Due Diligence and Ongoing Monitoring

This message was posted by a user wishing to remain anonymous

Good Afternoon TPRM community,

We have a vendor who we have a marketing arrangement with.  They issue credit cards in our name and they service the cards too.
Whenever we ask them to provide us documents they insist that they don't and they shouldn't meet the definition of a vendor or third party. 
(But they eventually do provide their documents)

I would love to hear your thoughts. 

Thanks

Looks like you are in Banking or have banking related agreements.  the arrangement you describe is often called a Joint Marketing Agreement, frequently in the contract itself. 
Here is a banking related reference(s):
OCC Bulletin 2017-7 and OCC Bulletin 2013-29 (which all banking regulator are considering adopting as joint guidance - See FIL-50-2021):
Original Message:
Sent: 08-30-2022 04:25 PM
From: Anonymous Member
Subject: Third party vendor definition

This message was posted by a user wishing to remain anonymous

Good Afternoon TPRM community,

We have a vendor who we have a marketing arrangement with.  They issue credit cards in our name and they service the cards too.
Whenever we ask them to provide us documents they insist that they don't and they shouldn't meet the definition of a vendor or third party. 
(But they eventually do provide their documents)

I would love to hear your thoughts. 

Thanks

Totally echo Greg's comments and almost exactly mirrors what I was going to say.  I quote regulatory language and requirements to vendors all the time.  If you are FDIC regulated, the citation would be FDIC's guidance for managing third-party risks (FIL 44-2008).

I'll usually introduce with something along the lines of "Based on your experience working with other banks, you know banking is a highly regulated industry and you may also be familiar with the FDIC's guidance for managing third-party risks (FIL 44-2008)." As a regulated entity, your hands are tied.  You definitely want partners that understand and respect that and I would be transparent with your vendor that this is your expectation.  

Shelly

------------------------------
Shelly Chase
AVP Operational Risk
------------------------------

Original Message:
Sent: 08-31-2022 08:52 AM
From: Greg Schmeisser
Subject: Third party vendor definition

Looks like you are in Banking or have banking related agreements.  the arrangement you describe is often called a Joint Marketing Agreement, frequently in the contract itself. 
Here is a banking related reference(s):
OCC Bulletin 2017-7 and OCC Bulletin 2013-29 (which all banking regulator are considering adopting as joint guidance - See FIL-50-2021):

"Before the bank enters into third-party relationships, senior management should develop a plan to manage the
relationship. The management plan should be commensurate with the level of risk and complexity of the
third-party relationship and should

...

* assesses the nature of customer interaction with the third party and the potential impact the relationship will have on the bank's customers-including access to or use of those customers' confidential information, joint marketing or franchising arrangements, complying with consumer protection laws, and handling of customer complaints-and outlines plans to manage these impacts."

Original Message:
Sent: 08-30-2022 04:25 PM
From: Anonymous Member
Subject: Third party vendor definition

This message was posted by a user wishing to remain anonymous

Good Afternoon TPRM community,

We have a vendor who we have a marketing arrangement with.  They issue credit cards in our name and they service the cards too.
Whenever we ask them to provide us documents they insist that they don't and they shouldn't meet the definition of a vendor or third party. 
(But they eventually do provide their documents)

I would love to hear your thoughts. 

Thanks

This message was posted by a user wishing to remain anonymous

Thank you for your input.
Greatly appreciated.
Original Message:
Sent: 08-31-2022 08:52 AM
From: Greg Schmeisser
Subject: Third party vendor definition

Looks like you are in Banking or have banking related agreements.  the arrangement you describe is often called a Joint Marketing Agreement, frequently in the contract itself. 
Here is a banking related reference(s):
OCC Bulletin 2017-7 and OCC Bulletin 2013-29 (which all banking regulator are considering adopting as joint guidance - See FIL-50-2021):

"Before the bank enters into third-party relationships, senior management should develop a plan to manage the
relationship. The management plan should be commensurate with the level of risk and complexity of the
third-party relationship and should

...

* assesses the nature of customer interaction with the third party and the potential impact the relationship will have on the bank's customers-including access to or use of those customers' confidential information, joint marketing or franchising arrangements, complying with consumer protection laws, and handling of customer complaints-and outlines plans to manage these impacts."

Original Message:
Sent: 08-30-2022 04:25 PM
From: Anonymous Member
Subject: Third party vendor definition

This message was posted by a user wishing to remain anonymous

Good Afternoon TPRM community,

We have a vendor who we have a marketing arrangement with.  They issue credit cards in our name and they service the cards too.
Whenever we ask them to provide us documents they insist that they don't and they shouldn't meet the definition of a vendor or third party. 
(But they eventually do provide their documents)

I would love to hear your thoughts. 

Thanks