NAFCU Services Blog

Feb 23, 2016

3 Critical Stages of Third-Party Vendor Management

By Vanessa Stanfield, Insurance Solutions powered by Affinion

Did you know your credit union could be responsible for the performance of your vendors? No credit union wants to encounter regulatory trouble or face reputational risk; especially as a result of vendor activities. It’s because of that fact that vendor management due diligence is a topic of increasing importance.

But what is the right way to go about choosing a third party vendor? The National Credit Union Administration (NCUA) has provided clear direction regarding vendor due diligence. Additionally, the NCUA has deemed the following areas as critical in third-party vendor management: Risk Assessment & Planning, Due Diligence, and Risk Measurement, Monitoring and Control.

Risk Assessment & Planning

Risk Assessment

Prior to engaging a third-party relationship, assess the current risks and document how the vendor will relate to your credit union’s strategic plan. When conducting a comprehensive risk assessment, the key areas of focus are credit, interest rate, liquidity, transaction, compliance, strategy, and reputational risk. In this discovery phase, your credit union can identify the current risks and establish expectations of the new relationship.

Due Diligence

There are four fundamental due diligence elements to consider when choosing a vendor: organizational, business model, financial health, and program risks. In these areas, your credit union can assess what degree of due diligence is required.

But remember- not all vendors are created equal. More complex vendor relationships with more risk will typically require increased due diligence; less complexity and risk means less rigorous due diligence. For a comprehensive report and the five key due diligence questions, you need to ask your vendors, read the full whitepaper here.

Risk Measurement, Monitoring, and Control

Credit unions must be able to continually measure performance and risk throughout the relationship with the vendor. To do this, your credit union should clearly outline the vendor's responsibilities and policies before taking on the vendor. In the end, this will allow for proper vendor performance management so that you can ensure expectations are being met.

Credit unions should not think of vendors as a third party, but as an extension of their organization. Because of this, it is important to consider the three critical areas above when deciding on a vendor. As the NCUA has conveyed, the utilization of vendors does not in any way diminish the credit union’s level of responsibility and for that reason, credit unions should carefully select their vendors.

What Should We Ask Our Vendors?



To be confident that the vendor’s management programs are the right fit, credit unions must discuss the vendor in great detail and ask the hard questions. Failure to conduct thorough due diligence and effectively monitor these vendors place the credit union at risk. Again, not all vendor relationships call for the same level of due diligence and ongoing monitoring, but in order to determine what level is necessary, there are key questions that your credit union must contemplate.

For an in-depth look at the five key due diligence questions that credit unions must ask when selecting a third-party vendor read the full whitepaper here.

_______________________________________________________________________

InsuranceSolution_4CAffinion is the NAFCU Services Preferred Partner for AD&D Insurance

About the Author