Vendor due diligence

www.rtefs.comwww.rtefs.com

Vendor Due Diligence

Supervisory Committee and Director’s Conference

January 2013


September 15, 2011Walking back from lunch at the

Lake Calhoun Beach Club


Target Field

The summer we do not tell anyone about.


AGENDA• Ripped from the Headlines – Important not only

because the regulators say so.

• Responsibility

• Vendor Due Diligence – General Requirements

• Vendor Due Diligence – Specific Areas

• The Top Five

• Forms and Guidance

• Credit Union and Member Benefits


WHAT IS A VENDOR?


What is a Vendor?

• IT

• Internet Provider

• Indirect Lending

• Application Provider

• Third Party Contractors

• Social Media – Facebook, LinkedIn, etc.

• Accounting and Legal firms

• Maintenance firms

• Cloud Computing - GMail


Responsibility

• NCUA Part 715.3 General Responsibilities of the Supervisory Committee

• Supervisory Letter 07-01 October 2007


NCUA Part 715.3

• (a)(2) Establish practices and procedures sufficient to safeguard members' assets.

• (b)(4) Policies and control procedures are sufficient to safeguard against error, conflict of interest, self-dealing and fraud.


Supervisory Letter 07-01

• Credit unions must complete the due diligence necessary to ensure the risks undertaken in a third party relationship are acceptable in relation to their risk profile and safety and soundness requirements.


Supervisory Letter 07-01

• What is your risk profile?

• What are your safety and soundness requirements?


Supervisory Letter

• Risk Assessment and Planning Risks and benefits of outsourcing vs. internal operation

• Financial Projections


Supervisory Letter

• Due Diligence Background check

Business plan/model

Cash Flows

Financial and Operational Control Review

Contract and Legal Review

Accounting Considerations


Supervisory Letter

• Risk Measurement, Monitoring and Control of Third Party Relationships Policies and Procedures

Risk Measuring and Monitoring

Control System and Reporting


Top Five• IT


• Mortgage

• Cloud Computing Platform Products, Social Media, etc.

• Loan Participations


Top Five

• IT

• NCUA Exam Guide – Information Systems and Technology


Top Five


• Letter to Credit Unions 10 – CU - 15


Top Five

• Mortgage


Top Five

• Cloud Computing

• FFIEC Cloud Computing Statement http://ithandbook.ffiec.gov/media/153119/06-28-12_-

_external_cloud_computing_-_public_statement.pdf


Top Five

• Loan Participations

• Letter to Credit Unions 08 – CU – 26 Supervisory Letter Attached to Letter

Examiner Guide Attached to Letter


GUIDANCE


Guidance

• Letter to Credit Unions 01 – CU – 20

• Letter to Credit Unions 07 – CU - 13

• Letter to Credit Unions 10 – CU – 26

• Examiner’s Guide – Information Systems and Technology http://www.ncua.gov/Legal/GuidesEtc/

ExaminerGuide/Chapter06.pdf


Checklist for Management

• Request a list of vendors that the credit union has today.

• Request a statement on the due diligence performed today on vendors.

• Compare against what you have learned here.

• Do the policies and procedures need to be updated?


Checklist for Management

• Alert all areas of the credit union you require a report on any new vendors

• Prepare a list of questions for the report: Vendor Name

Vendor function

Due Diligence performed

Issues in due diligence assessment

Recommendation


The Future

• FinCEN ANPR on enhanced Customer Due Diligence (CDD) – March 2012

• Do we think this is the last we will hear of Vendor Due Diligence??


Questions??


Resources

• IT Due Diligence Guide – Checklist

• FFIEC IT Handbook and Guidelines


THANK YOU

• Gary Hess

• President, RTE Financial Services

• 1-320-260-0135

• [email protected]

• www.rtefs.com

Vendor due diligence

Documents

Transcript of Vendor due diligence