Third-Party Review, Vendor Due Diligence, Facilities Inspection, and Web Link Monitoring

Vendors and suppliers can make you money, but the wrong one will cost you a bundle!

Examining the companies, facilities, and owners will protect your reputation, decrease losses, and improve your profitability.

Web Linking
For the past two years, US banking regulators have universally recommended that financial institutions examine their web linking to assure safe, legitimate referrals and vendors. These notices, such as OCC Bulletin 2001-31 emphasize the risks inherent in representing other companies via the web.

Timely and accurate web link reporting can become delayed because of the many layers of management between an institution's internet group and the compliance department. Hidden or dead links, unknown to your staff, might contain outdated, incorrect, and potentially litigious information.

You must then assure these parties are vetted properly by your security group, whose members might not be knowledgeable of current privacy legislation and financial industry bulletins.

Commercial Business Intelligence solves these problems by offering monthly or quarterly auditing of your links. When you sign up for an annual audit plan, your compliance officer automatically receives a scheduled report that reflects current and complete link status of your site, as well as dead or hidden pages.

Third Party Review
CBI provides due diligence and verification services of third-party vendors (required under Gramm-Leach-Bliley by 2002). Under caveat emptor doctrine, a legal action involving an unscrupulous supplier or vendor dispute may be dismissed if your institution failed to adequately review its relationship. Even worse, a vendor's actions could very well be attributable to the bank itself, leading to legal and financial responsibility.

The OCC, in a bulletin specifically addressing third party risks, (OCC Bulletin 2000-9) states that:

"Management and the board should conduct comprehensive due diligence to determine what third-party services or products can best help the bank achieve its goals."

"Additional due diligence efforts should involve a thorough evaluation of all available information about the third party, to include reviewing:

  • Business reputation, complaints and litigation (references, Better Business Bureau, state attorneys general offices, state consumer affairs offices, etc);
  • Financial condition of the company and significant principals;
  • Qualifications, backgrounds, and reputations of company principals;
  • Cost of development, implementation, and support;
  • Internal controls and recovery process (where appropriate);
  • Service agreements to determine if the level of support is reasonable;
  • Vendor and bank management responsibilities; and
  • Marketing materials to determine how the bank's name will be associated with the product.

    A periodic review also helps weed out incompetent and illegitimate businesses that may ultimately cost you more for goods and services. Is the business owner a convicted criminal? Have they been sued numerous times by other financial institutions and companies? Are they known for weak security and employee problems? CBI will uncover these hazards and allow you to decrease your risk.

    Office Inspections
    You're located in California, but your vendor is in Tucson. The vendor maintains confidential customer information, but is it safe? How do you evaluate their physical security? Are the facilities in a high crime area?

    CBI maintains resources and relationships around the world to provide you with affordable onsite inspections in nearly every locale. Photos, security surveys, and employee profiles will minimize your risk exposure. A picture is worth a thousand words. A bad vendor, on the other hand, could cost your bank hundreds of thousands of dollars, as well as its reputation.

    CBI provides many affordable choices for risk reduction, analysis, and prevention.

    Contact CBI today!.