Exams or Audits

Hello All,

I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring Attention (ECRAs). 

We have inquired with the vendor, and they provided us with memos explaining what they have done with each ECRA. Many of them have been closed, some are in progress.

Currently we conduct the highest level of due diligence (inherent high risk) on this vendor, we also consider them critical vendor. 

So, my question is:

How do we validate what they tell us?

We are also unable to mitigate some of these ECRA's, as they are beyond our control.  Unfortunately ending our relationship with them would be very difficult, time consuming and expensive. 

Any input about this situation would be appreciated.

Hello, yes, I'd recommend looking at your contract with this vendor, to see what audit obligations they have.  I'd recommend going on site for a site visit and specifically meet to discuss and tour as best as possible to visually confirm controls are in place.  And, I'd recommend an executive or two of your bank attends that onsite visit, to send a message that you take this seriously and expect compliance with regulations.   And, I'd document what you've done, such that you can show your examiners the sincerity of your due diligence. Good luck!

Hello All,

I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring Attention (ECRAs). 

We have inquired with the vendor, and they provided us with memos explaining what they have done with each ECRA. Many of them have been closed, some are in progress.

Currently we conduct the highest level of due diligence (inherent high risk) on this vendor, we also consider them critical vendor. 

So, my question is:

How do we validate what they tell us?

We are also unable to mitigate some of these ECRA's, as they are beyond our control.  Unfortunately ending our relationship with them would be very difficult, time consuming and expensive. 

Any input about this situation would be appreciated.

Good morning,

How do you determine which vendors are examined by regulators in the Banking and financial industry?

Do mortgage servicer get examined?

Health care Insurance companies?

Any other major vendor category that are examined by federal or state examiners?

Another question is whether we should we request these reports from regulators?

Thanks.

Original Message:
Sent: 02-01-2024 03:35 PM
From: Jody Gentemann
Subject: Report of Examination

Hello, yes, I'd recommend looking at your contract with this vendor, to see what audit obligations they have.  I'd recommend going on site for a site visit and specifically meet to discuss and tour as best as possible to visually confirm controls are in place.  And, I'd recommend an executive or two of your bank attends that onsite visit, to send a message that you take this seriously and expect compliance with regulations.   And, I'd document what you've done, such that you can show your examiners the sincerity of your due diligence. Good luck!

Hello All,

I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring Attention (ECRAs). 

We have inquired with the vendor, and they provided us with memos explaining what they have done with each ECRA. Many of them have been closed, some are in progress.

Currently we conduct the highest level of due diligence (inherent high risk) on this vendor, we also consider them critical vendor. 

So, my question is:

How do we validate what they tell us?

We are also unable to mitigate some of these ECRA's, as they are beyond our control.  Unfortunately ending our relationship with them would be very difficult, time consuming and expensive. 

Any input about this situation would be appreciated.

Typically, the Regulators will want to know all of the FI's critical or material vendors. These could be vendors that have access to NPI, such as customer information, or employee information. Vendors that represent a portion of an FI's income, or expenditure. They will also review the FI's policies and procedures. The audit based off of those documents. 

Good morning,

How do you determine which vendors are examined by regulators in the Banking and financial industry?

Do mortgage servicer get examined?

Health care Insurance companies?

Any other major vendor category that are examined by federal or state examiners?

Another question is whether we should we request these reports from regulators?

Thanks.

Original Message:
Sent: 02-01-2024 03:35 PM
From: Jody Gentemann
Subject: Report of Examination

Hello, yes, I'd recommend looking at your contract with this vendor, to see what audit obligations they have.  I'd recommend going on site for a site visit and specifically meet to discuss and tour as best as possible to visually confirm controls are in place.  And, I'd recommend an executive or two of your bank attends that onsite visit, to send a message that you take this seriously and expect compliance with regulations.   And, I'd document what you've done, such that you can show your examiners the sincerity of your due diligence. Good luck!

Hello All,

I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring Attention (ECRAs). 

We have inquired with the vendor, and they provided us with memos explaining what they have done with each ECRA. Many of them have been closed, some are in progress.

Currently we conduct the highest level of due diligence (inherent high risk) on this vendor, we also consider them critical vendor. 

So, my question is:

How do we validate what they tell us?

We are also unable to mitigate some of these ECRA's, as they are beyond our control.  Unfortunately ending our relationship with them would be very difficult, time consuming and expensive. 

Any input about this situation would be appreciated.

Hello All,

I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring Attention (ECRAs). 

We have inquired with the vendor, and they provided us with memos explaining what they have done with each ECRA. Many of them have been closed, some are in progress.

Currently we conduct the highest level of due diligence (inherent high risk) on this vendor, we also consider them critical vendor. 

So, my question is:

How do we validate what they tell us?

We are also unable to mitigate some of these ECRA's, as they are beyond our control.  Unfortunately ending our relationship with them would be very difficult, time consuming and expensive. 

Any input about this situation would be appreciated.