Large Bank Supervision Forum eBook

Internal Use Only

Proper Due Diligence must occur BEFORE selecting and entering into a contract or relationship . . .

 The degree of due diligence should be commensurate with the level of risk and complexity of each third-party relationship. Typically, due diligence factors include the following: 1. Strategies and Goals 2. Legal and Regulatory Compliance

3. Financial Condition 4. Business Experience 5. Fee Structure and Incentives 6. Qualifications and Backgrounds of Company Principals 7. Risk Management 8. Information Security 9. Management Information Systems 10. Operational Resilience 11. Incident Reporting and Management Programs 12. Physical Security 13. Human Resource Management 14. Reliance on Subcontractors 15. Insurance Coverage 16. Conflicting Contractual Arrangements with Other Parties

75

© 2023 – FinPro, Inc.

Internal Use Only

Contracts should clearly specify the rights and responsibilities of each party to the contract . . .  Banks should typically consider the following factors during third-party contract negotiation: 1. Nature and Scope of Arrangement 2. Performance Measures or Benchmarks 3. Responsibilities for Providing, Receiving, and Retaining Information 4. The Right to Audit and Require Remediation 5. Responsibility for Compliance with Applicable Laws and Regulations

6. Cost and Compensation 7. Ownership and License 8. Confidentiality and Integrity 9. Operational Resilience and Business Continuity 10. Indemnification 11. Insurance

12. Dispute Resolution 13. Limits on Liability 14. Default and Termination 15. Customer Complaints 16. Subcontracting 17. Foreign-Based Third Parties 18. Regulatory Supervision

76

© 2023 – FinPro, Inc.