Venminder's third party risk experts simplify points from one of the industry's best checklists and most prescriptive set of vendor oversight standards - the FDIC's FIL-44-2008. We'll discuss guidance on performance monitoring, and explain how to implement them into your own vendor oversight strategy.
Welcome to this week’s Third Party Thursday! My name is Branan Cooper and I’m the Chief Risk Officer here at Venminder.
Let’s talk a bit about third party oversight. What exactly does that mean?
Well, if you were to Google it, I’m betting you’ll first see the NCUA guidance from 2007 that perhaps began the notion that financial institutions needed to do some ongoing review of the companies with whom they have an outsourcing arrangement.
Little did I know at the time, but the need for oversight would later be baked into much more thorough expectations in regulatory guidance. The nature of the oversight should be dictated by the product or service provided.
Perhaps the best checklist or most prescriptive set of oversight standards was laid out in the FDIC’s FIL 44 2008 - though please note, if you’re doing business with a payment processor or merchant there are also some specific transaction monitoring standards identified in FIL 3 of 2012 but before we narrow the lens too much, let’s go back to 44 of 2008 and touch on each of the bullets, quoting directly from the guidance.
Performance monitoring should include, as appropriate, the following:
So, there you have it, a perfect recipe, which you can customize as needed, for oversight of your third parties. Again, I’m Branan and thank you for watching! Don’t forget to subscribe to the Third Party Thursday series.