Copyright © 2014 Lender Performance Group, LLC. All rights reserved.

Managing risks associated with third-party relationships,

in other words Vendor Management

Presenters: Joel Rosenberg, CFA Chris Nelms, CISM, CRVPM

loan pricing & profitability management solution

Lender Performance Group LLC Confidential Material 2

Vendor Management

• OCC guidance issued late 2013• Appendix J by FFIEC• Vendor Management, referred to as third-

party service provider (TSP)• Comprehensive risk management and

oversight

Lender Performance Group LLC Confidential Material 3

Use of third party vendors (TSP) increasingly complex

• Outsourcing entire departments• Outsourcing business lines• More Traditional Activities• Issues:• Customer Contact• Domestic and/or foreign subcontractors

Lender Performance Group LLC Confidential Material 4

Vendor Management Life Cycle

Lender Performance Group LLC Confidential Material 5

5 steps in Risk management Life Cycle

• Developing a plan• Review of TSP pre-contract• Contract - expectations and responsibilities • Monitoring• Termination• Parallels to the lending process, new loan

product introduction

Lender Performance Group LLC Confidential Material 6

Parallels to what an Institution does in introducing a new loan product

• Planning • Due Diligence- Underwrite the 5 C’s http://

lenderperformance.com/topics/vendor-selection/

• Contract Negotiation-Loan Documentation • On Going Monitoring- Credit Analysis, ROE• Termination- Loan Paid or other options

Lender Performance Group LLC Confidential Material 7

Planning• TSP Management• Strategic purposes• Compliance aspects• Complexity• Potential information security implications• Inherent risks of using vendors • Board presentation and approval of critical

activities

Lender Performance Group LLC Confidential Material 8

New Loan Program Parallel- Planning

• Market and need• Customer interaction• Compliance aspects • Inherent risks -Credit, IRR, Regulatory • Administration

Lender Performance Group LLC Confidential Material 9

Due Diligence- TSP

• Vendor’s business strategy• Licenses, fidelity bond coverage • Financial condition• Resources and experience• TSP fee structure and incentives• Information security programs • Reliance on subcontractors

Lender Performance Group LLC Confidential Material 10

Due Diligence- Loan Program

• Underwriting Criteria• Type of borrower • Financial condition• Experience• 5 C’s

• Underwrite in-house or TSP

Lender Performance Group LLC Confidential Material 11

Contract Negotiation- TSP• Nature of Arrangement• Performance Measures or Benchmarks• The Right to Audit (SSAE 16, SOC1, SOC 2,

SOC 3 reports)• Cost and Compensation• Business Resumption Plans• Dispute Resolution• Default

Lender Performance Group LLC Confidential Material 12

Contract Negotiation- Loan Program

• Provisions and terms• Pricing methodology (ROE targets)• Default• Performance Measures• Report requirement

Lender Performance Group LLC Confidential Material 13

Ongoing Monitoring - TSP

• Bank’s risk operation• Critical activity• Regular on site visits• Vendor controls, service-level agreements • Key personnel and retaining essential

knowledge • Subcontractors –reliance and performance

Lender Performance Group LLC Confidential Material 14

Ongoing Monitoring – Loan Program

• Periodic client reports• Spreading the financials• Collateral monitoring• Regular on site visits• Client key personnel changes

Lender Performance Group LLC Confidential Material 15

Termination- TSP

• The bank may terminate third-party relationships

1. expiration or satisfaction of the contract2. bring in alternate TSP3. in-house4. breach of contract

• In-house option, planned or not:1. capabilities, resources, and the time frame 2. risks - data retention and destruction3. handling of joint intellectual property 4. reputation risks

Lender Performance Group LLC Confidential Material 16

Termination- Loan Program

• Ending the Loan Program• Foreclosure experience• All existing loans pay off• Sale or transfer

• Reputation Risk• Personnel Considerations

Lender Performance Group LLC Confidential Material 17

Oversight and Accountability

• Board of Directors• Effective process is in place • Approve the bank’s risk-based policies • Review due diligence• Approve contracts that are critical activities

• Senior Bank Management• Implement the bank’s TSP plan or Loan Program

operation• Due diligence• Review and approve contracts/loan documents • Ensure periodic independent reviews• Oversee ERM

Lender Performance Group LLC Confidential Material 18

Oversight and Accountability

• Bank Employees• Conduct due diligence• Perform ongoing monitoring • Escalate significant issues• Tested controls in place • Maintain appropriate documentation • Respond to material weaknesses

Lender Performance Group LLC Confidential Material 19

Independent Reviews

• Ensure that periodic independent reviews are conducted• Reviews should assess :• ensuring third-party relationships and loan

program align with the bank’s business strategy• risks • material breaches and service disruptions• identifying and managing concentration risks • ensuring that conflicts of interest do not exist

Lender Performance Group LLC Confidential Material 20

Vendor Management (TSP)• Vendor Management is your first

line of defense against security breaches.

• Stop the checkboxes! • Create a program

Lender Performance Group LLC Confidential Material 21

Vendor Management

• Obtain Executive Sponsorship• Create a vendor management Committee. • Create a centralize vendor management

program. • Gain buy-in!

Lender Performance Group LLC Confidential Material 22

Vendor Management

• Create a vendor inventory • Categorize all vendors• Remove the silo

Lender Performance Group LLC Confidential Material 23

Other Sources

Lender Performance Group LLC Confidential Material 24

Questions

Presenter: Joel Rosenberg and Chris Nelms

Contact: support@Precisionlender.com or jrosenberg@Precisionlender.com

cnelms@Precisionlender.com

Phone: (980) 297-7100