Here is the contract language I use as a starting point for third party contracting. I pull some of the language in or out based on the nature of the good/service being provided:
Due Diligence. X shall have the right at its sole discretion, at no additional cost to X and not more frequently than once per twelve (12) month period, to perform reasonable due diligence on the Company pursuant to (insert applicable guidance/regulation)
including but not limited to requesting: annual financial statements, insurance coverage/certificate, SSAE18 report inclusive of User Entity controls, external penetration testing results, data encryption procedures, business continuity/resumption plans and disaster recovery testing results. The Company its officers and employees shall provide information and reasonably cooperate with X in connection with any due diligence request. Failure to provide such information within ninety (90) days will be grounds for termination of the Agreement.
-
- As specially permitted by law or regulation, X shall be permitted, at its own expense, to audit the Company's performance of this Agreement during normal business.
- Model Risk Management. Company shall:
- Provide information clearly explaining the product design, theory and logic;
- Provide information clearly explaining the product assumptions, limitations and where product use may be problematic;
- Provide information clearly explaining the product modifications and updates over time;
- Provide appropriate testing results that show the product works as expected such as, but not limited to, independent model validation results, certifications and/or disclosures and
- Take reasonable steps to accommodate model risk management requests by X consistent with regulatory requirement objectives such as, but not limited to, (insert applicable guidance/regulation)
------------------------------
Shelly Chase
AVP Operational Risk
------------------------------
Original Message:
Sent: 11-30-2022 12:21 PM
From: Mollie Schiffman
Subject: Contract Language for Supplier Due Diligence
Hello - Does anyone have contract language that can be shared for supplier contracts regarding due diligence requirements?
Much appreciated!
Thank you,
Mollie