As you are well aware, Vendor Management at your bank or credit union is not an optional activity.
And, while you cannot outsource the risk, you can outsource the work to assess the risk. If you’re struggling to check all the boxes with your in-house resources, then it may be time to consider outsource resources to assist with the heavy lifting.
By regulation you are required to understand the risk each vendor represents to you and your customers and then, through proper oversight, do all that you can to reduce the risk.
There’s a lot of work involved to do this properly. It begins before you hire the vendor and must continue throughout the life the relationship. For your most critical vendors, you should (at a minimum) be gathering all the right due diligence documentation on an annual basis, analyzing each document and then reporting your findings to management, the board and your examiners.
This would include the vendors financial statements, their SOC report, their BCP documentation, cybersecurity documentation, insurance certifications, policies (red flag, GLBA, etc)….the list goes on.
You should ask yourself these 3 questions when contemplating the tasks involved in accomplishing this work (and remember, the work is not optional):
- Do I have enough resources in house to complete this work?
- If I use in house resources, is that the best use of their time?
- Do my in house resources have the right qualifications to do the work well?
If you answered no to any of the 3 questions above, then it may be time to consider outsourcing some of the work. However, is it affordable? How do you find the right partner? How do I convince my management and the board this is the right path for us to follow?
If you’d like to learn more about Venminder click here to request a demo.