Go to:

May 2018
< Apr Jun >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

We All Need an Extra Set of Hands: Outsource!
Wednesday, August 31, 2016 6:40 AM

Steve Gibbs, CUCE, BSACS, AVP Shared Compliance, Credit Union Resources

Today’s reality is that compliance has become more than a handful for those responsible for seeing that it is monitored and maintained.  Increased emphasis on assessing risk and proactivity has Compliance Officers stressed out and overworked.  Fortunately, there is a solution that is becoming more prevalent and accepted – outsourcing.  In an environment in which regulations are introduced and changed frequently by numerous agencies, compliance professionals need backup to handle special issues while they manage the day-to-day compliance operations.  There are many groups “hanging out their shingles” specializing in compliance.  Credit union professionals should make sure that they align themselves with the vendor that best serves the credit union’s needs.

Credit union management should strongly consider the following when entering into outsourcing relationships:


  • Is this vendor approachable and easily communicated with?
  • Is pricing reasonable for the market and services provided?
  • Technical and industry expertise
  • Assess experience
  • Identify the necessity for supplemental expertise
  • Evaluate any third parties or partners used
  • Is additional hardware, software or changes to the system necessary?
  • Worst-case scenario: how will the service provider react?
  • Contact references to determine the service provider’s reliability.
  • Who will be working with the credit union from the service provider’s staff?
  • Consider visits to the service provider’s operations or support location.
  • Operations and controls
  • Do the provider’s policies and procedures support regulatory requirements?
  • Security: is it sufficient to protect credit union information?
  • Has the service provider made audit reports available for review?
  • Is there access to all necessary information?
  • Is there knowledge of regulatory issues and requirements?
  • Is the service provider insured?

Risk Analysis:

  • Does the service meet the credit union’s strategic goals, objectives, and business needs?
  • Can the credit union effectively monitor and assess the outsourced activities?
  • Importance and criticality of the outsourced services;
  • Specifications for services should be identified;
  • Credit union controls and reporting processes should be in place;
  • Contractual obligations for the service provider should be easily understood;
  • Ongoing monitoring for consistency and performance including regulatory requirements for business lines and technologies used as well as contingency plans.

Due Diligence

In addition to determining exposure to risk, management should focus on due diligence factors in making its selection:

  • Planning: Are activities consistent with overall business strategy and risk tolerances?
  • Background Check: How has the vendor performed in other relationships?
  • Legal Review: Has adequate legal counsel reviewed contracts?
  • Financial Review: Is the vendor financially stable?
  • Return on Investment: Less of an issue with compliance.
  • Insurance Requirements: Has management reviewed insurance coverage and is the vendor covered by its own insurance?
  • Policies and Procedures: Are they sufficient to ensure performance by the service provider?
  • Staff Oversight: Is appropriate staff assigned or responsible for monitoring?


  • Financial condition.
  • Review recent audited financial statements and related materials.
  • Determine level of time provider has been in business.
  • What effect will relationship have on the provider’s financial condition?
  • Determine extent to which the provider has reinvested in itself, with regard to resources in performing its duties.