For years, credit unions have been alerted by the NCUA to the need for vendor due diligence and other third-party vendor relationship requirements. Now, the Federal Reserve Board has alerted banks, and the Consumer Financial Protection Bureau has joined the bandwagon and is even issuing unfair and deceptive trade practice alerts against third-party vendors.

As you know, there are several common types of third-party relationships. Some of the common third-party relations include:

|
  • Third-party product providers such as mortgage brokers, automobile dealers, and credit card providers;
  • Loan servicing providers such as providers of debt collection, loss mitigation, and foreclosure activities;
  • Disclosure preparers such as disclosure preparation software and third-party documentation preparers;
  • Technology providers such as software vendors and website developers; and
  • Providers of outsourced compliance functions such as companies that provide compliance audits, fair lending reviews and compliance monitoring activities.

What are the risks of using vendors? As has been widely discussed, the use of third parties presents a wide range of risks, including:

|
  • Compliance risks such as violations of laws, rules or regulations or non-compliance with policies and procedures;
  • Reputation risks such as dissatisfied members or violations of law or regulations that lead to public enforcement actions;
  • Operational risks such as losses from failed processes or systems or losses of data that result in privacy issues;
  • Transaction risks such as problems with service or delivery; and
  • Credit risks such as the inability of a third party to meet its contractual obligations.

According to NCUA, the Federal Reserve Board and CFPB, certain practices increase the risk of violations and vendor risk management problems often involve one or more of the following issues:

|
  • Over-reliance on third-party vendors;
  • Failure to train new staff or retain knowledgeable staff;
  • Failure to adequately monitor the vendor; and
  • Failure to set clear expectations.

Best Practices

Several best practices can reduce the risk of violations from vendor relationships, and they include:

|
  • Due Diligence. This is a position that has been maintained by NCUA for years. Credit unions have created a successful due diligence process which includes obtaining references; viewing financial records of the vendor; ensuring that the vendor has backup systems, and continuity and contingency plans; as well as researching the background, qualifications, and reputation of the vendor's principals and their overall reputation. Credit Union's also encouraged recommending as part of due diligence a determination through Pacer as to whether or not lawsuits may have been filed against the vendor.
  • Risk Assessment. A detailed risk assessment should be developed based on the initial due diligence and should be provided to senior management and to the board of directors, if appropriate. The risk assessment should include all factors including compliance, reputation risks, operational risks, credit and transaction risks.
  • Clear Contractual Expectations. Some issues that we undertake as part of our contract review include but are not limited to the following:
  • The scope of outsourced services;
  • The procedures a vendor must follow;
  • The credit union's level of expectation;
  • The credit union's approval of a vendor's use of subcontractors;
  • The credit union's right to conduct audits or request third-party reviews;
  • The confidentiality of data;
  • The vendor warranties, liability, and disclaimers;
  • Dispute resolution mechanisms;
  • Default and termination provisions; and
  • Complaint or dispute process.

The last part of best practices is a comprehensive monitoring program. Too often a vendor contract is placed in the file and only reviewed after it is "automatically renewed" or after there is a dispute. There should be periodic/risk-based monitoring so that the frequency and type of monitoring would depend on each vendor and the assignments of the vendor.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.