A focused course, tailored for you
Third-Party Risk Execution for Bank Examiners
Build the vendor assessment workflow, evidence package, and escalation memo your next OCC exam expects to see.
Your vendor inventory is current and your questionnaires go out on schedule. The problem shows up at examination time: the examiner asks for the evidence behind the rating, and what you have is a completed questionnaire, a partial SOC 2, and a risk rating that was set eighteen months ago. The current OCC joint interagency guidance on third-party risk is explicit that financial institutions must maintain ongoing monitoring programs with documented escalation paths. This course builds the workflow that closes that gap before the next target exam.
Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.
Why this course
Senior vendor relations risk specialists at large regional banks carry a dual accountability that most risk frameworks underserve. On one side: maintain a defensible Tier 1 and Tier 2 vendor inventory with current assessments, issue logs, and contractual protections. On the other: translate that inventory into exam-ready evidence packages that the OCC, Fed, or state regulator can review without needing a guided tour.
The breakdown happens not in the questionnaire phase but in the escalation and evidence-packaging phase. A vendor returns an incomplete SOC 2. The risk rating needs to go up. The risk committee meeting is in four days. What does the escalation memo look like? What evidence does it attach? What compensating controls does the bank document when the vendor cannot provide the required assurance? Most practitioners have a rough template from a prior role. This course replaces the rough template with a documented, repeatable workflow that holds together across examinations, audits, and personnel changes.
What you walk away with
- Score inherent vendor risk using the OCC joint guidance categories so every Tier 1 designation is defensible under examination.
- Build a due-diligence evidence package for a material vendor that includes controls testing, SOC 2 review, pen-test currency check, and contractual protections.
- Write an escalation memo that moves a vendor risk finding from assessment to risk committee in a format that enables a documented decision.
- Design an ongoing monitoring schedule that produces current evidence rather than expiring it between assessments.
- Document the bank's compensating-control position when a vendor cannot provide required assurance artifacts.
- Produce an examination-ready third-party risk summary that an OCC examiner can review without a guided walkthrough.
The 12 modules
How this addresses your situation
Specific modules that map to what you said you are dealing with.
What you get with this course
- 12 written modules covering the full third-party risk execution workflow from inherent risk scoring to examination-ready documentation.
- Downloadable templates for every key artifact: inherent risk scoring matrix, due-diligence evidence checklist, SOC 2 review memo, escalation memo, compensating controls document, ongoing monitoring calendar, examination-ready TPRM summary, and examination response memo.
- Worked examples for each template using realistic bank vendor scenarios.
- The hand-built implementation playbook tailored to your role and program context, delivered alongside course access.
What you will have in hand by Day 1, Week 1, Month 1
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.
Before and after
You have a completed questionnaire and a risk rating for every Tier 1 vendor, but the evidence behind the rating is a mix of partial documents, expired artifacts, and informal notes. When an examiner asks for the evidence package, the answer requires a guided walkthrough. Escalation memos are drafted from scratch each time because there is no documented template.
Every Tier 1 vendor has a current evidence package with tracked artifact expiry dates. Escalation memos follow a documented structure that enables a committee decision without back-and-forth. The examination-ready TPRM summary can be produced in four hours. An OCC examiner can review the program documentation without a guided tour.
What happens if you do not address this
The current joint interagency guidance raised the expectation bar for TPRM evidence. Banks that are still relying on completed questionnaires as the primary evidence artifact are exposed to MRA-level findings in target examinations. The documentation gap is not a strategic problem; it is an execution problem that this course solves directly.
Who it is for
Senior vendor relations and third-party risk specialists at large regional and money-center banks who own the day-to-day execution of the TPRM program. You have three to eight years in the field, a working knowledge of OCC guidance and the current joint interagency TPRM guidance, and accountability for the vendor inventory, ongoing monitoring schedules, and examination preparedness. You are not the CISO and not the CRO. You are the person who actually builds the evidence package.
How it arrives
Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.
Time investment. Twelve modules at a pace of one per day completes the full workflow build in two weeks. Each module is designed to produce a usable artifact before moving to the next.
Why $199 is the right number
The OCC and FFIEC publish guidance documents and examination handbooks at no cost. What they do not provide is the artifact templates, the worked examples, and the implementation playbook that translates guidance language into the actual documents your program needs to produce. This course fills that gap.
FAQ
30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.