Vendor Due Diligence
Regulatory bodies expect financial institutions to practice effective risk management regardless of whether they perform the activity internally or through a third party, and this includes vendor due diligence. According to the Bulletin of the OCC, an effective, third-party risk management process follows a continuous life cycle for all contractual relationships and incorporates the following phases:
- Planning
- Due diligence and Third-Party Selection
- Contract Negotiation
- Ongoing Monitoring
- Expiration/Termination
As institutions consider an allowance solution to use for the expected loss model, there may be other criteria to consider, including readiness, responsiveness and flexibility with the third party.