Policy, Program and Procedures

 View Only

  • 1.  Vendor File - Contracts and Due Diligence Retention

    Posted 10-09-2019 08:19 AM
    Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

    Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

    I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

    I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

    Have other FI's taken this full "paperless" approach to third-party vendor risk management?

    Any comments/feedback is greatly appreciated!

    Thank you!


  • 2.  RE: Vendor File - Contracts and Due Diligence Retention

    Posted 12-17-2019 02:40 PM
    Hello, I am also curious if anyone is aware of retention requirements as our organization is implementing retention schedules and I have been asked to come up with something for the due diligence documents. We have elected to keep contracts for 7 years AFTER the relationship is terminated, this was recommended by our legal group but I am not sure where they came up with that. We are mostly paperless in our process, I have my questionnaire and assessment documents created in PDF and form fillable with digital signatures so we don't have any physical files. Everything that is physical for whatever reason is scanned and saved in folders on our network as well as the software we use for vendor management.   ​
    Original Message