Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Card Network Providers - Vendor Program Scope

    Posted 02-26-2021 07:26 PM
    We recently received an FFIEC examination report for one of the top card payment network providers from our federal regulator. Our current Vendor Management policy states payment card licensing network providers (i.e. VISA, MasterCard, etc.) are out of scope. However, we are questioning if we can still call them out of scope now that we received the examination report.

    How are other banks treating card network providers? Are they within scope and if so, how are you risk rating them and what type of due diligence are you requesting/obtaining? Have you been able to collect due diligence documentation?

    Thank you in advance for your feedback!

    Colleen


  • 2.  RE: Card Network Providers - Vendor Program Scope

    Posted 03-01-2021 09:16 AM
    Our credit union keeps the credit card services at a high risk & we complete a periodic review of their documentation annually.  They have been fully cooperative with providing the necessary documentation to complete a full evaluation.