(270) 506-5140 CONTACT US
Fourth Party Vendors

How you should treat 4th party vendors

Aug 3, 2016 by Branan Cooper

Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!

What in the world is a fourth party vendor and why should you pay close attention?

What is a 4th party vendor?

A fourth party vendor is generally your third party's third party. Your financial institution doesn’t have a direct contractual relationship with the fourth party, but your third party likely does. It’s an emerging area of significant focus, particularly if that fourth party has a role in the delivery of your institution’s products or services to your customer.

An Example?

Perhaps the easiest example is a fourth party call center. You have an issuing agreement for a prepaid card program and they use an outsourced call center. You can certainly understand why you need to include them in your scope of review, due diligence, risk assessment and monitoring - they are speaking to your customer and have access to your customer's information! 

What do you do with them?

There are certainly challenges in trying to manage fourth parties. Since you don’t have a direct contractual relationship, it’s often hard to get access to the due diligence documents you need. It’s even harder if you find something you believe needs to be changed or improved.

Fortunately, you don’t need to worry about all of your third parties’ third parties, but you should know about ones that are critical to their business or have access to your customer's data. To receive appropriate information about those fourth parties, you will most likely need to work through your third party. Hopefully they've got robust due diligence practices and strong contractual ties.

So, to manage your fourth parties, you should:

  1. Routinely ask your third party for a list of their critical vendors
  2. Request that your third party keep you apprised of any changes or concerns with those critical vendors - your fourth party vendors
  3. If you would like, you could require your advance approval of changes related to the most critical ones, the ones that "touch" your customer or your customer's data
  4. Review your third party's policies around oversight of their outsourced services

Overall, the key to vendor management really goes back to the idea of building a strong working relationship in which both companies know what is expected of one another and a willingness to deliver

Now after learning more about fourth parties, hopefully your plate looks more manageable again. 


Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog