Due Diligence and Ongoing Monitoring

• Relationships with customers or members or account-holders of the Credit Union; 

• Relationships with third-party providers of goods or products (or their sub-providers) which may reasonably be considered incidental to CACL's operations or lines of business and are therefore not material to CACL's third-party risk profile. 

• Relationships with affiliates pursuant to intracompany service agreements to the extent such agreements are principally intended to document intracompany financial agreements for financial allocation purposes and do not include any scope of work materially related to functions of the Credit Union or Company from a third-party risk management perspective. 

• Relationships with government regulatory agencies.  

• Relationships that consist of a single, one-time payment.  

• Relationships with entities that require total independence to perform their functions appropriately.  

• Relationships that cannot be influenced by the Credit Union or held accountable to any service level agreements.  

• Relationships with third-parties consisting of industry group memberships, sponsorships, and events.  

Venminder provided us with a policy template back in 2020, but we made a few additions to the list. We used this guide to determine which vendors of ours would be considered out of scope - https://www.thirdpartythinktank.com/communities/community-home/librarydocuments/viewdocument?DocumentKey=020a0357-bdc4-4259-80bd-ead066c2b71e&CommunityKey=b84aae94-c495-48bb-9f3a-4bbba9a5ce95&tab=librarydocuments