Due diligence should be tailored to the importance of the third-party relationship. Certainly not every vendor demands the same level, and tailored for the complexity of the vendors product or service. More complex relationships require a wider breadth of due diligence and requires deeper digging. “Risk” profile should be carefully evaluated, using the following as a guideline to the approach.
Necessary elements may include:
- Background check
- Business model
- Cash flows
- Financial operational control review
- Accounting considerations.
- Contract issues and legal review.
Credit unions should exercise their rights to negotiate contracts to achieve terms that are mutually beneficial to both parties, such as favorable early termination, escape clauses and default terms. Contracts should emphasize a credit union’s safety or soundness and should be reviewed by legal professionals, who are versed in the specific nature of the contact. Special emphasis is placed on reviewing a vendor’s practices to ensure they comply with all laws and regulations, including consumer regulations, as ultimately, the risk will rest with the credit union.
At a minimum, contracts should address:
- Ownership, control, maintenance and access to financial and operating records.
- Ownership of servicing rights.
- Audit rights and requirements (including responsibility for payment).
- Data security and member confidentiality (including testing and audit).
- Scope of arrangement, services offered, and activities authorized.
Responsibilities of all parties (including subcontractor oversight).
- Service level agreements addressing performance standards and measures.
- Performance reports and frequency of reporting.
- Penalties for lack of performance.
- Dispute resolution.
- Default, termination, and escape clauses.
- Risk Measurement, Monitoring and Control.
- Business resumption or contingency planning.
- Member complaints and member service.
- Compliance with regulatory requirements (e.g. GLBA, Privacy, BSA, etc.).
A robust vendor management software solution will aid credit unions in their quest for setting up complex due diligence for vendors.