United States

The three pillars of a proactive risk-based vendor management program


Download white paper

As the economy improves and financial institutions search for ways to become more efficient, the use of outsourcing is increasing. Regulations have not changed, but regulators are paying closer attention as outsourcing spreads, and vendor management guidelines extend to more institutions such as mortgage companies. With more outsourced functions, vendors having direct contact with clients and increased regulatory pressure, implementing a strong vendor management process at your institution is essential.

Every institution must be proactive and conscious of their vendors and the services they provide, as well as how performance and expectations are monitored. A robust and disciplined vendor management program is a necessity to increase transparency and oversight, while setting benchmarks for success. A comprehensive vendor management platform should include three key areas:

  • Contract management
  • Performance expectations and monitoring
  • Contingencies and vendor replacement

A valuable tool in effective vendor management is a service organization controls (SOC) report. Many, but not all, organizations have this tool to detail controls and assess risk, and financial institutions should request SOC reports when evaluating vendors. The SOC 2 report aligns with service-level agreements and vendor management protocols, with five distinct principles that help provide assurance around outsourced services. 

With the expansion of outsourcing, both in frequency and breadth, financial institutions must be more proactive in managing third-party vendors. Implementing a comprehensive vendor management program in conjunction with a SOC 2 report can help ensure your processes are sound and satisfy regulatory requirements.





Industry Advocacy

Speakers Bureau


Financial Institution Insights
delivers news and information critical to community banking professionals. The bi-monthly newsletter tackles issues ranging from IT security to regulatory compliance to operational improvement.

Compliance News
Compliance news for the banking and investment industry. Gain insights about the latest compliance news and how it will affect your business.