I am the Chairman of the CUNA committee for due diligence. CUNA formed the Due Diligence Task Force earlier this year to respond to concerns from credit unions and their regulators over how to best meet credit union's due diligence responsibilities involving third-party vendors without unnecessary duplication of effort. The committee has held a series of meetings and has a Web site with a great deal of information for credit unions at cuna.org.
I want to thank you and Joe Ghammashi for your helpful article on vendor risk management. I thought the four step process that Joe outlined was very helpful. (See CU Times, May 21, 2008, page 1.)
I think that even a great vendor that meets every possible criterion can become a bad vendor if the credit union selects a vendor that is inappropriate based on that credit union's business plan. A great example is that indirect lending (you can substitute real estate lending, business lending, credit card lending, etc.) done badly will be a problem regardless of which vendor is chosen. The credit union has to make sure that any service they add to their business plan makes sense with the credit union's ability to execute the business plan and the overall business plan. So before considering vendor due diligence or vendor risk management the credit union has to make sure it has a business plan and that plan makes sense and that any new service makes sense as part of the overall business plan.
The SAS 70 review appears to be a good model for how vendor due diligence may develop. It seems that much of the due diligence process would be duplicative for both vendors and their clients. Contract terms, service level agreements and the criteria for selecting vendors are all steps that are unique to each credit union. There will probably be some vendors who will offer to perform these services for credit unions. My advice is caveat emptor. These are critical steps and if you outsource them you may not have the skill to manage the on-going vendor evaluation and management. The annual vendor evaluation is another matter and could take the form of a SAS 70 type II review. It could very well be done by a third party that shares the results with many credit unions. This evaluation should include testing by the third party to assure that concerns such as security and financial stability are addressed. Each credit union would still have to evaluate service level agreements and how well the vendor is performing on those. I think it is very likely there will be vendors that offer to certify vendors for credit unions–again I urge caution.
I think that credit unions work best when they cooperate and I would share Joe Ghammashi's preference for doing business with CUSOs and other credit unions. But again I offer a caution that the same standards of due diligence have to apply whether or not the vendor is a CUSO or a credit union.
I also agree with Joe that the standards for vendor due diligence have to apply equally to all credit unions. A credit union charter is a privilege that should only be granted and retained based on meeting standards of member service quality, safety and soundness. Credit Unions may be able to outsource some portions of vendor selection but even when they do that they still have to evaluate, monitor and manage the vendor's performance. My fear is that if the vendor selection is the result of a third party certification then the knowledge and ability (time and expertise) that is required to manage a vendor may be lacking. The knowledge and ability to evaluate, monitor and manage a vendor is the same as that required to select a vendor, and outsourcing vendor selection may indicate a lack of knowledge or ability to do either. That said the credit union system will likely offer services to do all aspects of vendor due diligence and in the final analysis it is the performance that counts.
Henry Wirz
President/CEO
SAFE Credit Union
North Highlands, Calif.
Stick to the Facts, Please
Apparently, CU Times decided to become the CU "Enquirer" regarding coverage of the Oklahoma League annual meeting. There is so much fiction and innuendo in the articles that I just had to comment. For example, I had to laugh about our secret balloting, which is voting by paper ballot and adding the results to see who wins the election. Wow! How secret is that. And how about those sensationalized headlines, reporting that two volunteers lost bids for reelection, when only one was an incumbent. I guess it all makes for good press, but please, just stick to the facts.
Steve Rasmussen
President/CEO
FAA Credit Union
Oklahoma City
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.