Policy, Program and Procedures

 View Only

  • 1.  Third-party arrangements scope/ definition

    Posted 25 days ago

    Hi All,

    I manage the third-party risk program for a federally regulated financial institute (Credit Union). Would like to know your thoughts on whether you consider a large depositor (typically big firms) as your third party? I understand by definition it should not be, but the counter argument is these large depositors may affect your liquidity and hence there is reputational risk at stake.

    Appreciate your inputs.

    Thanks,

    Loveleen



  • 2.  RE: Third-party arrangements scope/ definition

    Posted 19 days ago

    Hi All,

    A gentle reminder on the query. Would appreciate any thoughts/ experience on the topic.

    Cheers,

    Loveleen


    Original Message


  • 3.  RE: Third-party arrangements scope/ definition

    Posted 19 days ago

    Seems to me that a large depositor whose balances may cause liquidity concerns should be monitored by your Asset/Liability Committee (ALCO) rather than under your vendor management program.  The relationship manager should stay in communication with the depositor so that they are alerted to any large swings in the amount on deposit or changes in the depositor's status and then relay that info to ALCO.

    Your BSA/AML team should also have risk rated this depositor and be monitoring it for unusual transactions.

    I don't see depositors as in scope for vendor risk management at all since they create a different type of risk for your institution and require different monitoring methods.



    ------------------------------
    Richard
    ------------------------------

    Original Message


  • 4.  RE: Third-party arrangements scope/ definition

    This message was posted by a user wishing to remain anonymous
    Posted 12 days ago
    This message was posted by a user wishing to remain anonymous

    This is an interesting question.  The depositor relationship may pose risk from a liquidity or reputation perspective but those should be taken into consideration from a enterprise risk fashion.  My institution would not consider these relationships vendor in nature nor subject to third party risk management functions.  


    Original Message


  • 5.  RE: Third-party arrangements scope/ definition

    Posted 11 days ago

    Why Not Third-Party Risk: Large depositors don't provide services to your credit union; they receive services from you. Third-party risk management is designed for vendor relationships where you depend on external entities for operational capabilities. Forcing depositor relationships into this framework creates definitional confusion and may not address the actual risks effectively.

    The Real Risk - Concentration, Not Third-Party: What you're identifying is deposit concentration risk, which can create:

    • Liquidity stress from sudden large withdrawals
    • Funding instability during market volatility
    • Reputational impact if a major depositor experiences distress
    • Potential regulatory scrutiny over concentration limits

    Recommended Approach: Develop a separate Deposit Concentration Risk Management framework that includes:

    • Clear concentration limits (e.g., no single depositor exceeding X% of total deposits)
    • Enhanced monitoring for accounts above defined thresholds
    • Stress testing scenarios incorporating large depositor flight
    • Early warning indicators for at-risk large depositors
    • Contingency liquidity planning

    See https://ncua.gov/regulation-supervision/regulatory-compliance-resources/liquidity-risk-resources


    Original Message