This message was posted by a user wishing to remain anonymous
I have responsibility for Vendor Management here at our credit union. We are making some changes to the program and have implemented new software to help in this area. In the past our examiners have told us we need to monitor vendors even the low risk non critical ones. I plan to review the low risk ones once every three years. What I am struggling with is what am I checking on a low risk vendor when it comes to ongoing monitoring. Examples are vendors who offer services like our Language line, Auction Services, Official check provider, contracts for marketing with Radio stations or newspapers and similar. It seems overkill to look at BCP, IT security and financials for a company that we can easily replace and has no member or employee data. I have already eliminated vendors who are strictly Facilities, Maintenance, Utilities and Leases but I m not sure if I can eliminate these other vendors.
I was thinking maybe just a review of our satisfaction with the vendor might be sufficient, but I am not sure that is what NCUA has in mind. Any help would be greatly appreciated.