Course Description
Financial institutions increasingly rely on third parties, outsourcing arrangements, fintech partners, cloud providers, and shared service models. While these relationships enable efficiency and innovation, they also introduce significant operational, regulatory, data, cyber, and concentration risks.
This course provides a practical, end-to-end view of third-party and outsourcing risk management in financial institutions, covering governance structures, risk assessment, due diligence, contracting, ongoing monitoring, and assurance. Participants will learn how to design, assess, and strengthen third-party risk frameworks aligned with regulatory expectations and good practice.
Learning Objectives
Participants will be able to:
- Understand the full lifecycle of third-party and outsourcing risk
- Identify key regulatory and supervisory expectations
- Conduct risk-based due diligence and vendor assessments
- Design effective controls, SLAs, and monitoring mechanisms
- Assess outsourcing arrangements from a risk and assurance perspective
- Integrate third-party risk into ERM and audit activities
Who Should Attend
- Risk Management
- Compliance & Regulatory Affairs
- Internal Audit
- Procurement & Vendor Management
- IT & Operations
- Outsourcing / Shared Services teams
NASBA Sponsor
Governance Dynamics is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org.
Additional Information
Registration and Attendance Requirements: Click the “Inquire Now” button to register for the GRC Professional (GRCP) Certification Program. In order to be awarded the full credits, you must engage in a group discussion or ask/respond to questions at least once every 50 minutes.
- Instructional Delivery Method: Group Internet Based
- Field of Study: Specialized Knowledge
- Program Level: Intermediate
- Prerequisites: None
- Advanced Preparation: None
For more information regarding refund, complaint, and program cancellation policies, please contact the training department at info@governance-dynamics.com.
Details
- Date April 20-21, 2026
- Duration 2 Days
- Location Online
- Program Level Intermediate
- CPE Credit 14 CPEs
- Certificate of Completion
- Time 8:30 AM - 2:30 PM UAE Time
- Time 7:30 AM - 1:30 PM UAE Time
Bilal Sidani
Training Advisor
Haya El Chimaitilly
Training Advisor
Day 1 – Foundations & Risk Identification
-
Overview of third-party and outsourcing models in FIs
-
Regulatory expectations and supervisory focus
-
Third-party risk taxonomy:
-
Operational risk
-
Data & cyber risk
-
Compliance & regulatory risk
-
Financial and concentration risk
-
-
Risk classification and criticality assessment
-
Due diligence frameworks (financial, operational, compliance, IT)
-
Practical exercises: vendor risk profiling
Day 2 – Controls, Monitoring & Assurance
-
Contractual risk management (SLAs, KPIs, audit rights)
-
Ongoing monitoring and performance oversight
-
Managing outsourcing, sub-outsourcing, and exit risk
-
Incident management and issue escalation
-
Role of internal audit and independent assurance
-
Common failures and regulatory findings
-
Case study: breakdown in third-party oversight
