This message was posted by a user wishing to remain anonymous
We limit the TPRM inventory to ongoing relationships (12+ month term, auto-renews,
or the bank has ongoing responsibility for the associated records).
We have a variety of carve-outs documented in our program. Some that include DD activities that are performed by the responsible business unit.
Examples of non-TPRM DD activities (inventoried, limited or no DD in the TPRM system - Business unit operates the DD):
- Law Firms
- Real Estate Panel Appraisers (vetted and approved frequent use appraisers in our markets)
These are inventoried but carved out with no material DD performed:
- Regulators (FDIC/StateDFI, OCC, FRB, NCUA, SEC, etc.)
- Govt. Agency or GSEs
- Landlords (real estate leases)
- Credentialing bodies (IT, Finance, Legal, etc.)
- Not ongoing relationships, but we frequently reuse the vendor for brief engagements
These are excluded from TPRM Inventory:
- Required filing agencies (county treasurer offices, secretaries of state, BMV, county recorder, etc.)
- GSE's (FHA, USDA, VA, etc.) [vetted, qualified, and] required providers (mortgage insurers and real estate appraisers)
- Non-Panel Real Estate Appraisers vetted by Appraiser Management Company (we do DD on the AMC)
- One-time use engagements, no intention for regular reuse in the next 24-36 months.
Original Message:
Sent: 08-06-2021 11:53 AM
From: Anonymous Member
Subject: Out of scope/In scope list
This message was posted by a user wishing to remain anonymous
Hi everyone,
I work in a Bank and handle Third party risk management .Please can any1 suggest if the below services should be out of scope for risk assessment and the reason for treating it as an exception.
Also any reference materials recommendations will be highly appreciated
Legal services
IT licenses with OEM's suppliers
IT subscriptions
Consultancy (IT/HR/Legal)
Audit and regulatory services
Thanks in advance!