5 Analysis based on the nature of the engagement VRC Risk Rating SSAE18 HIPAA Criticals and “Wholly Outsourced Department”s Regulatory perspective included in annual critical reporting Business Process Tiers VRC1 – VRO – VRC2 Annual Report TPRS Small Team 14 calendar days If 1.01 AND 1.17 are applicable Risk Council Formerly critical Ernst and Young Value Added Reseller 1,322 Non-US Headquarters or Non-US Operations Monthly Impacts customers broadly enough to threaten market share BCTier@bokf.com Third Party Risk Summary Anyone What is the single transaction limit? 2020 1 Highest Risk Rating of all active Relationships High Regenerate FIS Coupa 21 calendar days Shared SLAs 5.01 OCC Bulletin 2013-29 Yes 1,069 Push through assigned programs Review the file posted in the VMO SharePoint site Moderately Low OCC Upon a completed Financial Crimes review December OFAC Hit FD Remediation Tracker Report Blank 2/14/2019 Third Party Provider Management Standard Highest Inherent Risk of Compliance, BC, and SRM Delegation 3 Days Ineffective Supplier Name Change Committee Any Tier Access@Work Request Overall comments VRC1's Evaluation Queue False A completed Materiality Assessment Property Maintenance Medium June Bank Confidential Data Exempt 1b Third Party Provider Management Policy No Financial Crimes latenoticelog- noreply @spfarm.bok.com Conga 3/26/2019 100 Cuba Vice President An NDA 5 Analysis based on the nature of the engagement VRC Risk Rating SSAE18 HIPAA Criticals and “Wholly Outsourced Department”s Regulatory perspective included in annual critical reporting Business Process Tiers VRC1 – VRO – VRC2 Annual Report TPRS Small Team 14 calendar days If 1.01 AND 1.17 are applicable Risk Council Formerly critical Ernst and Young Value Added Reseller 1,322 Non-US Headquarters or Non-US Operations Monthly Impacts customers broadly enough to threaten market share BCTier@bokf.com Third Party Risk Summary Anyone What is the single transaction limit? 2020 1 Highest Risk Rating of all active Relationships High Regenerate FIS Coupa 21 calendar days Shared SLAs 5.01 OCC Bulletin 2013-29 Yes 1,069 Push through assigned programs Review the file posted in the VMO SharePoint site Moderately Low OCC Upon a completed Financial Crimes review December OFAC Hit FD Remediation Tracker Report Blank 2/14/2019 Third Party Provider Management Standard Highest Inherent Risk of Compliance, BC, and SRM Delegation 3 Days Ineffective Supplier Name Change Committee Any Tier Access@Work Request Overall comments VRC1's Evaluation Queue False A completed Materiality Assessment Property Maintenance Medium June Bank Confidential Data Exempt 1b Third Party Provider Management Policy No Financial Crimes latenoticelog- noreply @spfarm.bok.com Conga 3/26/2019 100 Cuba Vice President An NDA
(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.
5
Analysis based on the nature of the engagement
VRC
Risk Rating
SSAE18
HIPAA
Criticals and “Wholly Outsourced Department”s
Regulatory perspective included in annual critical reporting
Business Process Tiers
VRC1 – VRO – VRC2
Annual Report
TPRS Small Team
14 calendar days
If 1.01 AND 1.17 are applicable
Risk Council
Formerly critical
Ernst and Young
Value Added Reseller
1,322
Non-US Headquarters or Non-US Operations
Monthly
Impacts customers broadly enough to threaten market share
BCTier@bokf.com
Third Party Risk Summary
Anyone
What is the single transaction limit?
2020
1
Highest Risk Rating of all active Relationships
High
Regenerate
FIS
Coupa
21 calendar days
Shared SLAs
5.01
OCC Bulletin 2013-29
Yes
1,069
Push through assigned programs
Review the file posted in the VMO SharePoint site
Moderately Low
OCC
Upon a completed Financial Crimes review
December
OFAC Hit
FD Remediation Tracker Report
Blank
2/14/2019
Third Party Provider Management Standard
Highest Inherent Risk of Compliance, BC, and SRM
Delegation
3 Days
Ineffective
Supplier Name Change Committee
Any Tier
Access@Work Request
Overall comments
VRC1's Evaluation Queue
False
A completed Materiality Assessment
Property Maintenance
Medium
June
Bank Confidential Data
Exempt
1b
Third Party Provider Management Policy
No
Financial Crimes
latenoticelog-noreply @spfarm.bok.com
Conga
3/26/2019
100
Cuba
Vice President
An NDA