The Certified Regulatory Vendor Program Manager (CRVPM®) Level IlI expands upon existing concepts from the CRVPM Level I and Level ll courses, diving deeper and expanding upon a number of areas previously studied as well as introducing new concepts and content.

The course begins with a study of the Business Value of a 3rd Party Risk Management Program, an area that is frequently overlooked by senior executives and lost in the frenzy of managing vendors.

Perceived as a necessary evil and a checklist to satisfy examiners and auditors, the purpose of the program is to drive both tangible and intangible value throughout the framework, operating model, and each stage of the lifecycle in support of strategic objectives.

The Level lll course then goes on to addresses the following:

• RFP Framework
• Concentration Risk
• 3rd Party Cybersecurity
• GDPR as it applies to 3rd party risk management

---

AGENDA

---

Chapter 1 - The Business Value Of A 3rd Party Risk Management Program

This picks up where CRVPM ll left off and dives into the 3rd party risk management program framework and each stage of its lifecycle, demonstrating the business value that should be driven from it. If you're trying to build a business case for further investment in your program or need to better understand whether you're on track to attain the goals you hoped to achieve through outsourcing, this will help you identify and articulate the value proposition of a sound program.

Chapter 2: Formalizing The RFP Process And Creating Transparency And Fairness

All too often there is confusion as to the difference between an RFI (Request for Information) and an RFP (Request for Proposal) and when to use them. Many RFP's are confusing, too broad, don't differentiate between needs and wants, and are written to the strengths of one particular vendor. This ultimately results in a less than ideal proposed solution and the client (you) turns out being the loser. This chapter dives into the RFP process and covers the following:

• Gathering business requirements
• Constraining the Boundaries of the RFP
• Involving stakeholders
• Assembling the correct RFP team
• Creating transparency throughout the process
• Evaluating responses for a fair apples-to-apples comparison

Chapter 3 - Concentration Risk

Concentration Risk has been a formal regulatory issue but has only recently been a topic of examiner focus. Having all of your eggs in one vendor's basket is never a good thing due to the huge impact it has on business resilience. However, there are many other facets of concentration risk to be concerned about as shown below.

• Systemic
• Service-based
• 4th Party
• Sector-based
• Socio-Political
• Vendor-based
• Geographic
• Economic
• Reverse Concentration Risk

Attempting to tackle the many facets of concentration risk is difficult without a framework and a set of business rules to flag concentration risk outside of the institution's tolerances. This chapter dives into the types of concentration risk, vulnerabilities, mitigating controls and the development of a Unified Concentration Risk Framework (UCRF).

Chapter 4 - 3rd Party Cybersecurity

A hot topic everywhere that everyone should be concerned about! Are your vendors as prepared as you are? Within this chapter we discuss:

• Cyber Security Landscape
• Why We Should Worry
• Cyber Security vs Cyber Resilience vs Cyber Risk
• Mitigating controls (physical, technical, administrative, contractual)
• Approach to a 3rd Party Cyber Security Risk Assessment

Chapter 5 - GDPR

GDPR has been a highly visible topic given today's global economy, data theft, and numerous standards for data privacy and protection. With the standardization of the General Data Protection Regulation throughput the European Union, this chapter dives into the following topics:

• GDPR Articles pertaining to Vendor Management
• Key elements
• Terms
• Basic Principles
• Regulatory expectations
• Who needs to comply with GDPR

Achieving Your Certified Regulatory Compliance Manager Certification:

In order to achieve your CRVPM certification, you must pass each of the five chapter quizzes and a final exam. Your Certificate then is mailed within seven business days of passing your exam. Your Certificate demonstrates your professional growth and that you have attained an advanced level of regulatory knowledge, plus shows examiners and auditors the institution's commitment to regulatory compliance.

Who Should Take This Certified Regulatory Compliance Manager Course:

Risk Officers, Compliance Officers, CIOs, CFOs, Auditors, Examiners, Vendor Management Specialists, Operations Officers, Info Security Officers, and anyone involved in building and managing a compliant vendor management program.

How To Access This Course:

This course, as well as the Certification, is provided through the Compliance Education Institute. The Institute will email you directly with access instructions for taking your course and starting the process towards earning your CRVPM Certification! The course is approximately 12 hours and you will have access for 60 days. You must complete level 1 and 2 first.