For us, it depends on what information the lead generator is sending. If they have collected NPPI, we perform a full due diligence and collect information similar to what you listed. If it's more of a "bulletin board" type lead generator and all that is there is the potential client's name and contact info and everything else is done over the phone, we collect very little information. Most of our lead generators are coming in either moderate or high, again depending on what information they are collecting and sharing.
Barb Peryer
Senior Vice President
Third Party Risk Management and Sourcing Operations Manager
------Original Message------
This message was posted by a user wishing to remain anonymous
Good Morning,
Does anyone have a separate Lead Generator Vendor Due Diligence checklist that you would be willing to share with me and the group. And if you could possible share what risk rating a lead generator would normally fall under (High, Medium, Low) I have been requesting that the Lead Generator vendors provide the normal vendor management items and have been getting push back from the stakeholders. They seem to think that I am asking for way to much, then what is really needed. It would be nice to see what others are doing. (list of items requesting: Tax ID, State of incorporation, Broker/Lender License, Secretary of State check, OFAC, Conduct Check of BBB and CFPB Complaint Database, Financials, SSAE 19 SOC reports, General Liability/Cyber Insurance, Policies and Procedures)
Any Feedback would be greatly appreciated.