Vendor Management and Oversight
Growth through Oversight and Mitigation
Against the backdrop of heightened investigations and enforcement actions, the Collingwood Group’s Vendor Management and Oversight team helps clients comply with third party vendor management requirements in an ever-changing regulatory environment.
An overall objective of our services is to provide our clients with a detailed roadmap to ensure on-going regulatory compliance and to mitigate enterprise, operational and reputational risk associated with their utilization of third party vendors. We focus on all third party vendor activities and outsourced functional business areas, with particular emphasis on those vendors who interact directly with consumers or whose functions potentially impact an institution’s safety and soundness assessment.
We assist our clients to enhance their understanding of, and operational readiness regarding, applicable regulatory guidance published to date by:
- The Federal Reserve
- The Office of the Comptroller of the Currency
- The Federal Deposit Insurance Corporation
- The Consumer Financial Protection Bureau
- The Federal Financial Institutions Examination Council
As a Washington, DC based firm, The Collingwood Group provides clients up to date industry knowledge of and business intelligence regarding the evolving financial services regulatory landscape, DC relationships and the benefit of routine interactions with regulators, in additional to significant and practical hands-on experience selecting, managing and overseeing third party vendor relationships.
Compliance Obligations and Requirements
It is no longer sufficient for financial services firms to simply qualify third party service providers. Today, financial services firms (including many non depositories who previously were not subject to regulatory oversight) are required to qualify, diligence and actively monitor their third party service providers for ongoing compliance with applicable statutes and regulations. These compliance obligations are particularly heightened in connection with the utilization of third party service providers who interact directly with consumers, as they relate to UDAAP, the ability to comply with applicable consumer laws and the protection of consumer data, and in those instances where third party vendors perform critical functions which may impact an institution’s potential safety and soundness assessment.
To satisfy these evolving requirements, companies should have in place enterprise level business and technology policies, processes and systems specifically designed to ensure the consistent performance of third party oversight activities, including vendor selection, qualification and diligence, risk assessment, on-going monitoring, internal training and compliance with published standards.
To ensure compliance as regulatory standards evolve and business grows, companies should conduct periodic audits and obtain annual certification of the adequacy and efficacy of their vendor management and oversight functions.
The Collingwood Group’s Vendor Management and Oversight team’s services include:
- Analysis of overall vendor management compliance programs, including initial risk assessments performed in connection with outsourced relationships, and the processes and guidelines for the selection, evaluation and monitoring of third party service providers and their performance.
- Detailed assessments of processes and procedures to mitigate risk, including how material changes to critical business conditions are monitored, reported and acted upon (e.g., material changes to financial condition, revocation of applicable licenses, management changes, conformity to third-party standards such as SSAE)
- Evaluating technology enabled compliance tools regarding such issues as system and data security, scalability, reliability, redundancy, consistency and effectiveness.
- Reviewing employee training programs, as well as evaluating adherence to published standards.
- Advising corporate boards on overall third party vendor management responsibilities, risk assessment, on-going monitoring and results.
- Conducting independent evaluations and periodic audits of vendor reporting and oversight programs.
- Assisting companies prepare for and respond to CPFB examinations and investigations.