The use of outside vendors by financial services companies is far from new, but the role of these service providers and the adequacy of their work have drawn increasing regulatory scrutiny over the past few years. Effective management and oversight of third-party service providers is key to minimizing the likelihood of derivative liability. Companies must use adequate due diligence to select and engage vendors, consistently monitor the quality of their work, and timely mitigate any problems identified.
Institutions using third-parties service providers should consider taking steps which include the following:
- Establishing written guidelines and clear criteria for the selection of service providers;
- Establishing detailed, written record-keeping protocols for work performed by service providers and monitoring adherence to their implementation;
- Establishing an appropriately robust quality assurance monitoring and testing program together with timely reporting;
- Conducting periodic on-site reviews of service providers for compliance including periodic review of the service provider’s policies, procedures, internal controls and training materials; and
- Carefully analyzing customer complaints related to service provider, in order to remediate any consumer harm and identify broader trends that may need to be addressed.