Contract Management

Is anyone using a standard Bank-drafted contract, agreement, or addendum to supplement any vendor contracts or MSAs they are asked to sign?  Particularly for any vendors who create regulatory compliance risks and have access to customer data and information. Would appreciate any thoughts from anyone that has done this or explored this at their institution.  Thank you!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk
------------------------------

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------

Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk
------------------------------

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management
------------------------------

Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------

Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I too would be interested in participating in peer group, on whatever frequency works best for those willing to coordinate!

------------------------------
Karmin Thompson
Compliance Officer
------------------------------

Original Message:
Sent: 10-07-2022 10:20 AM
From: Pamela Rackley
Subject: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

Original Message:
Sent: 10/7/2022 10:25:00 AM
From: Karmin Thompson
Subject: RE: Contracts

I too would be interested in participating in peer group, on whatever frequency works best for those willing to coordinate!

------------------------------
Karmin Thompson
Compliance Officer
------------------------------


Original Message:
Sent: 10-07-2022 10:20 AM
From: Pamela Rackley
Subject: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management

Original Message:
Sent: 10/7/2022 10:33:00 AM
From: Patty Fitzpatrick
Subject: RE: Contracts

Count me in! I'd like to be part of the peer group. Thanks for coordinating. Patty

 

Patricia Fitzpatrick | Senior Director of Compliance and Information Governance | Seyfarth Shaw LLP

 

---

CONFIDENTIALITY WARNING: This email may contain privileged or confidential information and is for the sole use of the intended recipient(s). Any unauthorized use or disclosure of this communication is prohibited. If you believe that you have received this email in error, please notify the sender immediately and delete it from your system.

---

Original Message:
Sent: 10/7/2022 10:25:00 AM
From: Karmin Thompson
Subject: RE: Contracts

I too would be interested in participating in peer group, on whatever frequency works best for those willing to coordinate!

------------------------------
Karmin Thompson
Compliance Officer
------------------------------


Original Message:
Sent: 10-07-2022 10:20 AM
From: Pamela Rackley
Subject: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/7/2022 10:33:00 AM
From: Patty Fitzpatrick
Subject: RE: Contracts

Count me in! I'd like to be part of the peer group. Thanks for coordinating. Patty

 

Patricia Fitzpatrick | Senior Director of Compliance and Information Governance | Seyfarth Shaw LLP

 

---

CONFIDENTIALITY WARNING: This email may contain privileged or confidential information and is for the sole use of the intended recipient(s). Any unauthorized use or disclosure of this communication is prohibited. If you believe that you have received this email in error, please notify the sender immediately and delete it from your system.

---

Original Message:
Sent: 10/7/2022 10:25:00 AM
From: Karmin Thompson
Subject: RE: Contracts

I too would be interested in participating in peer group, on whatever frequency works best for those willing to coordinate!

------------------------------
Karmin Thompson
Compliance Officer
------------------------------


Original Message:
Sent: 10-07-2022 10:20 AM
From: Pamela Rackley
Subject: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/7/2022 10:47:00 AM
From: Tina O'Donnell
Subject: RE: Contracts

Hello! I would like to participate in the peer group call. Thank you!

 

Tina O'Donnell, AAP, CCBRS    

AVP Operational Risk Manager

Original Message:
Sent: 10/7/2022 10:33:00 AM
From: Patty Fitzpatrick
Subject: RE: Contracts

Count me in! I'd like to be part of the peer group. Thanks for coordinating. Patty

 

Patricia Fitzpatrick | Senior Director of Compliance and Information Governance | Seyfarth Shaw LLP

 

---

CONFIDENTIALITY WARNING: This email may contain privileged or confidential information and is for the sole use of the intended recipient(s). Any unauthorized use or disclosure of this communication is prohibited. If you believe that you have received this email in error, please notify the sender immediately and delete it from your system.

---

Original Message:
Sent: 10/7/2022 10:25:00 AM
From: Karmin Thompson
Subject: RE: Contracts

I too would be interested in participating in peer group, on whatever frequency works best for those willing to coordinate!

------------------------------
Karmin Thompson
Compliance Officer
------------------------------


Original Message:
Sent: 10-07-2022 10:20 AM
From: Pamela Rackley
Subject: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management

Original Message:
Sent: 10/7/2022 10:25:00 AM
From: Karmin Thompson
Subject: RE: Contracts

I too would be interested in participating in peer group, on whatever frequency works best for those willing to coordinate!

------------------------------
Karmin Thompson
Compliance Officer
------------------------------


Original Message:
Sent: 10-07-2022 10:20 AM
From: Pamela Rackley
Subject: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management

Original Message:
Sent: 10/7/2022 10:21:00 AM
From: Pamela Rackley
Subject: RE: Contracts

I'm interested in a monthly peer group as well.  Thanks.

------------------------------
Pam Rackley
Risk Analyst
Associate CTPRP
------------------------------


Original Message:
Sent: 10-07-2022 10:10 AM
From: Brandon Mayfield
Subject: Contracts

Sounds great, will do.

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 04:38 PM
From: Merritt Wofford
Subject: Contracts

Please include me in peer group 

This message is sent by iPhone. Please excuse possible typo errors. 

Merritt Wofford

Heritage Southeast Bank

Enterprise Risk Management Officer

Security Officer, Heritage Southeast Bank 

Director of Facilities, Vendor and Project Management

Original Message:
Sent: 10/6/2022 2:37:00 PM
From: Brandon Mayfield
Subject: RE: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

Original Message:
Sent: 10-07-2022 10:51 AM
From: Sheetal Shah-Jani
Subject: Contracts

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

4550 New Linden Hill Road

Suite 400

Wilmington, DE 19808

Office: 302-203-6876

Mobile: 610-316-6184

Fax: 302-208-5700

Email: sshah-jani@contfinco.com

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I would love to be a part of a call/peer group as well.

------------------------------
Isabel Guerrero, MPH, CCSA
Compliance & Audit Manager


------------------------------

Original Message:
Sent: 10-07-2022 10:53 AM
From: Sheetal Shah-Jani
Subject: Contracts

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

4550 New Linden Hill Road

Suite 400

Wilmington, DE 19808

Office: 302-203-6876

Mobile: 610-316-6184

Fax: 302-208-5700

Email: sshah-jani@contfinco.com

Original Message:
Sent: 10-07-2022 10:51 AM
From: Sheetal Shah-Jani
Subject: Contracts

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

4550 New Linden Hill Road

Suite 400

Wilmington, DE 19808

Office: 302-203-6876

Mobile: 610-316-6184

Fax: 302-208-5700

Email: sshah-jani@contfinco.com

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

Please include me in the Peer Call.

Thanks,

Marty Keaney
Vendor Management and Business Continuity Specialist.


------------------------------
MartyKeaney
------------------------------

Original Message:
Sent: 10-07-2022 11:16 AM
From: ISABEL GUERRERO
Subject: Contracts

I would love to be a part of a call/peer group as well.

------------------------------
Isabel Guerrero, MPH, CCSA
Compliance & Audit Manager
D (714) 415-5735
P (714) 415-6300
E iguerrero@veros.com


------------------------------


Original Message:
Sent: 10-07-2022 10:53 AM
From: Sheetal Shah-Jani
Subject: Contracts

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

4550 New Linden Hill Road

Suite 400

Wilmington, DE 19808

Office: 302-203-6876

Mobile: 610-316-6184

Fax: 302-208-5700

Email: sshah-jani@contfinco.com

Original Message:
Sent: 10-07-2022 10:51 AM
From: Sheetal Shah-Jani
Subject: Contracts

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

4550 New Linden Hill Road

Suite 400

Wilmington, DE 19808

Office: 302-203-6876

Mobile: 610-316-6184

Fax: 302-208-5700

Email: sshah-jani@contfinco.com

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I am interested in joining the peer group too.

Kathleen
Original Message:
Sent: 10-07-2022 10:51 AM
From: Sheetal Shah-Jani
Subject: Contracts

I am interested in the peer group also. 

Thank you, 

Sheetal R. Shah-Jani, Esq.

Corporate Counsel

Continental Finance Company, LLC

4550 New Linden Hill Road

Suite 400

Wilmington, DE 19808

Office: 302-203-6876

Mobile: 610-316-6184

Fax: 302-208-5700

Email: sshah-jani@contfinco.com

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I would be interested in participating in this group, also.
Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I would be interested in participating, thank you.
Original Message:
Sent: 10-07-2022 11:25 AM
From: Aaron Sparks
Subject: Contracts

I would be interested in participating in this group, also.

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I would be interested in participating in this group. 
Thank you

------------------------------
Donato Ricci
------------------------------

Original Message:
Sent: 10-07-2022 11:25 AM
From: Aaron Sparks
Subject: Contracts

I would be interested in participating in this group, also.

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

I would be interested in this peer group as well.
Thank you,
Liz Lovgren
Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

Please also include me in this peer group.

Many Thanks

Pav Chahall

WTW

Supplier Risk Lead

------------------------------
Pav Chahall
Supplier Risk Management
Director
------------------------------

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk

Hello everyone,

Love the feedback here! Our team is planning to set up a monthly discussion and will share those details with you soon as well. Given all the interest in Brandon's peer group call, and in an effort to not flood inboxes, I will be closing this thread. If you're interested in the peer group call, please email me directly at community@thirdpartythinktank.com and I will pass along your contact information to Brandon directly.

Thank you,

Brittany Padgett
Community Manager

Original Message:
Sent: 10-06-2022 02:36 PM
From: Brandon Mayfield
Subject: Contracts

This is very helpful, Shelly. Thank you!  Sounds like we are thinking along the same lines, and you guys are a little further along in this process.  Would love to develop a monthly peer group call outside of this forum so we could discuss things like this, share ideas, best practices, etc.  If you and others would be open to this, let me know and I can work to coordinate.  Thank you again!

------------------------------
Brandon Mayfield
Vendor Management
------------------------------


Original Message:
Sent: 10-06-2022 01:48 PM
From: Michelle Chase
Subject: Contracts

We developed a standalone third-party service agreement on Bank paper, currently with our legal team for fine tuning so not in full production yet.  The main driver was tightening up our risk management and ensuring that there was standardization in contract wording, provisions and SLA's across the bank.  

We used the FDIC FIL 44 Guide to Managing Third Party Risk as a starting point.  That guidance includes detailed contract and structuring recommendations: 

FDIC: FIL-44-2008: Guidance for Managing Third-Party Risk

Also worked closely with business unit owners, specifically IT and InfoSec, on developing standardized SLA's and technical requirements such as encryption standards etc to build in.

My preference in negotiating contracts is to negotiate off the bank's contract versus trying to negotiate the bank's requirements into a third party's contract.  As with all things third party risk in my experience its vendor by vendor.  Some vendors are willing to use a contract that is not on their own paper, some will not.  If a vendor won't use our contract, we will negotiate our standardized wording in as much as we can depending on the risk.


------------------------------
Shelly Chase
AVP Operational Risk