Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Attorneys for Loans

    This message was posted by a user wishing to remain anonymous
    Posted 07-10-2024 09:16 AM
    This message was posted by a user wishing to remain anonymous

    Our bank has a number of attorneys we work with for loan closings. We are looking to onboard an attorney for our commercial loan department. This would be the first time we are onboarding an attorney for this purpose. Has anyone been in this situation. What approach to due diligence and risk assessment was taken?

    Thanks!



  • 2.  RE: Attorneys for Loans

    This message was posted by a user wishing to remain anonymous
    Posted 07-10-2024 11:04 AM
    This message was posted by a user wishing to remain anonymous

    Hard to tell from question if the "attorney" is a solo practitioner, part of a larger law firm (both of which would be third party vendors) or a new hire. The below addresses the first two possibilities.

    In addition to any existing third party procedures, worth researching the firm (and the attorney(s) that would be doing the work) on your state's bar association (or equivalent licensing agency's) website. You're looking for (a) they're licensed to practice law and (b) no disciplinary history (or none that troubles your firm). Suggest you require an engagement letter (any reputable law firm has and uses one). Ask about their malpractice insurance.

    You'll find that law firms don't like the "how's your system for preventing ransomware, other hacking etc." set of questions. The large majority of firms will, at most, provide an attestation that they have a system to prevent such things. They likely won't have or share SIG report and will raise attorney client privilege as their fundamental duty to protect information.

    You should not be surprised when the attorney(s) push back harder on your requests than most outsourced service providers. 

    Finally, different from many other third party relationships, this attorney likely is better known by your business people than most third party relationships. Prepare for stiffer pushback from your internal people too. This attorney likely does what they want and need and is not something/someone that just happened along. (Again: a generality. But that's my experience.)

    Good luck.




  • 3.  RE: Attorneys for Loans

    Posted 07-10-2024 11:20 AM

    Thank you for your response. This approach is very helpful. And yes, attorneys can be especially difficult.




  • 4.  RE: Attorneys for Loans

    This message was posted by a user wishing to remain anonymous
    Posted 08-05-2024 07:51 AM
    This message was posted by a user wishing to remain anonymous

    Very timely that I'm seeing this because I've been trying to enhance our due diligence on cybersecurity for this type of vendor.  We did develop an addenda that we have any attorney/law firm sign that states that they have controls in place to maintain confidentiality/safeguarding of information, includes a privacy disclosure, incident response notification requirements and a clause about background checks.  We don't have too many people who push back on it.  




  • 5.  RE: Attorneys for Loans

    Posted 08-05-2024 09:33 AM

    I would also look into getting a comprehensive Cyber Liability Insurance policy if you don't have one already to cover any court costs/damages or business loses that may arise



    ------------------------------
    Michael DeFelice, MBA, CRIS
    ------------------------------



  • 6.  RE: Attorneys for Loans

    Posted 08-06-2024 09:18 AM

    I can share with your the suite of due diligence documentation that we send out for our corporate litigation firms if you would like to cobble from it to meet your needs. We risk tier our firms by file counts and spend- The fewer files the less risk of widespread impact if they experience a breach.  The greater the files the higher the risk.  If you want to reach out to me directly I can send you what we send out to those firms to review. 



    ------------------------------
    Jenn Wilkinson
    Vice President
    Third Party Risk Management
    Cenlar FSB
    [Email has been removed by the Community Manager for privacy reasons. Please reach out to the community member by sending a direct message. To send a message, click their name to be redirected to their profile.]
    ------------------------------



  • 7.  RE: Attorneys for Loans

    Posted 08-07-2024 01:09 AM

    Hi Jennifer, Are you happy if i email you on this?  I am currently building a new TPRM program for Broker company which involves a lot of M&A, so trying to navigate how we apply our due diligence in the legal counsel space. 




  • 8.  RE: Attorneys for Loans

    Posted 08-07-2024 06:55 AM

    Hi- Sure-  I can send you the two assessments that we use for our corporate litigation firms. 

    Have a great day! 



    ------------------------------
    Jenn Wilkinson
    Vice President
    Third Party Risk Management
    Cenlar FSB
    [Email has been removed by the Community Manager for privacy reasons. Please reach out to the community member by sending a direct message. To send a message, click their name to be redirected to their profile.]
    ------------------------------