Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Referral relationships

    Posted 03-15-2023 10:02 AM

    My financial institution is considering entering into a relationship where we would refer our customers to a student loan organization website (linked from our corporate website) and the customer would enter their own confidential information into that 3rd party site and engage in a lending relationship with the student loan organization.  Our financial institution would not be sharing any information directly.   

    For third parties where we share a customer's confidential information, we typically look at assessing the vendor's information security (SOC audit, policies, questionnaire), their financial condition as well as their compliance to things such as UDAAP and ID Theft red flags.  However, in this case, we are referring the customer to an outside organization where they (the customer) enters into an agreement with that organization.  My question is what type of due diligence should we require from the student loan organization in this type of relationship?

  • 2.  RE: Referral relationships

    Posted 03-15-2023 10:32 AM

    Will you have a contract with that 3rd party site as a referral partner?   If yes, then I would treat them as you do any other critical vendor.  Although they would not be considered a critical vendor for you, they would be for the customers you are referring to them and I would think you would be more comfortable having checked them out on a high level.  If you will not have a contract with them, it may be a little hard to get what you need to do a proper assessment on them.  

  • 3.  RE: Referral relationships

    Posted 03-15-2023 10:46 AM

    Also something to consider is any regulatory implications of these referrals.  Not sure what your business line is, but in the Mortgage world, that could be a TILA/RESPA violation


    Judi M


    WARNING: Without the use of appropriate security measures, Internet e-mail may not be a safe method to communicate confidential information. Internet messages and attachments may be intercepted, read and/or corrupted. Minnesota Housing makes no representation or warranty regarding the security of either incoming or outgoing Internet messages. While you may use Internet e-mail to communicate with Minnesota Housing, you do so at your own risk.

  • 4.  RE: Referral relationships

    Posted 03-15-2023 10:46 AM

    Good morning,


    I have that same question.  We have companies that our Business enters into a referral agreement where we refer this "referral partner's" product/services to a Client/CU/FI, who then will contract with the Referral Partner to provide their products/services to our Clients.  What is the best approach at vetting these types of Referral Partners and what due diligence is recommended to request, especially if there is no technology connections or data being provided from my company to the Referral Partner?  Thank you!