Gary Hess, profile picture
Uploaded byGary Hess
PPT, PDF1,885 views

Vendor due diligence

This document discusses vendor due diligence requirements for credit unions. It covers the NCUA's expectations for supervisory committees and directors to establish practices to safeguard member assets when working with vendors. The document outlines key areas of due diligence including assessing risks and benefits, financial reviews, background checks, contracts, and ongoing monitoring. It identifies the top five vendor categories of IT, indirect lending, mortgages, cloud computing, and loan participations. Guidance documents are referenced and checklists are provided to help management evaluate current vendors and processes.

Embed presentation

Downloaded 17 times
Vendor Due Diligence Supervisory Committee and Director’s Conference January 2013 www.rtefs.com
September 15, 2011 Walking back from lunch at the Lake Calhoun Beach Club www.rtefs.com
Target Field The summer we do not tell anyone about. www.rtefs.com
AGENDA • Ripped from the Headlines – Important not only because the regulators say so. • Responsibility • Vendor Due Diligence – General Requirements • Vendor Due Diligence – Specific Areas • The Top Five • Forms and Guidance • Credit Union and Member Benefits www.rtefs.com
www.rtefs.com
www.rtefs.com
www.rtefs.com
www.rtefs.com
WHAT IS A VENDOR? www.rtefs.com
What is a Vendor? • IT • Social Media – Facebook, LinkedIn, • Internet Provider etc. • Indirect Lending • Accounting and Legal • Application Provider firms • Maintenance firms • Third Party Contractors • Cloud Computing - GMail www.rtefs.com
Responsibility • NCUA Part 715.3  General Responsibilities of the Supervisory Committee • Supervisory Letter 07-01  October 2007 www.rtefs.com
NCUA Part 715.3 • (a)(2) Establish practices and procedures sufficient to safeguard members' assets. • (b)(4) Policies and control procedures are sufficient to safeguard against error, conflict of interest, self-dealing and fraud. www.rtefs.com
Supervisory Letter 07-01 • Credit unions must complete the due diligence necessary to ensure the risks undertaken in a third party relationship are acceptable in relation to their risk profile and safety and soundness requirements. www.rtefs.com
Supervisory Letter 07-01 • What is your risk profile? • What are your safety and soundness requirements? www.rtefs.com
Supervisory Letter • Risk Assessment and Planning  Risks and benefits of outsourcing vs. internal operation • Financial Projections www.rtefs.com
Supervisory Letter • Due Diligence  Background check  Business plan/model  Cash Flows  Financial and Operational Control Review  Contract and Legal Review  Accounting Considerations www.rtefs.com
Supervisory Letter • Risk Measurement, Monitoring and Control of Third Party Relationships  Policies and Procedures  Risk Measuring and Monitoring  Control System and Reporting www.rtefs.com
Top Five • IT • Indirect Lending • Mortgage • Cloud Computing  Platform Products, Social Media, etc. • Loan Participations www.rtefs.com
Top Five • IT • NCUA Exam Guide – Information Systems and Technology www.rtefs.com
Top Five • Indirect Lending • Letter to Credit Unions 10 – CU - 15 www.rtefs.com
Top Five • Mortgage www.rtefs.com
Top Five • Cloud Computing • FFIEC Cloud Computing Statement  http://ithandbook.ffiec.gov/media/153119/06-28-12_- _external_cloud_computing_-_public_statement.pdf www.rtefs.com
Top Five • Loan Participations • Letter to Credit Unions 08 – CU – 26  Supervisory Letter Attached to Letter  Examiner Guide Attached to Letter www.rtefs.com
GUIDANCE www.rtefs.com
Guidance • Letter to Credit Unions 01 – CU – 20 • Letter to Credit Unions 07 – CU - 13 • Letter to Credit Unions 10 – CU – 26 • Examiner’s Guide – Information Systems and Technology  http://www.ncua.gov/Legal/GuidesEtc/ExaminerGuide/ Chapter06.pdf www.rtefs.com
Checklist for Management • Request a list of vendors that the credit union has today. • Request a statement on the due diligence performed today on vendors. • Compare against what you have learned here. • Do the policies and procedures need to be updated? www.rtefs.com
Checklist for Management • Alert all areas of the credit union you require a report on any new vendors • Prepare a list of questions for the report:  Vendor Name  Vendor function  Due Diligence performed  Issues in due diligence assessment  Recommendation www.rtefs.com
The Future • FinCEN ANPR on enhanced Customer Due Diligence (CDD) – March 2012 • Do we think this is the last we will hear of Vendor Due Diligence?? www.rtefs.com
Questions?? www.rtefs.com
Resources • IT Due Diligence Guide – Checklist • FFIEC IT Handbook and Guidelines www.rtefs.com
THANK YOU • Gary Hess • President, RTE Financial Services • 1-320-260-0135 • Gary.hess@rtefs.com • www.rtefs.com www.rtefs.com

More Related Content

PPTX
Defi solutions Overview
bydefi SOLUTIONS
 
PPTX
Girdling Trees to Create Snags and Coarse Wood Debris and to Improve Wildlife...
byJohn Lampe
 
PDF
所知有雲 Team meetup 1
byFred Chiang
 
PDF
Storytelling Tool per eventi
byAlessandro Fregni
 
PPTX
Ultra-Low Pressure Herbicide Dispenser Reduces Drift and Increases Target Adh...
byJohn Lampe
 
PPTX
Guia de inicio
byEdwin Blanco
 
PDF
Dl powerpoint
byJessica Smith
 
PDF
Vinza seminario 4
byVINZA9016
 
Defi solutions Overview
bydefi SOLUTIONS
 
Girdling Trees to Create Snags and Coarse Wood Debris and to Improve Wildlife...
byJohn Lampe
 
所知有雲 Team meetup 1
byFred Chiang
 
Storytelling Tool per eventi
byAlessandro Fregni
 
Ultra-Low Pressure Herbicide Dispenser Reduces Drift and Increases Target Adh...
byJohn Lampe
 
Guia de inicio
byEdwin Blanco
 
Dl powerpoint
byJessica Smith
 
Vinza seminario 4
byVINZA9016
 

Viewers also liked

PPT
En
byIVKHK
 
PDF
2366951 historia-do-saber-lexical-e-constituicao-de-um-lexico-brasileiro
byEmilia Gomes Barbosa Barbosa
 
PDF
Mòdulo i.doctrina bolivariana. signed
byEdwin Blanco
 
PPTX
Brush Killer: Why Is Foam Herbicide So Effective on Brush?
byJohn Lampe
 
PPTX
Tree of Heaven Control using Foam Herbicide
byJohn Lampe
 
PDF
Cançons populars
byolgaferre
 
PPTX
Artificial Light Harvesting: Solution for Sustainable Energy and Fuel
byMohammad A. Halim
 
PDF
Disequazioni
bySalvatoreFabozzo94
 
PPT
Web Services: It is not IF, it is WHEN!
byGary Hess
 
PPTX
Hot Topics 2011
byGary Hess
 
PPTX
How To Sell Energy Efficiency
byBearbradley
 
PDF
TAC La rateta que escombrava . Meritxell
byolgaferre
 
PDF
Twitter: Resumen 2011
byMario Enrique Sánchez
 
PDF
autonome voertuigen
bytomvanwouwe
 
PDF
1116上課資料
bykangchaiotsai
 
En
byIVKHK
 
2366951 historia-do-saber-lexical-e-constituicao-de-um-lexico-brasileiro
byEmilia Gomes Barbosa Barbosa
 
Mòdulo i.doctrina bolivariana. signed
byEdwin Blanco
 
Brush Killer: Why Is Foam Herbicide So Effective on Brush?
byJohn Lampe
 
Tree of Heaven Control using Foam Herbicide
byJohn Lampe
 
Cançons populars
byolgaferre
 
Artificial Light Harvesting: Solution for Sustainable Energy and Fuel
byMohammad A. Halim
 
Disequazioni
bySalvatoreFabozzo94
 
Web Services: It is not IF, it is WHEN!
byGary Hess
 
Hot Topics 2011
byGary Hess
 
How To Sell Energy Efficiency
byBearbradley
 
TAC La rateta que escombrava . Meritxell
byolgaferre
 
Twitter: Resumen 2011
byMario Enrique Sánchez
 
autonome voertuigen
bytomvanwouwe
 
1116上課資料
bykangchaiotsai
 

Similar to Vendor due diligence

PDF
Third-Party Oversight & Governance
byEDR
 
PDF
Vendor Management Best Practices: Is Your Program Up to Par?
byEDR
 
PDF
2015 LOMA Conference - Third party risk management - Session 20
byMarc S. Sokol
 
PDF
Fighting Corruption in the Supply Chain
byLexisNexisRiskUK
 
PPT
Third Party Risk Due Diligence - Feb 2012
byaj22dms
 
PDF
Vendor Due Diligence Workshop
byValerie1120
 
PDF
Lexis Diligence Anti-bribery and Corruption Brochure
byLexisNexisRiskUK
 
PDF
Lexis Diligence for Anti-bribery and Corruption_brochure
byLexisNexisDiligence
 
PDF
Due Diligence: A Necessity in a New Environment
byKaufman & Canoles
 
PDF
2020 US Banks and Broker Dealers
byDaniel Connor
 
PPTX
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
byAdvisorAssist, LLC
 
PDF
Technology Enabled Corporate Communications- Forum For Corporate Directors an...
byRoger Cohen
 
PDF
Regulatory Landscape in 2015: Vendor Management and Beyond
byEDR
 
PDF
ACI Passport to Security
byjfbgianni
 
PDF
Joanna Belbey, Actiance Presentation - BDI 2/23/12 Social Media in Wealth Man...
byBusiness Development Institute
 
PDF
Fighting corruption in the supply chain
byLexisNexisDiligence
 
PDF
Subcustodianrisk
byThe Benche
 
PDF
20121003 Afi responsible finance - Foromic
byAlvaro Martin Enriquez
 
PDF
The Evolving Enterprise Risk Model
byLexisNexisRiskUK
 
PDF
The evolving enterprise risk model
byLexisNexisDiligence
 
Third-Party Oversight & Governance
byEDR
 
Vendor Management Best Practices: Is Your Program Up to Par?
byEDR
 
2015 LOMA Conference - Third party risk management - Session 20
byMarc S. Sokol
 
Fighting Corruption in the Supply Chain
byLexisNexisRiskUK
 
Third Party Risk Due Diligence - Feb 2012
byaj22dms
 
Vendor Due Diligence Workshop
byValerie1120
 
Lexis Diligence Anti-bribery and Corruption Brochure
byLexisNexisRiskUK
 
Lexis Diligence for Anti-bribery and Corruption_brochure
byLexisNexisDiligence
 
Due Diligence: A Necessity in a New Environment
byKaufman & Canoles
 
2020 US Banks and Broker Dealers
byDaniel Connor
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
byAdvisorAssist, LLC
 
Technology Enabled Corporate Communications- Forum For Corporate Directors an...
byRoger Cohen
 
Regulatory Landscape in 2015: Vendor Management and Beyond
byEDR
 
ACI Passport to Security
byjfbgianni
 
Joanna Belbey, Actiance Presentation - BDI 2/23/12 Social Media in Wealth Man...
byBusiness Development Institute
 
Fighting corruption in the supply chain
byLexisNexisDiligence
 
Subcustodianrisk
byThe Benche
 
20121003 Afi responsible finance - Foromic
byAlvaro Martin Enriquez
 
The Evolving Enterprise Risk Model
byLexisNexisRiskUK
 
The evolving enterprise risk model
byLexisNexisDiligence
 

Vendor due diligence

  • 1.
    Vendor Due Diligence Supervisory Committee and Director’s Conference January 2013 www.rtefs.com
  • 2.
    September 15, 2011 Walkingback from lunch at the Lake Calhoun Beach Club www.rtefs.com
  • 3.
    Target Field The summerwe do not tell anyone about. www.rtefs.com
  • 4.
    AGENDA • Ripped fromthe Headlines – Important not only because the regulators say so. • Responsibility • Vendor Due Diligence – General Requirements • Vendor Due Diligence – Specific Areas • The Top Five • Forms and Guidance • Credit Union and Member Benefits www.rtefs.com
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
    WHAT IS AVENDOR? www.rtefs.com
  • 10.
    What is aVendor? • IT • Social Media – Facebook, LinkedIn, • Internet Provider etc. • Indirect Lending • Accounting and Legal • Application Provider firms • Maintenance firms • Third Party Contractors • Cloud Computing - GMail www.rtefs.com
  • 11.
    Responsibility • NCUA Part715.3  General Responsibilities of the Supervisory Committee • Supervisory Letter 07-01  October 2007 www.rtefs.com
  • 12.
    NCUA Part 715.3 •(a)(2) Establish practices and procedures sufficient to safeguard members' assets. • (b)(4) Policies and control procedures are sufficient to safeguard against error, conflict of interest, self-dealing and fraud. www.rtefs.com
  • 13.
    Supervisory Letter 07-01 •Credit unions must complete the due diligence necessary to ensure the risks undertaken in a third party relationship are acceptable in relation to their risk profile and safety and soundness requirements. www.rtefs.com
  • 14.
    Supervisory Letter 07-01 •What is your risk profile? • What are your safety and soundness requirements? www.rtefs.com
  • 15.
    Supervisory Letter • RiskAssessment and Planning  Risks and benefits of outsourcing vs. internal operation • Financial Projections www.rtefs.com
  • 16.
    Supervisory Letter • DueDiligence  Background check  Business plan/model  Cash Flows  Financial and Operational Control Review  Contract and Legal Review  Accounting Considerations www.rtefs.com
  • 17.
    Supervisory Letter • RiskMeasurement, Monitoring and Control of Third Party Relationships  Policies and Procedures  Risk Measuring and Monitoring  Control System and Reporting www.rtefs.com
  • 18.
    Top Five • IT •Indirect Lending • Mortgage • Cloud Computing  Platform Products, Social Media, etc. • Loan Participations www.rtefs.com
  • 19.
    Top Five • IT •NCUA Exam Guide – Information Systems and Technology www.rtefs.com
  • 20.
    Top Five • IndirectLending • Letter to Credit Unions 10 – CU - 15 www.rtefs.com
  • 21.
  • 22.
    Top Five • CloudComputing • FFIEC Cloud Computing Statement  http://ithandbook.ffiec.gov/media/153119/06-28-12_- _external_cloud_computing_-_public_statement.pdf www.rtefs.com
  • 23.
    Top Five • LoanParticipations • Letter to Credit Unions 08 – CU – 26  Supervisory Letter Attached to Letter  Examiner Guide Attached to Letter www.rtefs.com
  • 24.
    GUIDANCE www.rtefs.com
  • 25.
    Guidance • Letter toCredit Unions 01 – CU – 20 • Letter to Credit Unions 07 – CU - 13 • Letter to Credit Unions 10 – CU – 26 • Examiner’s Guide – Information Systems and Technology  http://www.ncua.gov/Legal/GuidesEtc/ExaminerGuide/ Chapter06.pdf www.rtefs.com
  • 26.
    Checklist for Management •Request a list of vendors that the credit union has today. • Request a statement on the due diligence performed today on vendors. • Compare against what you have learned here. • Do the policies and procedures need to be updated? www.rtefs.com
  • 27.
    Checklist for Management •Alert all areas of the credit union you require a report on any new vendors • Prepare a list of questions for the report:  Vendor Name  Vendor function  Due Diligence performed  Issues in due diligence assessment  Recommendation www.rtefs.com
  • 28.
    The Future • FinCENANPR on enhanced Customer Due Diligence (CDD) – March 2012 • Do we think this is the last we will hear of Vendor Due Diligence?? www.rtefs.com
  • 29.
    Questions?? www.rtefs.com
  • 30.
    Resources • IT DueDiligence Guide – Checklist • FFIEC IT Handbook and Guidelines www.rtefs.com
  • 31.
    THANK YOU • Gary Hess • President, RTE Financial Services • 1-320-260-0135 • Gary.hess@rtefs.com • www.rtefs.com www.rtefs.com