Regulators are making third-party compliance a priority. And believe it or not, community banks are liable for the damage caused by improper vendor actions.
ďConsumers are at a real disadvantage, because they do not get to choose the service providers they deal with ó the financial institution does,Ē said Consumer Financial Protection Bureau Director Richard Cordray in the bureauís press release on the guidance issued earlier this year. ďConsumers must not be hurt by unfair, deceptive or abusive practices of service providers. Banks and nonbanks must manage these relationships carefully and can be held accountable if they break the law.Ē
Yet with the increase in outsourcing activities and the added regulatory attention, community banks have not identified vendor management as a priority. ATTUS and CSI recently surveyed hundreds of financial institutions for their insight on banking priorities for the current year. Few, if any, respondents recognized vendor management as a priority for 2012.
To effectively manage a bankís vendors, institutions should focus on four key areas.
Conducting proper due diligence in selecting a vendor is a critical aspect of vendor risk management. Important due diligence steps include:
The contract between the financial institution and the vendor is another key factor in mitigating risk, because it dictates legally binding terms and conditions. Financial institutions should rely on experienced counsel to ensure that its interests are protected and potential contingencies are considered. The contract should also articulate the mutual expectations of both parties.
Vendor Management and Monitoring
After the vendor has been selected and the contract signed, it is important to manage and monitor the relationship. Performance monitoring controls should include:
While outsourcing can be beneficial, it creates the risk that a vendorís operations can be disrupted and might affect the bank for the services the vendor provides. To mitigate this risk, financial institutions must ensure that the vendor has a prudent business recovery plan in place.
Paul Reymann is chief risk officer of Charlotte, N.C.-based ATTUS Technologies Inc., a wholly owned subsidiary of Computer Services Inc. For more information, visit www.attustech.com.
Copyright (c) November 2012 by BankNews Media