A tailored course, built for your situation
Influence in Vendor Selection and Compliance Alignment Using FFIEC
Position yourself as the definitive voice in sourcing decisions with FFIEC-aligned control strategy
Who this is for
Senior sourcing and procurement leaders in regulated financial institutions who shape vendor risk outcomes under FFIEC
Who this is not for
Junior buyers, non-regulated sector procurement staff, or those without influence in control-aligned sourcing decisions
What you walk away with
- Lead vendor selection committees with FFIEC-backed authority
- Pre-align legal, security, and compliance teams before RFP launch
- Reduce negotiation cycles using pre-mapped FFIEC control expectations
- Become the named escalation point for control-sensitive sourcing issues
- Document influence pathways that survive leadership changes
The 12 modules (with all 144 chapters)
- What FFIEC requires in vendor management
- How regulators assess sourcing risk
- Mapping vendor tiers to control rigor
- Common gaps in third-party oversight
- Vendor lifecycle under supervision
- Documentation rigor expected
- Frequency of review cycles
- Escalation triggers for oversight
- Internal audit touchpoints
- Third-party risk benchmarks
- Compliance team handoffs
- Integrating vendor data into risk reports
- Timing sourcing cycles with exams
- Prioritizing high-risk categories
- Engaging compliance early
- Defining risk appetite thresholds
- Scoring vendor risk profiles
- Aligning with SOX scoping
- Building cross-functional timelines
- Negotiation leverage points
- Contract clauses for audits
- SLA alignment with expectations
- Right-to-audit provisions
- Termination triggers
- Deconstructing FFIEC domains
- Assigning controls to vendors
- Identifying shared responsibilities
- Documenting control ownership
- Using SSAE 18 as input
- Mapping to internal frameworks
- Control verification workflows
- Evidence collection protocols
- Automated control tracking
- Exception reporting paths
- Remediation handoff process
- Version control for mappings
- Speaking the language of examiners
- Anticipating legal pushback
- Responding to security findings
- Positioning sourcing as risk mitigant
- Framing cost vs. control tradeoffs
- Presenting alignment evidence
- Running joint review sessions
- Building consensus on exceptions
- Managing scope disagreements
- Documenting rationale clearly
- Escalating with clarity
- Maintaining influence post-decision
- Writing compliant RFP language
- Including control proof requirements
- Scoring for risk maturity
- Requesting audit reports
- Requiring SOC 2 Type II
- Asking for BC/DR plans
- Penetration testing disclosure
- Third-party subvendor mapping
- Cyber insurance verification
- Data handling commitments
- Onboarding validation steps
- Reference checks with peers
- Identifying compliance leverage
- Pushing for audit rights
- Requiring annual attestations
- Negotiating incident reporting
- Setting response time SLAs
- Pricing for compliance services
- Avoiding one-sided clauses
- Handling right-to-terminate
- Subvendor oversight terms
- Data location disclosures
- Cross-border transfer rules
- Insurance coverage minimums
- Auditor-ready evidence bundles
- Formatting control responses
- Standardizing exception logs
- Versioning documentation
- Labeling evidence sources
- Creating audit trails
- Organizing by FFIEC domain
- Linking to internal policies
- Cross-referencing assessments
- Maintaining update logs
- Storage duration compliance
- Access control for reviewers
- Setting review frequency
- Tracking control drift
- Monitoring incident history
- Quarterly business reviews
- Audit report follow-ups
- Reassessment triggers
- Performance vs. risk score
- Vendor maturity progression
- Blacklist enforcement
- Renewal risk scoring
- Exit planning
- Knowledge transfer planning
- Summarizing vendor risk posture
- Highlighting control gaps
- Reporting remediation progress
- Quantifying risk reduction
- Showing audit readiness
- Positioning sourcing wins
- Avoiding technical jargon
- Tying to strategic goals
- Presenting across functions
- Using dashboards effectively
- Preparing for executive Q&A
- Maintaining message consistency
- Identifying peer institutions
- Sourcing model comparisons
- Risk threshold alignment
- Control maturity levels
- Third-party audit expectations
- Outsourcing trend mapping
- Regulatory exam focus areas
- Vendor consolidation strategies
- Innovation vs. compliance balance
- Emerging risk themes
- Risk appetite articulation
- Adopting proven playbooks
- Activating incident protocols
- Engaging vendor contacts
- Assessing FFIEC impact
- Reporting to compliance
- Coordinating legal response
- Managing public statements
- Preserving evidence
- Determining breach scope
- Notifying regulators
- Reviewing vendor response
- Updating risk ratings
- Planning vendor re-evaluation
- Documenting decision rationale
- Creating reusable playbooks
- Mentoring junior staff
- Sharing best practices
- Presenting at internal forums
- Building cross-functional reputation
- Maintaining updated knowledge
- Tracking personal influence
- Evolving with regulation
- Institutionalizing frameworks
- Scaling across teams
- Leading without authority
How this maps to your situation
- When launching a high-risk vendor RFP
- Preparing for regulatory exams
- Responding to audit findings
- Leading cross-functional sourcing reviews
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3 hours per module, designed for completion over 12 weeks with flexibility to accelerate.
How this compares to the alternatives
Unlike generic compliance courses, this program is tailored to sourcing leaders in financial services, using FFIEC as the anchor to build real-world influence in vendor decisions.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.