Go to:

April 2019
< Mar May >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Examiners Reportedly Focus on Vendor Relationships; Gibbs Offers Tips to CUs
Friday, September 27, 2013 6:50 AM

Outsourcing critical bank functions in an effort to save money could come back to bite some community banks, reports the South Florida Business Journal. Vendor management is one of the issues they are looking at as a potential operational risk for community banks in the U.S., according the Sept. 26 report.

This examination can relate to information technology, or check processing or a whole host of outsourced activities used to reduce operational expenses. Concerns about cyber security and data breaches are part of the reason regulators are keeping a close eye on the issue, particularly for community banks, which tend to use third party providers instead of hiring expertise full-time in-house.

Steve Gibbs of Credit Union Resources’ Shared Compliance Resources notes that third-party vendors are playing an increasingly important role in the credit union industry as credit unions strive to become more competitive and expand member services. When using third vendors, Gibbs says credit unions should consider the following:


When a third party vendor is reviewed, there should be expectations for this potential relationship that are understood and documented by management.  Criticality of relationship is another factor that may affect decisions on whether or not to retain a particular company.  Ultimately, there should be competent staff to deal with the vendor; the cost-benefit relationship should be advantageous for all parties; insurance should be in place to mitigate any liability; impact on members should be positive.  As with any relationship, leaving a desirable format for exit may prove beneficial at some future time.

Risk Assessment

It appears that risk assessment is tied-in to many sectors of operations and due diligence is no different.  Every risk factor should be analyzed and methods of mitigation outlined.  Recognizing risk early is the best way to manage it.

Financial Projections

A third party vendor’s effect on the bottom line is a very crucial decision factor.  Forecasting potential financial outcomes, taking into account return on investment, expected revenues, and costs (direct and indirect), provide a financial “road map” of potential financial problems or issues that might arise. Additionally, the decision to engage a third party should be evaluated in context of the credit union’s strategic plan and overall asset/liability management framework.  Reasonableness, past performance, business plan objectives and risk profile are among items to be taken into account.

According to Gibbs, basic due diligence should include (at the very least):

  • Background Check – organization, financial data, experience, past litigation, references, and any other items pertinent to the vendor.
  • Business Model – vendor’s business plan, responsibilities, other relationships, and conflicts.
  • Cash Flows – understanding the process of cash flowing from member to vendor to credit union and reporting on this.
  • Annual audit tests – accounting considerations and infrastructure, compliance with Generally Accepted Accounting Principles (GAAP) and CPA guidance.
  • Financial and Operational Control Review – fulfilling contract commitments, audited financials or information from other sources, requirements for Independent Audits, other reviews in contract, risk profiles, internal controls, and complexity.

Credit Union Resources offers compliance services to credit unions, and such services include:

  • Shared Compliance Resources
  • Website Compliance Reviews
  • Due Diligence for Vendors/Third Party Service
  • Policy Review and Development

For additional information, please visit