Vendor Management: Selection and Oversight
August 17, 2018
For financial services, in the past, third-party vendors were considered satisfactory if they met performance targets and stayed within budget. However, this outlook has shifted to an expectation that third-party vendors need to be managed just as closely as internal operations from both a regulatory compliance and performance standpoint.
Although it is often an appropriate business decision to use third party vendors, especially for areas like data entry, telemarketing, and collections, all institutions must recognize how the processes and procedures they and their partners perform affect their customers or their business directly.
The selection and oversight of third party vendors requires a robust process to ensure ongoing compliance with all applicable federal and state laws and that the interests of consumers are protected.
Over the last several years, vendor risk management has become an increasingly important focus for those in the financial services industry. This focus has largely been driven by scrutiny from both prudential regulators and consumer protection focused groups (e.g. CFPB, Attorneys General).
At Bridgeforce, we have developed a framework to help our clients effectively bolster or implement their third-party vendor management capabilities, primarily for collection agencies, attorney networks, and debt buyers (although not quite vendors – similar monitoring is required). We recommend that the framework defined for these high-risk vendor types is utilized across the credit life cycle.
In the full white paper, Vendor Management: Selection and Oversight of Third-Party Vendors, best practices and insights related to the key components of an effective vendor risk management framework are detailed. While this document was created a few years ago, the standards and best practices we recommend stand true today. The vendor risk management framework components include:
- Risk Assessment;
- Due Diligence;
- Contract Structuring; and