teams, Vendor Management, Procurement Leaders, Operations Directors, IT Directors, Privacy & Data Protection Officers, Risk Technology Managers, IT Risk Managers, Board Risk Committee Members and Internal Audit Teams.
February 4th: Noon – 3 PM CT
February 5th: Noon – 3 PM CT
CEU Information: 6 AAP/APRP/AFPP credits
Registration Fee: $350 for one registrant.