While some banks are prepared to deal with these audits because they have strengthened their supplier management programs to meet Schedule J requirements of the FFIEC manual, much progress is still minimal. And some banks have made no progress. This lack of progress is usually due to paralysis caused by lack of understanding of the requirements or push-back by the perception that leadership is excessive. Regardless of this, it is time for banks to gain a better understanding of supplier management, starting with these four tips: While taking time, it is in your institution`s interest to ensure that general suppliers have been audited accordingly, that GLBA providers can protect your sensitive data, and that strategic suppliers can perform their critical functions. Otherwise, the penalty could take the form of a loss of business and an internal offence, a double shame that no bank wants to face. Regulators stressed the importance of enforcing a comprehensive risk management process throughout the lifecycle of the relationship with suppliers, from supplier selection and performance control to the end of the relationship. This article aims to highlight some of the issues that financial institutions wish to consider when awarding service contracts. It is not intended as a substitute for legal advice, nor is it. Legal contracts should always be audited by legal counsel or a lawyer for a company or financial institution before entering into an agreement.
It`s a lot of work, but for most local and regional banks, it should only be completed on one or two suppliers, and rarely more than five. Contract negotiations are an area of supplier risk management that has recently been the subject of greater attention, for good reason: third-party suppliers have long transferred most of the responsibility and responsibility for their system failures to the bank. However, banks should recognize that they have a voice in contract negotiations and that they are seeking their own contractual protection. Such safeguards should apply: they require contractual liability. Most providers include contractual liability clauses for consecutive damages and a general (surprisingly small) liability cap, but banks should insist on certain exemptions from the cap, including possible compensation obligations for breaches of confidentiality or security procedures by suppliers. The use of subcontractors. The seller may use subcontractors under this contract, provided that the seller`s use of subcontractors complies with the requirements of 501 (b) glba.