Evaluating Vendors
Last week, NCUA issued Letter to Credit Union 07-CU-13 to federally-chartered credit unions so that they have the same guidance that is provided to NCUA field staff about evaluating credit union relationships with third parties.
The letter goes into detail regarding how credit unions should address the following three areas when dealing with third parties: 1) risk assessment and planning; 2) due diligence; and 3) risk measurement, monitoring, and control.
This guidance is a good road map for FCUs to use when evaluating vendors. Here's another thought: NCUA does not issue guidance, such as this, for no reason. They expect you to read this. It would therefore be a smart move to document how your vendor evaluation processes complies with this guidance.