Do You Meet the OCC’s 2020 Vendor Relationship Expectations?

Critical themes in Bulletin 2020-10

The recurring theme throughout the update is that you need to widen your scope in assessing third parties and that all vendors need to be financially evaluated, says Jay Fitzhugh, Chief Regulatory Officer for Mitratech.

The definition of third-party vendors has become very broad. “Now it is being interpreted to encompass relationships that might not even involve contracts,” says Fitzhugh, including:

• Referral arrangements
• Appraisers and appraisal management companies
• Professional service providers, such as attorneys
• Maintenance, catering, and custodial service companies
• Data aggregators

With regards to expanded review requirements, “In our experience, 98 out of 100 organizations have a risk-based approach to third-party financial evaluations,” he says. “They aren’t evaluating the financial condition of small, low risk, or insignificant vendors, but per the Bulletin, this could lead to program criticism.”

The OCC’s clarifying language on financial evaluations and vendor requirements indicate that many organizations have struggled with previous guidance. How can you make sure you’re gathering the necessary data to go above and beyond the OCC’s standards? A VRM solution with vendor due diligence capabilities can help you evaluate your vendors’ finances and track vendors of any size.

Prepare for the OCC’s guidelines

A vendor risk management (VRM) solution with the right the tools and functionalities can help you meet the requirements of Bulletin 2020-10:

• The Bulletin states in point 4 that data aggregators are still the financial institution’s responsibility even if there is no direct service or business arrangement.

“The problem is financial institutions don’t always know who these data aggregators are,” says Fitzhugh. “These aggregators work independently with an institution’s clients to access and export a client’s financial information.”

To address this lack of visibility to these providers, find a VRM solution with a vendor due diligence content bundle that allows financial institutions to evaluate industry-leading data aggregators in one centralized place.

• In the Bulletin point 17, “This segment of clarification defines that all third-party vendors require an evaluation of financial condition that must be performed during vendor due diligence and in ongoing continuous monitoring,” says Fitzhugh. “The explicit expansion of the vendor portfolio for appraisers, attorneys, and consultants, coupled with the requirement of the financial condition evaluation, is likely an expansion of existing vendor risk management efforts for most banks.”

The Bulletin goes on to define alternative methods in evaluating factors that may affect a third party’s overall financial stability, such as their:

• Access to funds
• Funding sources
• Earnings
• Net cash flow
• Expected growth
• Projected borrowing capacity

The OCC’s new interpretation sets a high bar for financial evaluations that can be met through vendor due diligence and evaluation capabilities of a flexible VRM solution that can define required third-party vendor review components.