Third PartyProviderManagementPolicy3/26/2019BlankHIPAAOCCOverallcommentsOFACHitRiskRatingThird PartyProviderManagementStandardExemptSharedSLAsA completedMaterialityAssessmentVRC1 –VRO –VRC2DecemberBusinessProcessTiersVicePresidentVRC1'sEvaluationQueueCuba100FDRemediationTrackerReportHighAnalysisbased on thenature of theengagementIf 1.01AND 1.17areapplicableCriticals and“WhollyOutsourcedDepartment”sRegulatoryperspectiveincluded inannual criticalreportingCongaFormerlycriticalModeratelyLowMonthlyAnnualReportWhat isthe singletransactionlimit?SSAE18latenoticelog-noreply@spfarm.bok.comAnNDANoFalse1,322CoupaSupplierNameChangeCommittee3DaysUpon acompletedFinancialCrimesreviewValueAddedResellerBCTier@bokf.comPushthroughassignedprograms14calendardaysDelegation1,069YesNon-USHeadquartersor Non-USOperationsReview thefile posted inthe VMOSharePointsiteTPRSSmallTeamHighestInherent RiskofCompliance,BC, and SRMBankConfidentialDataFISRegenerateJuneAccess@WorkRequest121calendardaysVRCOCCBulletin2013-29Impactscustomersbroadly enoughto threatenmarket shareErnstandYoung5MediumPropertyMaintenance1b5.01AnyTier2/14/20192020RiskCouncilAnyoneFinancialCrimesThirdParty RiskSummaryIneffectiveHighest RiskRating of allactiveRelationshipsThird PartyProviderManagementPolicy3/26/2019BlankHIPAAOCCOverallcommentsOFACHitRiskRatingThird PartyProviderManagementStandardExemptSharedSLAsA completedMaterialityAssessmentVRC1 –VRO –VRC2DecemberBusinessProcessTiersVicePresidentVRC1'sEvaluationQueueCuba100FDRemediationTrackerReportHighAnalysisbased on thenature of theengagementIf 1.01AND 1.17areapplicableCriticals and“WhollyOutsourcedDepartment”sRegulatoryperspectiveincluded inannual criticalreportingCongaFormerlycriticalModeratelyLowMonthlyAnnualReportWhat isthe singletransactionlimit?SSAE18latenoticelog-noreply@spfarm.bok.comAnNDANoFalse1,322CoupaSupplierNameChangeCommittee3DaysUpon acompletedFinancialCrimesreviewValueAddedResellerBCTier@bokf.comPushthroughassignedprograms14calendardaysDelegation1,069YesNon-USHeadquartersor Non-USOperationsReview thefile posted inthe VMOSharePointsiteTPRSSmallTeamHighestInherent RiskofCompliance,BC, and SRMBankConfidentialDataFISRegenerateJuneAccess@WorkRequest121calendardaysVRCOCCBulletin2013-29Impactscustomersbroadly enoughto threatenmarket shareErnstandYoung5MediumPropertyMaintenance1b5.01AnyTier2/14/20192020RiskCouncilAnyoneFinancialCrimesThirdParty RiskSummaryIneffectiveHighest RiskRating of allactiveRelationships

Wild Card - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
  1. Third Party Provider Management Policy
  2. 3/26/2019
  3. Blank
  4. HIPAA
  5. OCC
  6. Overall comments
  7. OFAC Hit
  8. Risk Rating
  9. Third Party Provider Management Standard
  10. Exempt
  11. Shared SLAs
  12. A completed Materiality Assessment
  13. VRC1 – VRO – VRC2
  14. December
  15. Business Process Tiers
  16. Vice President
  17. VRC1's Evaluation Queue
  18. Cuba
  19. 100
  20. FD Remediation Tracker Report
  21. High
  22. Analysis based on the nature of the engagement
  23. If 1.01 AND 1.17 are applicable
  24. Criticals and “Wholly Outsourced Department”s
  25. Regulatory perspective included in annual critical reporting
  26. Conga
  27. Formerly critical
  28. Moderately Low
  29. Monthly
  30. Annual Report
  31. What is the single transaction limit?
  32. SSAE18
  33. latenoticelog-noreply @spfarm.bok.com
  34. An NDA
  35. No
  36. False
  37. 1,322
  38. Coupa
  39. Supplier Name Change Committee
  40. 3 Days
  41. Upon a completed Financial Crimes review
  42. Value Added Reseller
  43. BCTier@bokf.com
  44. Push through assigned programs
  45. 14 calendar days
  46. Delegation
  47. 1,069
  48. Yes
  49. Non-US Headquarters or Non-US Operations
  50. Review the file posted in the VMO SharePoint site
  51. TPRS Small Team
  52. Highest Inherent Risk of Compliance, BC, and SRM
  53. Bank Confidential Data
  54. FIS
  55. Regenerate
  56. June
  57. Access@Work Request
  58. 1
  59. 21 calendar days
  60. VRC
  61. OCC Bulletin 2013-29
  62. Impacts customers broadly enough to threaten market share
  63. Ernst and Young
  64. 5
  65. Medium
  66. Property Maintenance
  67. 1b
  68. 5.01
  69. Any Tier
  70. 2/14/2019
  71. 2020
  72. Risk Council
  73. Anyone
  74. Financial Crimes
  75. Third Party Risk Summary
  76. Ineffective
  77. Highest Risk Rating of all active Relationships