I agree with focus on where the performance is located...this is especially important when a vendor is performing in more than one location, and a more extensive due diligence review is required to ensure they are compliant in all performance jurisdictions. I have developed a chart that can be uploaded to the Venminder tool to elicit the additional information required for each jurisdiction outside the vendor's home base country.
As a side note--Our team is used to talking about "CONUS" (CONtinental US - spoken as
CONE-us) and "OCONUS" (Outside CONtintental US - spoken as
OH-Cone-us). Neither of these is a precise fit for vendor due diligence efforts--especially since our HQ is in Alaska! This led me to coin the term "NONUS" (Non-US spoken
NO-nus) and I use it to keep focus on the location of performance, whether acquisition of goods, services, or both.
Original Message:
Sent: 04-27-2022 08:18 AM
From: Michelle Chase
Subject: Foreign Vendor Definition
We have differentiated Foreign Vendors from services provided outside the US. Foreign Vendors for us are very simply any vendor headquartered outside the US. We separately track any services or service delivery that occurs outside the US regardless where the vendor is headquartered.
------------------------------
Shelly Chase
AVP Operational Risk
Original Message:
Sent: 04-27-2022 07:26 AM
From: Anonymous Member
Subject: Foreign Vendor Definition
This message was posted by a user wishing to remain anonymous
I am curious to see how others define Foreign Vendor in their Policy/Program. I ask because there are some clear FFIEC Definitions but the difference is using the term providing Services vs. providing technology vs. manufacturer of a Software. Point is Providing "Banking/Financial" Services or if again outside USA and its Local Hosted Software (No Brainer) vs. a Hosted Platform (No GLBA) vs Hosted Platform but its critical to infrastructure. Just food for thought as again seeking any definitions people are using for a Foreign Vendor is............ and then of course when they are not a Foreign Vendor or more importantly when you would not report them as Foreign Vendors in the spirit of definition by FFIEC.
Anyone?
Sincerely,
Paul