SlideShare uma empresa Scribd logo

Vendor Due Diligence Workshop

V
Valerie1120

Valerie E The document provides an overview of key aspects of vendor due diligence that credit unions should consider. It discusses what due diligence is, its purpose in helping credit unions evaluate vendors and partnerships, and when it should be conducted. Specifically, it outlines areas to focus on such as background checks, contract provisions, mortgage brokers/correspondents relationships, and "red flags" that warrant further scrutiny. The document aims to help credit unions properly assess vendors and manage associated risks. Edgington, CUCE, BSACS

1 de 44
Vendor Due Diligence Collaboration Workshop g p Due Diligence Essentials Know Thy Vendor – Due Diligence Essentials
2 Valerie Edgington, CUCE, BSACS E
NCUA Rules & Regulations 701: Third-Party Servicing of I di 701 Thi d P S i i f Indirect V hi l L Vehicle Loans; Valerie E 704: Corporate Credit Unions; Edgington, CUCE, BSACS 717: Fair Credit Reporting Act; FACT Act; 723: Member Business Lending; 741: Third-Party Servicing of Indirect Vehicles; 748: Security Program 3
NCUA Letters to Credit Unions 98-CU-11: Information System Vendor Reviews 99-CU-05: Risk-Based Lending 01-CU-20: Due Diligence over Third Party Service Providers Valerie E 02-CU-13: 02 CU 13: Vendor Information Systems & Technology Reviews Edgington, CUCE, BSACS 03-CU-08: Weblinking Relationships 04-CU-04: Investment Safekeeping Due Diligence 4 4 f p g g 04-CU-13: Specialized/Subprime Lending Activities 06-CU-16: Interagency Guidance on Non-Traditional Mortgage Products d 07-CU-01: Evaluating Third-Party Relationships 08-CU-19: 08 CU 19: Third Party Relationships: Mortgage Party-Relationships: Brokers/Correspondents 4
5 What & Why? Due Diligence Valerie Edgington, CUCE, BSACS E
What i “Due Diligence”? Wh t is “D Dili ”? Due Diligence D Dili Valerie E “The systematic, on-going process of analyzing and Edgington, CUCE, BSACS evaluating new strategies, programs, products, or operations to prepare for and mitigate unnecessary risks.” – NCUA 6
Purpose P Know thy vendor K h d Valerie E Edgington, CUCE, BSACS Helps credit union decide whether and how to proceed in terms of necessary controls to y mitigate identified risks 7
Applicability A li bilit All Vendor Relationships Valerie E but ff t h ld b tailored t th complexity of b t efforts should be t il d to the l it f Edgington, CUCE, BSACS each relationship. 8
Critical Vendor Relationships Involves new financial services or activities. Valerie E Materially affects revenues or expenses. Edgington, CUCE, BSACS Poses risks to or affects the credit union’s reputation. Involves critical functions of the credit union. Involves access storing or transmitting sensitive member information. access, information Involves marketing of credit union products and services by a third party. Involves subprime lending or indirect lending. Involves plastic card processing/card payment transactions. Poses risk that significantly affect earnings or capital. 9
Know Thy V d K Th Vendor Challenge: Ch ll Turning vendors into reliable strategic Valerie E partners. partners Edgington, CUCE, BSACS “Don’t The relationship between Too worry, they “Uh oh…we Trusting CU and WIIFM Inc. used their used our quickly deteriorated… standard standard contract!” contract.” 10
Know Thy V d K Th Vendor It s It’s kind of like a marriage marriage… Valerie E “Can t “C two walk together, lk t th Edgington, CUCE, BSACS except they agree?” Document the credit union’s union s understanding and all expectations with the vendor in writing. 11
Know Thy V d K Th Vendor It’s kind of like a marriage It s marriage… Valerie E In sickness and in health, to love Edgington, CUCE, BSACS and to cherish, till death do us part.” Beware long term outsourcing agreements. Once signed, it can b very O i d be expensive to terminate. 12
Know Thy V d K Th Vendor It’s kind of like a marriage It s marriage… Valerie E In an ideal marriage one partner Edgington, CUCE, BSACS is blind and the other is deaf.” No one is perfect. Seldom is only one party (e.g., the vendor) always at fault. Control C t l weaknesses k contribute to poor vendor relations. relations 13
Due Diligence “Minimum Contract Coverage” Valerie E Edgington, CUCE, BSACS Contract Issues and Concerns 14
Minimum C t Mi i Contract Coverage tC Typically, Typically at a minimum, third party vendor contracts minimum third-party should address at least the following: Valerie E Scope of arrangement, services offered, and activities authorized a a ge e , se v ces offe ed, a d ac v es a o ed Edgington, CUCE, BSACS Responsibilities of all parties (including subcontractor oversight Service level agreements addressing performance standards and measures Performance reports and frequency of reporting Penalties for lack of performance 15
Minimum C i i Contract Coverage C Typically, at a minimum, third-party vendor contracts should address at least the following: Valerie E Audit rights and requirements (including responsibility for payment) Edgington, CUCE, BSACS Data security and member confidentiality (including testing and audit) Ownership, control, maintenance and access to financial and operating records Ownership of servicing rights 16
Minimum C t Mi i Contract C t Coverage Typically, at a minimum, third-party vendor contracts should address at least the following: Valerie E Business resumption or contingency planning Edgington, CUCE, BSACS Insurance Member complaints and member service Dispute resolution Default, termination, and escape clauses 17
Due Diligence Valerie Edgington, CUCE, BSACS E Background Checks 18
Request for Proposal Materials for first round of vendor evaluations Validates vendor interest Valerie E Outlines the contract/service requirements of the credit union Edgington, CUCE, BSACS Requests information from vendor Business requirements Vendor profile d fil Vendor employee information Vendor methodology gy Vendor infrastructure Addendum to contract 19
Background Checks: Business E i Information B i Entity I f i Corporate ownership, structure, background p p, , g What type of entity are they? Valerie E How long have they been in business/offering service? Edgington, CUCE, BSACS Lawsuits or legal proceedings Articles of Incorporation/Organization Authorized to do business in Ohio? Who are the principals of the business? Social Security Number y Identification verification Organizational Chart Government watch lists 20
Background Checks: Business Entity Information Financial history and current condition y Request current financial statements Valerie E Statement of Income Edgington, CUCE, BSACS Notes to Financials Securities and Exchange Commission filings (public entity) Dunn & Bradstreet credit report Bankruptcy and judgment history Audited financial statements f Unaudited financial statements Vendor’s “market share information” 21
Background Checks: Business Entity Information Business model and practices p Longevity, adaptability, and viability through various Valerie E economic cycles, changes in technology Edgington, CUCE, BSACS Business and marketing plans Required licenses and certifications Ability to perform proposed functions Use of related affiliates, subsidiaries and subcontractors Knowledge of relevant consumer protection and civil rights laws and regulations. 22
Background Checks: Business Entity Information Scope and effectiveness of business’ operations and controls Valerie E Review SAS 70 audit reports Edgington, CUCE, BSACS Adequate/experienced staff Security policy and data handling practices Testing plan/results Privacy Policy Disaster Recovery/Business Continuity Customer Service Standards Hiring/screening practices Insurance coverage 23
Background Checks: Business Entity Information Reputation and Relevant Experience Valerie E Performance with past clients Edgington, CUCE, BSACS Verification of experience/qualifications Reputation within industry Reputation & relevant experience R t ti l t i Limited experience: Qualifications Competence C t 24
Due Diligence Valerie Edgington, CUCE, BSACS E Mortgage Brokers and Correspondents 25
Mortgage Brokers and Correspondents NCUA Letter to Credit Union 08-CU-19 Valerie E Federally i F d ll insured credit unions d dit i Edgington, CUCE, BSACS Issued August 2008 Re-emphasizes importance of proper due diligence over third- party relationships specifically as they relate to use of mortgage brokers and correspondents. 26
Mortgage Brokers and Correspondents Who are the Third Parties in this Letter? Valerie E Edgington, CUCE, BSACS Mortgage Brokers: Third parties that generally do not fund loans themselves, and work on behalf of the credit union or borrower. Correspondents: Third parties that fund and close loans in their own name and then sell the loan to a credit union or other lender lender. 27
Mortgage Brokers and Correspondents Background Valerie E Over 50% of home loans originated by mortgage brokers Edgington, CUCE, BSACS Compensation based on loan origination volume Strong incentive to produce and close as many loans as possible. 28
Mortgage Brokers and Correspondents Special Issues and Concerns Valerie E Third Thi d party operating i it own b t i t t ti in its best interest. t Edgington, CUCE, BSACS Beware of loan regulation violations. Third party has control over the appraisal process. Third party tries to limit its own liability. 29
Mortgage Brokers and Correspondents Special Issues and Concerns Valerie E Is th I the credit union adequately protected? dit i d t l t t d? Edgington, CUCE, BSACS Financial strength of the third-party over long term and ability to support claims that may arise arise. Product volume may exceed third party’s or credit union’s ability to handle. Funding commitments that may have to be honored despite developing concerns with the third party. p g p y 30
Mortgage Brokers and Correspondents What is Required? Valerie E Proper due diligence p g Edgington, CUCE, BSACS Risk management Loan sampling Targeted loan reviews T t dl i Loan approval authority Underwriting criteria and subsequent modification approved by credit union Broker & correspondent reports to credit union Corrective Action 31
Due Diligence Valerie Edgington, CUCE, BSACS E Key Contract Provisions 32
Key C K Contract P Provisions i i Description of Services Boilerplate provisions vs. adequate detail of service and functions Valerie E Critical for enforcing performance warranty problems Edgington, CUCE, BSACS Clear, concise language Performance Standards Functional specifications Uptime operability vs. downtime Maintenance responsibilities 33
Key C K Contract P Provisions i i Warranties Performance Warranty Valerie E Performance vs. promise Edgington, CUCE, BSACS Ownership Warranty Ownership of software/license Piracy infringement claims Compliance Warranty Satisfy federal and state compliance requirements Credit union and consumer regulation 34
Key C K Contract P Provisions i i Liability & Indemnity SP liability/responsibility Valerie E Breach of warranties; negligent acts Edgington, CUCE, BSACS Damage limitation provisions Beware “sole remedy” provisions Data Access Raw data vs. member transaction information f Storage Transfer Data destruction; confidentiality 35
Key C K Contract P Provisions i i Security Non-negotiable Valerie E Safeguarding member information Edgington, CUCE, BSACS Credit union indemnification Confidentiality/Privacy f y/ y Confidentiality agreement mandated Employees, contractors, subcontractors, affiliates Use only as per agreement Written consent of credit union N tifi ti of actual or suspected b Notification f t l t d breach h 36
Key C K Contract P Provisions i i Term Identifiable beginning and end Valerie E Renewal terms Edgington, CUCE, BSACS Price & Payments Timing Holdbacks/refund provisions Defined milestones Development/Set-up f D l /S fees 37
Key C K Contract P Provisions i i Termination Grounds and procedures for termination Valerie E Mutual termination rights Edgington, CUCE, BSACS Termination fees; liquidated damages Jurisdiction & Governing Law g Venue Jurisdiction Arbitration & Attorney Fees Non-exclusive location Attorney fees to prevailing party A f ili 38
39 Red Flags Due Diligence Valerie Edgington, CUCE, BSACS E
Red Flags R d Fl “No contract changes.” Valerie E Contracts where the vendor can change terms unilaterally or fees without credit union consent. Edgington, CUCE, BSACS Contract references a document the credit union does not have or a third party document the credit union has not reviewed. You can’t get the information you requested. The information provided is outdated or incomplete. The information provided or answers to questions are vague. Lack of express warranty by the vendor that the software/service will performed in accordance with the functional specifications or service description. 40
Red Flags R d Fl “Limited time warranties for software in a range of 60 to 90 days are suspect and not industry standard. Valerie E Blanket provision allowing the vendor to disclose data “as permitted by law.” p g p y Edgington, CUCE, BSACS This is a particularly low standard of protection. There is no single point-of-contact for information security. Field personnel do not have encrypted devices. Information gathered is not secure. The vendor has no disaster recovery plan. The vendor outsources the processing of data. 41
Red Flags R d Fl Vendor refuses to disclose its financial statements. Valerie E Vendor liability and indemnification provisions are limited in scope to p personal injury or property damages. j y p p y g Edgington, CUCE, BSACS Provisions that permit the vendor to disclaim liability. Contracts that are automatically renewable. Contracts that provide termination fees or liquidated damages for a voluntary breach should be carefully reviewed by an attorney for fairness. The information provided applies only to the parent company – is not really specific to the service the company would provide to your credit union Any agreement that carries initial term of five years or greater greater. 42
Resources NCUA Valerie E www.ncua.gov Edgington, CUCE, BSACS CUNA http://www.cuna.org/initiatives/due_diligence.html http://www cuna org/initiatives/due diligence html http://www.cuna.org/initiatives/member/due_diligence_documents.html http://www.cuna.org/initiatives/member/download/CUNA_Due_Diligence _Task_Force_Third-Party_Vendor_Management_Guide.pdf Task Force Third Party Vendor Management Guide pdf 43
Resources Valerie E Valerie Edgington CUCE, BSACS Edgington, CUCE Edgington, CUCE, BSACS vme1120@live.com 614-226-7227 4 7 7 44

Recomendados

BitRush Investor Deck
BitRush Investor DeckBitRush Investor Deck
BitRush Investor Deck
BitRush Corp
 
InsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can WinInsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can Win
Adrian Jones
 
Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation
WSO2
 
What is RegTech?
What is RegTech?What is RegTech?
What is RegTech?
Encompass Corporation
 
Fintech
FintechFintech
Fintech
AayushBedi3
 
An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)
Paul Ark (Polapat Arkkrapridi)
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
Capgemini
 
FinTech and the Future of Finance
FinTech and the Future of FinanceFinTech and the Future of Finance
FinTech and the Future of Finance
Robin Teigland
 

Recomendados

BitRush Investor Deck
BitRush Investor DeckBitRush Investor Deck
BitRush Investor Deck
BitRush Corp
 
InsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can WinInsurTech 2.0: How You Can Win
InsurTech 2.0: How You Can Win
Adrian Jones
 
Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation Open Banking - Opening the door to Digital Transformation
Open Banking - Opening the door to Digital Transformation
WSO2
 
What is RegTech?
What is RegTech?What is RegTech?
What is RegTech?
Encompass Corporation
 
Fintech
FintechFintech
Fintech
AayushBedi3
 
An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)An Introduction to Open Banking (PSD2)
An Introduction to Open Banking (PSD2)
Paul Ark (Polapat Arkkrapridi)
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
Capgemini
 
FinTech and the Future of Finance
FinTech and the Future of FinanceFinTech and the Future of Finance
FinTech and the Future of Finance
Robin Teigland
 
Power plays for Monetizing Open Banking APIs
Power plays for Monetizing Open Banking APIsPower plays for Monetizing Open Banking APIs
Power plays for Monetizing Open Banking APIs
accenture
 
BBVA Digital Banking
BBVA Digital BankingBBVA Digital Banking
BBVA Digital Banking
BBVA
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
Capgemini
 
#FinTech Regulation Overview co-presented
#FinTech Regulation Overview co-presented #FinTech Regulation Overview co-presented
#FinTech Regulation Overview co-presented
CFTE
 
Role of fintech in banking
Role of fintech in bankingRole of fintech in banking
Role of fintech in banking
Rishabh Seth
 
What is FinTech- Technology in Finance
What is FinTech- Technology in Finance What is FinTech- Technology in Finance
What is FinTech- Technology in Finance
Mobcoder
 
Credit Scoring.ppt
Credit Scoring.pptCredit Scoring.ppt
Credit Scoring.ppt
etebarkhmichale
 
Securities Trade Life Cycle
Securities Trade Life CycleSecurities Trade Life Cycle
Securities Trade Life Cycle
Khader Shaik
 
Fintech Overview and Growth Drivers
Fintech Overview and Growth DriversFintech Overview and Growth Drivers
Fintech Overview and Growth Drivers
Ratnakar Pandey
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
Capgemini
 
Starling Bank Deep Dive
Starling Bank Deep DiveStarling Bank Deep Dive
Starling Bank Deep Dive
Fintech Fraternity
 
WealthTech - Robo-Advisors & digital brokerages
WealthTech - Robo-Advisors & digital brokeragesWealthTech - Robo-Advisors & digital brokerages
WealthTech - Robo-Advisors & digital brokerages
Kannagi Mishra
 
Insur tech
Insur techInsur tech
Insur tech
stavepartners
 
Navigating the fintech landscape 2020 dec
Navigating the fintech landscape 2020 decNavigating the fintech landscape 2020 dec
Navigating the fintech landscape 2020 dec
Jaideep Tibrewala
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise
WSO2
 
EY's European Banking Barometer – 2015
EY's European Banking Barometer – 2015 EY's European Banking Barometer – 2015
EY's European Banking Barometer – 2015
EY
 
Fintech regulations presentation
Fintech regulations presentationFintech regulations presentation
Fintech regulations presentation
Joseph Rubin
 
2018 EY-Parthenon Price Perception Airlines
2018 EY-Parthenon Price Perception Airlines2018 EY-Parthenon Price Perception Airlines
2018 EY-Parthenon Price Perception Airlines
Wouter Vincken
 
Revolut Deep Dive
Revolut Deep DiveRevolut Deep Dive
Revolut Deep Dive
Fintech Fraternity
 
Tracxn - Auto E-Commerce & Content Startup Landscape
Tracxn - Auto E-Commerce & Content Startup LandscapeTracxn - Auto E-Commerce & Content Startup Landscape
Tracxn - Auto E-Commerce & Content Startup Landscape
Tracxn
 
حدیث لانبعی بعدی کا مفہوم
حدیث لانبعی بعدی کا مفہومحدیث لانبعی بعدی کا مفہوم
حدیث لانبعی بعدی کا مفہوم
muzaffertahir9
 
Best-in-class vendor management office
Best-in-class vendor management office Best-in-class vendor management office
Best-in-class vendor management office
WGroup
 

Mais conteúdo relacionado

Mais procurados

Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
Capgemini
 
Credit Scoring.ppt
Credit Scoring.pptCredit Scoring.ppt
Credit Scoring.ppt
etebarkhmichale
 
Securities Trade Life Cycle
Securities Trade Life CycleSecurities Trade Life Cycle
Securities Trade Life Cycle
Khader Shaik
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
Capgemini
 
Tracxn - Auto E-Commerce & Content Startup Landscape
Tracxn - Auto E-Commerce & Content Startup LandscapeTracxn - Auto E-Commerce & Content Startup Landscape
Tracxn - Auto E-Commerce & Content Startup Landscape
Tracxn
 

Mais procurados (20)

Power plays for Monetizing Open Banking APIs
Power plays for Monetizing Open Banking APIsPower plays for Monetizing Open Banking APIs
Power plays for Monetizing Open Banking APIs
 
BBVA Digital Banking
BBVA Digital BankingBBVA Digital Banking
BBVA Digital Banking
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
#FinTech Regulation Overview co-presented
#FinTech Regulation Overview co-presented #FinTech Regulation Overview co-presented
#FinTech Regulation Overview co-presented
 
Role of fintech in banking
Role of fintech in bankingRole of fintech in banking
Role of fintech in banking
 
What is FinTech- Technology in Finance
What is FinTech- Technology in Finance What is FinTech- Technology in Finance
What is FinTech- Technology in Finance
 
Credit Scoring.ppt
Credit Scoring.pptCredit Scoring.ppt
Credit Scoring.ppt
 
Securities Trade Life Cycle
Securities Trade Life CycleSecurities Trade Life Cycle
Securities Trade Life Cycle
 
Fintech Overview and Growth Drivers
Fintech Overview and Growth DriversFintech Overview and Growth Drivers
Fintech Overview and Growth Drivers
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
Starling Bank Deep Dive
Starling Bank Deep DiveStarling Bank Deep Dive
Starling Bank Deep Dive
 
WealthTech - Robo-Advisors & digital brokerages
WealthTech - Robo-Advisors & digital brokeragesWealthTech - Robo-Advisors & digital brokerages
WealthTech - Robo-Advisors & digital brokerages
 
Insur tech
Insur techInsur tech
Insur tech
 
Navigating the fintech landscape 2020 dec
Navigating the fintech landscape 2020 decNavigating the fintech landscape 2020 dec
Navigating the fintech landscape 2020 dec
 
Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise Open Banking - The Digital Transformation Opportunity in Disguise
Open Banking - The Digital Transformation Opportunity in Disguise
 
EY's European Banking Barometer – 2015
EY's European Banking Barometer – 2015 EY's European Banking Barometer – 2015
EY's European Banking Barometer – 2015
 
Fintech regulations presentation
Fintech regulations presentationFintech regulations presentation
Fintech regulations presentation
 
2018 EY-Parthenon Price Perception Airlines
2018 EY-Parthenon Price Perception Airlines2018 EY-Parthenon Price Perception Airlines
2018 EY-Parthenon Price Perception Airlines
 
Revolut Deep Dive
Revolut Deep DiveRevolut Deep Dive
Revolut Deep Dive
 
Tracxn - Auto E-Commerce & Content Startup Landscape
Tracxn - Auto E-Commerce & Content Startup LandscapeTracxn - Auto E-Commerce & Content Startup Landscape
Tracxn - Auto E-Commerce & Content Startup Landscape
 

Destaque

حدیث لانبعی بعدی کا مفہوم
حدیث لانبعی بعدی کا مفہومحدیث لانبعی بعدی کا مفہوم
حدیث لانبعی بعدی کا مفہوم
muzaffertahir9
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Sample Due diligence report
Sample Due diligence reportSample Due diligence report
Sample Due diligence report
Rohit Pinto
 

Destaque (11)

حدیث لانبعی بعدی کا مفہوم
حدیث لانبعی بعدی کا مفہومحدیث لانبعی بعدی کا مفہوم
حدیث لانبعی بعدی کا مفہوم
 
Best-in-class vendor management office
Best-in-class vendor management office Best-in-class vendor management office
Best-in-class vendor management office
 
Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?Know your suppliers? How can you manage supplier risk?
Know your suppliers? How can you manage supplier risk?
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Best Practices in Software Vendor Selection
Best Practices in Software Vendor SelectionBest Practices in Software Vendor Selection
Best Practices in Software Vendor Selection
 
ppt of vendor management
ppt of vendor management ppt of vendor management
ppt of vendor management
 
Due Diligence Best Practices and Pitfalls
Due Diligence Best Practices and PitfallsDue Diligence Best Practices and Pitfalls
Due Diligence Best Practices and Pitfalls
 
Introduction to Project Management (workshop) - v.1
Introduction to Project Management (workshop) - v.1Introduction to Project Management (workshop) - v.1
Introduction to Project Management (workshop) - v.1
 
Vendor Management
Vendor ManagementVendor Management
Vendor Management
 
Supplier Risk Assessment
Supplier Risk AssessmentSupplier Risk Assessment
Supplier Risk Assessment
 
Sample Due diligence report
Sample Due diligence reportSample Due diligence report
Sample Due diligence report
 

Semelhante a Vendor Due Diligence Workshop

Best frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examinersBest frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examiners
Valerie Germany-Edgington
 
Best frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examinersBest frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examiners
Valerie Germany-Edgington
 
CQR Alll And Macbeth
CQR Alll And MacbethCQR Alll And Macbeth
CQR Alll And Macbeth
loudunham
 
Credit Quality, ALLL, and Macbeth
Credit Quality, ALLL, and MacbethCredit Quality, ALLL, and Macbeth
Credit Quality, ALLL, and Macbeth
David Cogswell
 
April 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewApril 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overview
Leland Lehrman
 
Treating Customers Fairly is a Strategic Matter
Treating Customers Fairly is a Strategic MatterTreating Customers Fairly is a Strategic Matter
Treating Customers Fairly is a Strategic Matter
StephenRosling
 
FEC Seminar: C.R.
FEC Seminar: C.R.FEC Seminar: C.R.
FEC Seminar: C.R.
Orhan Erdem
 
200907 nolan property and casualty report
200907 nolan property and casualty report200907 nolan property and casualty report
200907 nolan property and casualty report
Steven Callahan
 
Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...
Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...
Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...
NAFCU Services Corporation
 

Semelhante a Vendor Due Diligence Workshop (20)

Best frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examinersBest frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examiners
 
Best frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examinersBest frenemies how to manage your relationship with regulatory examiners
Best frenemies how to manage your relationship with regulatory examiners
 
CQR Alll And Macbeth
CQR Alll And MacbethCQR Alll And Macbeth
CQR Alll And Macbeth
 
Credit Quality, ALLL, and Macbeth
Credit Quality, ALLL, and MacbethCredit Quality, ALLL, and Macbeth
Credit Quality, ALLL, and Macbeth
 
Credit Decision Indices: A Flexible Tool for Both Credit Consumers and Providers
Credit Decision Indices: A Flexible Tool for Both Credit Consumers and ProvidersCredit Decision Indices: A Flexible Tool for Both Credit Consumers and Providers
Credit Decision Indices: A Flexible Tool for Both Credit Consumers and Providers
 
April 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overviewApril 16 sasb delta series financials iw gs & standards overview
April 16 sasb delta series financials iw gs & standards overview
 
Winning Tactics for Data Governance
Winning Tactics for Data GovernanceWinning Tactics for Data Governance
Winning Tactics for Data Governance
 
Contact75 web
Contact75 webContact75 web
Contact75 web
 
Treating Customers Fairly is a Strategic Matter
Treating Customers Fairly is a Strategic MatterTreating Customers Fairly is a Strategic Matter
Treating Customers Fairly is a Strategic Matter
 
C.R.
C.R.C.R.
C.R.
 
FEC Seminar: C.R.
FEC Seminar: C.R.FEC Seminar: C.R.
FEC Seminar: C.R.
 
200907 nolan property and casualty report
200907 nolan property and casualty report200907 nolan property and casualty report
200907 nolan property and casualty report
 
Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...
Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...
Credit Union Fee Income Through Wealth Management Webinar Handouts | Money Co...
 
Fee Income Through Wealth Management
Fee Income Through Wealth Management Fee Income Through Wealth Management
Fee Income Through Wealth Management
 
HMC Newsletter 2010-4
HMC Newsletter 2010-4HMC Newsletter 2010-4
HMC Newsletter 2010-4
 
Counterparty risk in a post Lehmans World -- January, 2010
Counterparty risk in a post Lehmans World -- January, 2010Counterparty risk in a post Lehmans World -- January, 2010
Counterparty risk in a post Lehmans World -- January, 2010
 
Ec4024 2009 Lecture 16 CDOs
Ec4024 2009 Lecture 16 CDOsEc4024 2009 Lecture 16 CDOs
Ec4024 2009 Lecture 16 CDOs
 
How to Keep Your Balance as a Risk Manager
How to Keep Your Balance as a Risk ManagerHow to Keep Your Balance as a Risk Manager
How to Keep Your Balance as a Risk Manager
 
Nonprofit Services Brochure
Nonprofit Services BrochureNonprofit Services Brochure
Nonprofit Services Brochure
 
Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...Privacy and security insurance coverage relates to pci (payment card industry...
Privacy and security insurance coverage relates to pci (payment card industry...
 

Vendor Due Diligence Workshop

  • 1. Vendor Due Diligence Collaboration Workshop g p Due Diligence Essentials Know Thy Vendor – Due Diligence Essentials
  • 3. NCUA Rules & Regulations 701: Third-Party Servicing of I di 701 Thi d P S i i f Indirect V hi l L Vehicle Loans; Valerie E 704: Corporate Credit Unions; Edgington, CUCE, BSACS 717: Fair Credit Reporting Act; FACT Act; 723: Member Business Lending; 741: Third-Party Servicing of Indirect Vehicles; 748: Security Program 3
  • 4. NCUA Letters to Credit Unions 98-CU-11: Information System Vendor Reviews 99-CU-05: Risk-Based Lending 01-CU-20: Due Diligence over Third Party Service Providers Valerie E 02-CU-13: 02 CU 13: Vendor Information Systems & Technology Reviews Edgington, CUCE, BSACS 03-CU-08: Weblinking Relationships 04-CU-04: Investment Safekeeping Due Diligence 4 4 f p g g 04-CU-13: Specialized/Subprime Lending Activities 06-CU-16: Interagency Guidance on Non-Traditional Mortgage Products d 07-CU-01: Evaluating Third-Party Relationships 08-CU-19: 08 CU 19: Third Party Relationships: Mortgage Party-Relationships: Brokers/Correspondents 4
  • 5. 5 What & Why? Due Diligence Valerie Edgington, CUCE, BSACS E
  • 6. What i “Due Diligence”? Wh t is “D Dili ”? Due Diligence D Dili Valerie E “The systematic, on-going process of analyzing and Edgington, CUCE, BSACS evaluating new strategies, programs, products, or operations to prepare for and mitigate unnecessary risks.” – NCUA 6
  • 7. Purpose P Know thy vendor K h d Valerie E Edgington, CUCE, BSACS Helps credit union decide whether and how to proceed in terms of necessary controls to y mitigate identified risks 7
  • 8. Applicability A li bilit All Vendor Relationships Valerie E but ff t h ld b tailored t th complexity of b t efforts should be t il d to the l it f Edgington, CUCE, BSACS each relationship. 8
  • 9. Critical Vendor Relationships Involves new financial services or activities. Valerie E Materially affects revenues or expenses. Edgington, CUCE, BSACS Poses risks to or affects the credit union’s reputation. Involves critical functions of the credit union. Involves access storing or transmitting sensitive member information. access, information Involves marketing of credit union products and services by a third party. Involves subprime lending or indirect lending. Involves plastic card processing/card payment transactions. Poses risk that significantly affect earnings or capital. 9
  • 10. Know Thy V d K Th Vendor Challenge: Ch ll Turning vendors into reliable strategic Valerie E partners. partners Edgington, CUCE, BSACS “Don’t The relationship between Too worry, they “Uh oh…we Trusting CU and WIIFM Inc. used their used our quickly deteriorated… standard standard contract!” contract.” 10
  • 11. Know Thy V d K Th Vendor It s It’s kind of like a marriage marriage… Valerie E “Can t “C two walk together, lk t th Edgington, CUCE, BSACS except they agree?” Document the credit union’s union s understanding and all expectations with the vendor in writing. 11
  • 12. Know Thy V d K Th Vendor It’s kind of like a marriage It s marriage… Valerie E In sickness and in health, to love Edgington, CUCE, BSACS and to cherish, till death do us part.” Beware long term outsourcing agreements. Once signed, it can b very O i d be expensive to terminate. 12
  • 13. Know Thy V d K Th Vendor It’s kind of like a marriage It s marriage… Valerie E In an ideal marriage one partner Edgington, CUCE, BSACS is blind and the other is deaf.” No one is perfect. Seldom is only one party (e.g., the vendor) always at fault. Control C t l weaknesses k contribute to poor vendor relations. relations 13
  • 14. Due Diligence “Minimum Contract Coverage” Valerie E Edgington, CUCE, BSACS Contract Issues and Concerns 14
  • 15. Minimum C t Mi i Contract Coverage tC Typically, Typically at a minimum, third party vendor contracts minimum third-party should address at least the following: Valerie E Scope of arrangement, services offered, and activities authorized a a ge e , se v ces offe ed, a d ac v es a o ed Edgington, CUCE, BSACS Responsibilities of all parties (including subcontractor oversight Service level agreements addressing performance standards and measures Performance reports and frequency of reporting Penalties for lack of performance 15
  • 16. Minimum C i i Contract Coverage C Typically, at a minimum, third-party vendor contracts should address at least the following: Valerie E Audit rights and requirements (including responsibility for payment) Edgington, CUCE, BSACS Data security and member confidentiality (including testing and audit) Ownership, control, maintenance and access to financial and operating records Ownership of servicing rights 16
  • 17. Minimum C t Mi i Contract C t Coverage Typically, at a minimum, third-party vendor contracts should address at least the following: Valerie E Business resumption or contingency planning Edgington, CUCE, BSACS Insurance Member complaints and member service Dispute resolution Default, termination, and escape clauses 17
  • 18. Due Diligence Valerie Edgington, CUCE, BSACS E Background Checks 18
  • 19. Request for Proposal Materials for first round of vendor evaluations Validates vendor interest Valerie E Outlines the contract/service requirements of the credit union Edgington, CUCE, BSACS Requests information from vendor Business requirements Vendor profile d fil Vendor employee information Vendor methodology gy Vendor infrastructure Addendum to contract 19
  • 20. Background Checks: Business E i Information B i Entity I f i Corporate ownership, structure, background p p, , g What type of entity are they? Valerie E How long have they been in business/offering service? Edgington, CUCE, BSACS Lawsuits or legal proceedings Articles of Incorporation/Organization Authorized to do business in Ohio? Who are the principals of the business? Social Security Number y Identification verification Organizational Chart Government watch lists 20
  • 21. Background Checks: Business Entity Information Financial history and current condition y Request current financial statements Valerie E Statement of Income Edgington, CUCE, BSACS Notes to Financials Securities and Exchange Commission filings (public entity) Dunn & Bradstreet credit report Bankruptcy and judgment history Audited financial statements f Unaudited financial statements Vendor’s “market share information” 21
  • 22. Background Checks: Business Entity Information Business model and practices p Longevity, adaptability, and viability through various Valerie E economic cycles, changes in technology Edgington, CUCE, BSACS Business and marketing plans Required licenses and certifications Ability to perform proposed functions Use of related affiliates, subsidiaries and subcontractors Knowledge of relevant consumer protection and civil rights laws and regulations. 22
  • 23. Background Checks: Business Entity Information Scope and effectiveness of business’ operations and controls Valerie E Review SAS 70 audit reports Edgington, CUCE, BSACS Adequate/experienced staff Security policy and data handling practices Testing plan/results Privacy Policy Disaster Recovery/Business Continuity Customer Service Standards Hiring/screening practices Insurance coverage 23
  • 24. Background Checks: Business Entity Information Reputation and Relevant Experience Valerie E Performance with past clients Edgington, CUCE, BSACS Verification of experience/qualifications Reputation within industry Reputation & relevant experience R t ti l t i Limited experience: Qualifications Competence C t 24
  • 25. Due Diligence Valerie Edgington, CUCE, BSACS E Mortgage Brokers and Correspondents 25
  • 26. Mortgage Brokers and Correspondents NCUA Letter to Credit Union 08-CU-19 Valerie E Federally i F d ll insured credit unions d dit i Edgington, CUCE, BSACS Issued August 2008 Re-emphasizes importance of proper due diligence over third- party relationships specifically as they relate to use of mortgage brokers and correspondents. 26
  • 27. Mortgage Brokers and Correspondents Who are the Third Parties in this Letter? Valerie E Edgington, CUCE, BSACS Mortgage Brokers: Third parties that generally do not fund loans themselves, and work on behalf of the credit union or borrower. Correspondents: Third parties that fund and close loans in their own name and then sell the loan to a credit union or other lender lender. 27
  • 28. Mortgage Brokers and Correspondents Background Valerie E Over 50% of home loans originated by mortgage brokers Edgington, CUCE, BSACS Compensation based on loan origination volume Strong incentive to produce and close as many loans as possible. 28
  • 29. Mortgage Brokers and Correspondents Special Issues and Concerns Valerie E Third Thi d party operating i it own b t i t t ti in its best interest. t Edgington, CUCE, BSACS Beware of loan regulation violations. Third party has control over the appraisal process. Third party tries to limit its own liability. 29
  • 30. Mortgage Brokers and Correspondents Special Issues and Concerns Valerie E Is th I the credit union adequately protected? dit i d t l t t d? Edgington, CUCE, BSACS Financial strength of the third-party over long term and ability to support claims that may arise arise. Product volume may exceed third party’s or credit union’s ability to handle. Funding commitments that may have to be honored despite developing concerns with the third party. p g p y 30
  • 31. Mortgage Brokers and Correspondents What is Required? Valerie E Proper due diligence p g Edgington, CUCE, BSACS Risk management Loan sampling Targeted loan reviews T t dl i Loan approval authority Underwriting criteria and subsequent modification approved by credit union Broker & correspondent reports to credit union Corrective Action 31
  • 32. Due Diligence Valerie Edgington, CUCE, BSACS E Key Contract Provisions 32
  • 33. Key C K Contract P Provisions i i Description of Services Boilerplate provisions vs. adequate detail of service and functions Valerie E Critical for enforcing performance warranty problems Edgington, CUCE, BSACS Clear, concise language Performance Standards Functional specifications Uptime operability vs. downtime Maintenance responsibilities 33
  • 34. Key C K Contract P Provisions i i Warranties Performance Warranty Valerie E Performance vs. promise Edgington, CUCE, BSACS Ownership Warranty Ownership of software/license Piracy infringement claims Compliance Warranty Satisfy federal and state compliance requirements Credit union and consumer regulation 34
  • 35. Key C K Contract P Provisions i i Liability & Indemnity SP liability/responsibility Valerie E Breach of warranties; negligent acts Edgington, CUCE, BSACS Damage limitation provisions Beware “sole remedy” provisions Data Access Raw data vs. member transaction information f Storage Transfer Data destruction; confidentiality 35
  • 36. Key C K Contract P Provisions i i Security Non-negotiable Valerie E Safeguarding member information Edgington, CUCE, BSACS Credit union indemnification Confidentiality/Privacy f y/ y Confidentiality agreement mandated Employees, contractors, subcontractors, affiliates Use only as per agreement Written consent of credit union N tifi ti of actual or suspected b Notification f t l t d breach h 36
  • 37. Key C K Contract P Provisions i i Term Identifiable beginning and end Valerie E Renewal terms Edgington, CUCE, BSACS Price & Payments Timing Holdbacks/refund provisions Defined milestones Development/Set-up f D l /S fees 37
  • 38. Key C K Contract P Provisions i i Termination Grounds and procedures for termination Valerie E Mutual termination rights Edgington, CUCE, BSACS Termination fees; liquidated damages Jurisdiction & Governing Law g Venue Jurisdiction Arbitration & Attorney Fees Non-exclusive location Attorney fees to prevailing party A f ili 38
  • 39. 39 Red Flags Due Diligence Valerie Edgington, CUCE, BSACS E
  • 40. Red Flags R d Fl “No contract changes.” Valerie E Contracts where the vendor can change terms unilaterally or fees without credit union consent. Edgington, CUCE, BSACS Contract references a document the credit union does not have or a third party document the credit union has not reviewed. You can’t get the information you requested. The information provided is outdated or incomplete. The information provided or answers to questions are vague. Lack of express warranty by the vendor that the software/service will performed in accordance with the functional specifications or service description. 40
  • 41. Red Flags R d Fl “Limited time warranties for software in a range of 60 to 90 days are suspect and not industry standard. Valerie E Blanket provision allowing the vendor to disclose data “as permitted by law.” p g p y Edgington, CUCE, BSACS This is a particularly low standard of protection. There is no single point-of-contact for information security. Field personnel do not have encrypted devices. Information gathered is not secure. The vendor has no disaster recovery plan. The vendor outsources the processing of data. 41
  • 42. Red Flags R d Fl Vendor refuses to disclose its financial statements. Valerie E Vendor liability and indemnification provisions are limited in scope to p personal injury or property damages. j y p p y g Edgington, CUCE, BSACS Provisions that permit the vendor to disclaim liability. Contracts that are automatically renewable. Contracts that provide termination fees or liquidated damages for a voluntary breach should be carefully reviewed by an attorney for fairness. The information provided applies only to the parent company – is not really specific to the service the company would provide to your credit union Any agreement that carries initial term of five years or greater greater. 42
  • 43. Resources NCUA Valerie E www.ncua.gov Edgington, CUCE, BSACS CUNA http://www.cuna.org/initiatives/due_diligence.html http://www cuna org/initiatives/due diligence html http://www.cuna.org/initiatives/member/due_diligence_documents.html http://www.cuna.org/initiatives/member/download/CUNA_Due_Diligence _Task_Force_Third-Party_Vendor_Management_Guide.pdf Task Force Third Party Vendor Management Guide pdf 43
  • 44. Resources Valerie E Valerie Edgington CUCE, BSACS Edgington, CUCE Edgington, CUCE, BSACS vme1120@live.com 614-226-7227 4 7 7 44