Vendor Management: What the NCUA Requires

The NCUA requires credit unions to be cognizant of a few requirements to manage vendor relationships.

The NCUA outlines its expectations in Supervisory Letter No.: 07-01, Evaluating Third Party Relationships. Its guidance is based on three key concepts: Risk assessment and planning, Due diligence, and Risk measurement, monitoring and control.


  • NCUA sees vendor risk management as an ongoing process
  • For the NCUA, compliance is about more than vendor lists and vendor reports
  • NCUA wants FIs to have the necessary resources to conduct proper due diligence, analyze reports and carefully negotiate contracts to understand their short and long term financial implications

Ultimately, the NCUA sees vendor risk management as an ongoing process, one that begins with documented risk assessment and planning that details goals, objectives and costs. It continues with due diligence, carefully negotiated contracts, and monitoring throughout the length of the relationship. It emphasizes a system built around comprehensive reviews, documentation and reporting, and oversight and management.

Original Source:

One fixed monthly price for everyone

Get started now!