Policy, Program and Procedures

Hi All,

I manage the third-party risk program for a federally regulated financial institute (Credit Union). Would like to know your thoughts on whether you consider a large depositor (typically big firms) as your third party? I understand by definition it should not be, but the counter argument is these large depositors may affect your liquidity and hence there is reputational risk at stake.

Appreciate your inputs.

Thanks,

Loveleen

Hi All,

A gentle reminder on the query. Would appreciate any thoughts/ experience on the topic.

Cheers,

Loveleen

Hi All,

I manage the third-party risk program for a federally regulated financial institute (Credit Union). Would like to know your thoughts on whether you consider a large depositor (typically big firms) as your third party? I understand by definition it should not be, but the counter argument is these large depositors may affect your liquidity and hence there is reputational risk at stake.

Appreciate your inputs.

Thanks,

Loveleen

Hi All,

A gentle reminder on the query. Would appreciate any thoughts/ experience on the topic.

Cheers,

Loveleen

Hi All,

I manage the third-party risk program for a federally regulated financial institute (Credit Union). Would like to know your thoughts on whether you consider a large depositor (typically big firms) as your third party? I understand by definition it should not be, but the counter argument is these large depositors may affect your liquidity and hence there is reputational risk at stake.

Appreciate your inputs.

Thanks,

Loveleen

This is an interesting question.  The depositor relationship may pose risk from a liquidity or reputation perspective but those should be taken into consideration from a enterprise risk fashion.  My institution would not consider these relationships vendor in nature nor subject to third party risk management functions.  

Hi All,

A gentle reminder on the query. Would appreciate any thoughts/ experience on the topic.

Cheers,

Loveleen

Hi All,

I manage the third-party risk program for a federally regulated financial institute (Credit Union). Would like to know your thoughts on whether you consider a large depositor (typically big firms) as your third party? I understand by definition it should not be, but the counter argument is these large depositors may affect your liquidity and hence there is reputational risk at stake.

Appreciate your inputs.

Thanks,

Loveleen

Why Not Third-Party Risk: Large depositors don't provide services to your credit union; they receive services from you. Third-party risk management is designed for vendor relationships where you depend on external entities for operational capabilities. Forcing depositor relationships into this framework creates definitional confusion and may not address the actual risks effectively.

The Real Risk - Concentration, Not Third-Party: What you're identifying is deposit concentration risk, which can create:

• Liquidity stress from sudden large withdrawals
• Funding instability during market volatility
• Reputational impact if a major depositor experiences distress
• Potential regulatory scrutiny over concentration limits

Recommended Approach: Develop a separate Deposit Concentration Risk Management framework that includes:

• Clear concentration limits (e.g., no single depositor exceeding X% of total deposits)
• Enhanced monitoring for accounts above defined thresholds
• Stress testing scenarios incorporating large depositor flight
• Early warning indicators for at-risk large depositors
• Contingency liquidity planning

See https://ncua.gov/regulation-supervision/regulatory-compliance-resources/liquidity-risk-resources

This is an interesting question.  The depositor relationship may pose risk from a liquidity or reputation perspective but those should be taken into consideration from a enterprise risk fashion.  My institution would not consider these relationships vendor in nature nor subject to third party risk management functions.  

Hi All,

A gentle reminder on the query. Would appreciate any thoughts/ experience on the topic.

Cheers,

Loveleen

Hi All,

I manage the third-party risk program for a federally regulated financial institute (Credit Union). Would like to know your thoughts on whether you consider a large depositor (typically big firms) as your third party? I understand by definition it should not be, but the counter argument is these large depositors may affect your liquidity and hence there is reputational risk at stake.

Appreciate your inputs.

Thanks,

Loveleen