Contract Management

Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

Have other FI's taken this full "paperless" approach to third-party vendor risk management?

Any comments/feedback is greatly appreciated!

Thank you!

Your industry may have retention requirements, my co is by the SEC - so they dictate
# years per type doc
If WORM hard copy not needed​
We are paperless, but integration between template, review/redlines, eSignature, storage is not seamless - this is the key in my opinion-seamless integration
Original Message:
Sent: 10-09-2019 08:18 AM
From: Tom Simmons
Subject: Vendor File - Contracts and Due Diligence Retention

Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

Have other FI's taken this full "paperless" approach to third-party vendor risk management?

Any comments/feedback is greatly appreciated!

Thank you!

I should probably know this but what is "WORM"?
Original Message:
Sent: 10-10-2019 07:42 AM
From: Dan Graham
Subject: Vendor File - Contracts and Due Diligence Retention

Your industry may have retention requirements, my co is by the SEC - so they dictate
# years per type doc
If WORM hard copy not needed​
We are paperless, but integration between template, review/redlines, eSignature, storage is not seamless - this is the key in my opinion-seamless integration
Original Message:
Sent: 10-09-2019 08:18 AM
From: Tom Simmons
Subject: Vendor File - Contracts and Due Diligence Retention

Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

Have other FI's taken this full "paperless" approach to third-party vendor risk management?

Any comments/feedback is greatly appreciated!

Thank you!

Write Once Read Many
Original Message:
Sent: 11-04-2020 08:51 AM
From: Joseph Ciccone
Subject: Vendor File - Contracts and Due Diligence Retention

I should probably know this but what is "WORM"?
Original Message:
Sent: 10-10-2019 07:42 AM
From: Dan Graham
Subject: Vendor File - Contracts and Due Diligence Retention

Your industry may have retention requirements, my co is by the SEC - so they dictate
# years per type doc
If WORM hard copy not needed​
We are paperless, but integration between template, review/redlines, eSignature, storage is not seamless - this is the key in my opinion-seamless integration
Original Message:
Sent: 10-09-2019 08:18 AM
From: Tom Simmons
Subject: Vendor File - Contracts and Due Diligence Retention

Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

Have other FI's taken this full "paperless" approach to third-party vendor risk management?

Any comments/feedback is greatly appreciated!

Thank you!

Thanks, Greg!
Original Message:
Sent: 11-04-2020 09:21 AM
From: Greg Anderson
Subject: Vendor File - Contracts and Due Diligence Retention

Write Once Read Many
Original Message:
Sent: 11-04-2020 08:51 AM
From: Joseph Ciccone
Subject: Vendor File - Contracts and Due Diligence Retention

I should probably know this but what is "WORM"?
Original Message:
Sent: 10-10-2019 07:42 AM
From: Dan Graham
Subject: Vendor File - Contracts and Due Diligence Retention

Your industry may have retention requirements, my co is by the SEC - so they dictate
# years per type doc
If WORM hard copy not needed​
We are paperless, but integration between template, review/redlines, eSignature, storage is not seamless - this is the key in my opinion-seamless integration
Original Message:
Sent: 10-09-2019 08:18 AM
From: Tom Simmons
Subject: Vendor File - Contracts and Due Diligence Retention

Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

Have other FI's taken this full "paperless" approach to third-party vendor risk management?

Any comments/feedback is greatly appreciated!

Thank you!

Someone with time on their hands classified all the documents and assigned a retention schedule long before I got to where I am. But yes, to support what has been said already, you must choose a schedule that fits the right retention length for your use. 

You can achieve your "paperless" approach to TPRM through using one of the available document retention systems. Just plan to have enough time and resources to develop a front end for your system that allows easy access to the documents you need. Having a great back end system will only be judged by how easy your constituents can find the docs needed for their needs. Like any other project, identify your stakeholders and get their input for a front end that meets most of the needs of your identified users. 

Balance this then with the spend for your project. Have dev resources who can work with you. If this is a rainy-day project, it will be something that never gets done. Then know when done is and plan to that in terms of time and resources. Your management will only tolerate one trip to the well for fundage. Be sure to take care with planning just in case Mother Nature provides you with a hidden problem. 10% should be enough. 

Trade access time to compression. The higher the compression, the smaller the footprint on your medium. WORM (optical) is good but with the cost of HHDs and the plumbing coupled with a good compression algorithm, I believe you will find this to be close. Your milage will obviously vary depending on all the acquisition and deployment challenges. 

Lastly, there are several different E-Sig tools that can be used to digitally sign a document. We have not gotten any pushback from our suppliers regarding using E-Sig. Just choose one that is well known as this boils down to trust by both sides. 

Hope this helps. 

Original Message:
Sent: 10-09-2019 08:18 AM
From: Tom Simmons
Subject: Vendor File - Contracts and Due Diligence Retention

Is anyone aware of specific Regulatory Records Retention requirements for Vendor Contracts and/or vendor Due Diligence/risk assessments? 

Are there any documents we must maintain the original hard copy (e.g. Contracts with wet signatures, FFIEC TSP Exams)? 

I'm hoping to go "paperless" as best we can within Vendor Management to eliminate a lot of manual processes as we leverage Venminder software to hold our vendor documentation in a centralized location (with the backup being on our Bank's network). 

I'm curious if there's any challenges or things to consider when trying to reduce the amount of documents printed/retained.  At the moment we've been managing our program in three places (physical files, network, and Venminder).  

Have other FI's taken this full "paperless" approach to third-party vendor risk management?

Any comments/feedback is greatly appreciated!

Thank you!