Post on 07-Feb-2020
Rules to Receive CPE Credit
This live session is eligible for 1 CPE Credit.
In order to receive this credit, the following items MUST be completed:
Each person wishing to receive CPE Credit must log into the session individually with their credentials
You MUST answer ALL of the polling questions throughout the presentation
You MUST be in attendance for the entire live session
You MUST complete the follow-up survey regarding the session
Vendor Due Diligence and Contract Management: What You Should Know October 16, 2018
Presented by Branan CooperChief Risk Officer at Venminderbranan.cooper@venminder.com(502) 909-0325
3
What is vendor contract management – Who’s involved and why it’s important
Major vendor contract management elements and best practices
Common contract management deficiencies and mistakes
SESSION AGENDA
Importance of vendor due diligence and contract management
Key vendor due diligence themes and major traps
Tailoring oversight and hazards of falling asleep at the wheel
4
THE IMPORTANCE OF VENDOR DUE DILIGENCE
Required by regulatory guidance
Sound business practice
Can make or break the relationship
5
KEY THEMES IN VENDOR DUE DILIGENCE
• Timely
• Pre-contract
• Risk-based and tailored to the product or service
• Document guidelines in program requirements
• Make note of all attempts to gather
• Update periodically
6
MAJOR TRAPS TO AVOID
• “We’ve never been asked that before”
• One size fits all never works in clothing or risk management
• Dusty due diligence
• Checklist mentality
• Do NOT EVER, EVER, EVER allow someone else to set your standards
7
POLL QUESTION
When does your organization do due diligence?
a. Initial due diligence b. Periodically after boarding a new
vendor c. Both at initial due diligence and
periodically afterwardsd. Never e. Not sure
8
THE IMPORTANCE OF ONGOING VENDOR OVERSIGHT
• Required by regulatory guidance
• Often the forgotten pillar
• Once the honeymoon is over, who’s keeping the relationship going?
9
HAZARDS OF FALLING ASLEEP AT THE WHEEL
• Third party stops reporting
• No one notices until the car runs off the road
• Customers complain but no one is listening
• Regulators notice issues before your organization
• Many enforcement actions tied to inadequate oversight
• Not listening to management advice
10
• SLAs
• Seeing through the transaction
• Make individuals accountable
• Require regular updates to senior management and the board
• Ensure the type of oversight makes sense to the product or service outsourced
• Complaint management
TAILORING VENDOR MONITORING
11
OVERSIGHT AND ACCOUNTABILITY Source: OCC
WHERE IT FITS INTO THE LIFECYCLE WHEEL
LET’S NOW DIVE INTO EFFECTIVE VENDOR CONTRACT MANAGEMENT
13
WHAT IS VENDOR CONTRACT MANAGEMENT?
Vendor contract management is the oversight of written agreements with vendors that provide an organization with products or services.
Vendor contract management includes: Negotiating the terms of contracts and ensuring
compliance
Change management
Ongoing maintenance of the relationship
14
WHO IS GENERALLY INVOLVED?
Legal
Vendor Management
Lines of Business
Information Technology
Information Security
Business Continuity Management
Compliance
Operations
Risk
Finance
Procurement
15
WHY EFFECTIVE CONTRACT MANAGEMENT IS IMPORTANT
Your contract is the single most important control in the outsourcing process.
Good contract management can: Protect your organization, shareholders, customers and the confidential information
you’re exchanging
Be used as a negotiation tool pre-execution to guarantee you’re entering a new vendor relationship as strongly as possible
Save money, time, expense and avoid unnecessary headaches
16
WHEN SHOULD YOU BE REVIEWING CONTRACTS?
Vendor Selection
Ongoing monitoring
Negotiation
17
REGULATORY GUIDANCE AND INDUSTRY STANDARDS
Your vendor contracts should be in compliance with industry regulations and standards.
The following regulations can be used as a guide:
*Other regulators have released guidance pertaining to contract management. The above list represents just a few helpful resources.
FFIEC IT Examination Handbook
OCC Bulletin 2013-29
FDIC FIL 44-2008
18
Do your contracts identify what will happen to your data upon termination?
a. Yesb. Noc. Not Sure
POLL QUESTION
19
MAJOR ELEMENTS THAT SHOULD BE INCLUDED
Business terms
Term, notice and automatic renewals
Identify and mitigate risks
Confidentiality provisions
Disposition of data throughout the relationship (post-termination)
Harmless and indemnification provisions
Events of default
Remedies
Causes for termination
Termination assistance
Dates and deadlines
Warranties and representations
Dispute resolution
20
SLAs
Security and confidentiality provisions
Sub-contractor/fourth party identification
Third party compliance documents
Business continuity and disaster recovery plans
COMMON DEFICIENCIES THAT WE SEE CALLED OUT
21
Don’t let these happen to you! Regulators and auditors are looking for well-developed and organized programs. They will likely find contract management issues with any of the following:
No senior management/board approval A decentralized contract process Contract execution without documented vendor vetting Roles and responsibilities are not clearly identified Lack of proper contract tracking
COMMON MISTAKES TO AVOID
22
GETTING VENDOR CONTRACT MANAGEMENT IN ORDER
If you have not had a practice at your organization of reviewing your contracts then:
• Define the process for all contracts and who should be involved
• Prioritize which contracts to review (recommended start with your critical and high risk vendors)
• Ensure process is followed for new contracts
23
9 BEST PRACTICES FOR CONTRACT SUCCESS
Document the process within your vendor management program
Plan the negotiation and strategy prior to engagement
Clearly identify all areas that are involved
Negotiate the terms of the agreement – understand regulatory requirements
Actively manage the delivery of the product or service
Contract management does not end with contract signing
Manage the risks identified
Understand renewal and termination terms
Understand terms for notification provisions and the remedy provisions
Questions & Answers
branan.cooper@venminder.com
Thank You
www.venminder.com
Follow us on:
27
ALSO JOIN US AT OUR UPCOMING WEBINARS:
Writing Effective Vendor Management Policy and Program Documents:October 30, 2018
Click here to view our Events Page.