Why Vendor Document Management Is Essential to Your Third-Party Risk Program

How often do you check your oil in your car? The air pressure in your tires? Do you take your car in for routine maintenance? Or do you ignore everything until a warning light appears on the dashboard? Do you take the time to figure out the mysterious creaking sound coming from the back of your car?

In vendor management, these creaks could be early warning signs of trouble – do you occasionally find third parties you weren't aware of? Are there due diligence items that are out of date? When's the last time you discussed the program with your board? These are all kinds of things to think about and if the squeaky wheel needs some oil, there's no better time than now.

4 Steps to Manage Your Documents

The same is true for your vendor management documents. Make sure you:

1. Review them occasionally.
   For example - are your required licenses or insurance certificates accurate and still in place?
2. Check to be sure they are all up to date. 
   As an example - are you reviewing the current financial reports? Is their SSAE 16 report the most current available version?
3. Attend to anything that needs adjusting. 
   Has your vendor recently changed owners or moved to a different location? Is there a new product line that may detract from their service to your institution? If so, does your risk assessment reflect this change?
4. Are ready to take it all apart and revamp it when regulations change or even when there’s an enforcement action in the news that may cause you to question the way in which you are doing something. 
   Are they prepared for the prepaid rule? Have you looked at your own documentation to be sure it's in line with the new OCC supplemental examination manual (OCC Bulletin 7-2017)?

Maintenance Involves Attention to Detail

Details are important. Missing a minor issue can lead to greater problems down the road – paying attention to small areas of concern can make all the difference – you spend a couple of thousand hours a year at work, you should be just that familiar with your program – where’s that annoying creak? Check it out – it may save you many headaches in the future.

A few common things to pay attention to:

• Is your third party risk program up to date and board approved?
• Have you incorporated recent guidance?
• Have you made sure that what you have in writing is accurate in describing your actual work product?

If any of these sound like familiar concerns, please act on them now - the possible consequences of consumer harm, bad exam results and many others can readily be avoided with a little routine maintenance. 

For additional help in navigating down the road of vendor management, download our infographic. Steer clear from 7 dangerous potholes.