How awesome! I needed that too, thank you Michelle.
Original Message:
Sent: 3/24/2023 10:50:00 AM
From: Michelle Chase
Subject: RE: Due Diligence for the FRB
Happy to share, a little context. We have vendor categories that we exclude from TPRM completely by policy (like utilities, municipalities) and vendor categories that we exempt from our standard due diligence requirements or have separate and distinct due diligence requirements for such as financial institutions. Part of developing the below for financial institutions was thinking about what we think its reasonable to provide as a third party to another financial institution and developing a matrix that manages the risk for such heavily regulated entities that doesn't ask for more than we would be willing to give.
Required Due Diligence- Banks, Financial Institutions and GSEs
|
Risk
|
Due Diligence
|
Reputational Risk
|
· Data base
· Ongoing reputation monitoring
|
Financial Risk
|
· FFIEC UBPR (Uniform Bank Performance Report)
· Third party report (DNBi, LexisNexis or similar)
· 10-K (if public)
· Annual Report (if available)
|
Regulatory Risk
|
· Enforcement Actions (FED, FDIC, OCC)
· FFIEC CRA Rating
|
Data Privacy Risk
|
· NDA/Confidentiality (If contract/SLA contains NDA/confidentiality, separate NDA not required)
|
Operational Risk
|
· Contract/Service Agreement
|
For GSEs supervised by FHFA (Federal Housing Finance Agency) including Fannie Mae and Federal Home Loan Banks (FHLB) will additionally obtain a copy of annual reports to Congress.
For Federal Reserve Bank(s) will additionally obtain a copy of the Federal Reserve Board of Governors annual report.
|
------------------------------
Shelly Chase
VP Operational Risk
------------------------------
Original Message:
Sent: 03-23-2023 05:15 PM
From: Cheryl Turner
Subject: Due Diligence for the FRB
Hi Shelly,
I would love to see your matrix, if that's something you can share. Please email me directly if that works.
Thanks so much!
Cheryl Turner, CRVPM II
Vendor Manager
Original Message:
Sent: 3/23/2023 3:44:00 PM
From: Michelle Chase
Subject: RE: Due Diligence for the FRB
We created a due diligence matrix specific for financial institutions including the Federal Reserve. For the Fed we pull the annual financial statements for our Fed bank and the annual Federal Reserve Board of Governors report.
------------------------------
Shelly Chase
VP Operational Risk
Original Message:
Sent: 03-23-2023 03:22 PM
From: Anonymous Member
Subject: Due Diligence for the FRB
This message was posted by a user wishing to remain anonymous
We do not perform due diligence on the FRB. Our VM policy excludes those we cannot influence or hold accountable. We also exclude government or regulatory agencies (which includes federal banking agencies).
Original Message:
Sent: 03-23-2023 02:46 PM
From: Katherine Coffield
Subject: Due Diligence for the FRB
I would not consider FRB as a third party supplier. Even though they may provide services, they are a regulatory agency as well.
Current functions of the Federal Reserve System include:
- To address the problem of banking panics
- To serve as the central bank for the United States
- To strike a balance between private interests of banks and the centralized responsibility of government
- To supervise and regulate banking institutions
- To protect the credit rights of consumers
- To manage the nation's money supply through monetary policy to achieve the sometimes-conflicting goals of
- maximum employment
- stable prices, including prevention of either inflation or deflation[27]
- moderate long-term interest rates
- To maintain the stability of the financial system and contain systemic risk in financial markets
- To provide financial services to depository institutions, the U.S. government, and foreign official institutions, including playing a major role in operating the nation's payments system
- To facilitate the exchange of payments among regions
- To respond to local liquidity needs
- To strengthen U.S. standing in the world economy
Original Message:
Sent: 03-23-2023 01:01 PM
From: Cheryl Turner
Subject: Due Diligence for the FRB
Hi Katherine,
So, you consider the FRB exempt too?
Cheryl
Original Message:
Sent: 3/23/2023 12:55:00 PM
From: Katherine Coffield
Subject: RE: Due Diligence for the FRB
I agree with Julio.
Original Message:
Sent: 03-23-2023 11:02 AM
From: Cheryl Turner
Subject: Due Diligence for the FRB
Hi Julio,
Thanks so much for this information. It is very helpful. If you have some time, I'd like to ask you a couple additional questions, offline.
Please email me at [Email has been removed by the Community Manager for privacy reasons. You can access the member's contact information by clicking their name, which will redirect to their profile] if that works for you.
Much appreciated.
Cheryl
Original Message:
Sent: 3/23/2023 10:11:00 AM
From: Julio Hernandez
Subject: RE: Due Diligence for the FRB
Good Morning,
Here at our financial institution the Vendor Management Policy scopes out Government Agencies, see sample below;
Further, vendor relationships that meet any of the following relevancy criteria may be treated as exceptions
(i.e., this policy does not apply).
Appraisers
Legal services provided by licensed attorneys
Charitable contributions
Direct marketing costs/supplies
Furniture, equipment and supplies
Facilities expenses (including rent and landscaping)
Government agency expenses (e.g. taxes)
Loan related expenses (e.g., condo doc fees)
Professional dues, education and subscriptions
REO/Foreclosure expenses
Utilities
General Corporate Expenses
It is merely impossible to obtain IT related data to complete for SOC1 or SOC2 assessments. We have not had any challenges from our regulators relative to our policy. (knock on wood, no jinx).
Hope this helps
------------------------------
Julio Hernandez
Original Message:
Sent: 03-23-2023 09:55 AM
From: Cheryl Turner
Subject: Due Diligence for the FRB
Hi All,
For those of you in the financial industry, can you tell me what you do as far as performing Due Diligence or Periodic Reviews on the Federal Reserve Bank?
We recently contracted with our VM software vendor to assist with their review this year. Our vendor said we may want to pick another vendor, because the FRB does not answer questionnaires and provides little documentation. The only documentation we are able to obtain is financials, so other than that, there is very little information to review. We may as well do that ourselves.
I'm curious as to what the rest of you that utilize the FRB are doing for Due Diligence on them.
Thanks so much!