Complete Vendor Monitoring
The VendorInsight® CCF Vendor Monitoring Solution

Reputational Risk, Abusive Practices, Customer Complaints and Social Media Monitoring for Critical Customer-Facing (CCF) Vendors and Third Party Outsourcing Relationships
Fully-Compliant with the New 2013 FFIEC, FDIC, CFPB and OCC Guidance

Background and Business Problem

New guidance examination standards posed by FDIC, OCC, FFIEC and CFPB in 2013 have focused on new dimensions of risk from vendors and third parties to whom a financial institution may outsource the acquisition or servicing of customers for various marketing, lending or other product-related initiatives, either on a one-time basis or a recurring, ongoing basis. New risks have emerged from the potential for these types of vendors to utilize aggressive, non-compliant, or abusive practices to secure and maintain customer relationships. Other equally-important risks arise from the vendors' utilization of social media or from customers voicing negative opinions using social media outlets, leading to greater compliance or reputational risk, respectively, for the financial institution. Recognizing this, regulators have stepped up the requirements for vendor management, as articulated in their regulatory publications related to vendor and third party risk management. The recent updates include:

  • FFIEC Guidance on Social Media (January 2013); (Note: the FFIEC prescribes uniform principles and standards for six regulatory entities in the supervision of financial institutions: CFPB, FDIC, Federal Reserve, NCUA, OCC and SLC.)
  • FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013);
  • OCC New Guidance for Third Party Risks (October 2013)

This guidance and new set of requirements has filtered down in 2013 and recent bank examinations are producing commentary consistent with these new publications and updated requirements for banks to formalize the practices of monitoring social media content, customer complaints and other data as a part of their vendor management business practices.

In its most recent regulatory examinations, regulators have been issuing comments and recommendations like the following:

“Implement a process for using complaints filed directly with service providers, or through social media or other publicly-available channels to monitor complaints raised against service providers, and incorporate this information into service provider monitoring and due diligence efforts.”

VendorInsight® is a class-leading technology solution employed by many financial institutions ranging from multi-national, large regional and multi-affiliate banks to smaller, community banks and credit unions to provide a platform for integrated vendor management. Currently, VendorInsight® provides a comprehensive array of tools and automated technology solutions that enable best-in-class business process and workflow for the various vendor management activities such as due diligence, contract monitoring, risk assessment, performance reviews and policy compliance. The VendorInsight® solution also delivers content for critical and high-risk vendors such as news, financials, SEC filings and other market-based risk alerts derived from the screening of news and market events (e.g., earnings decline, change of control, M&A activity, data breach, etc.), including financial and SSAE16 due diligence reviews. The introduction of this new solution for customers addresses a complex set of guidance that spans more than three regulatory bodies and is a natural extension of the technologies and dedicated resources already in place at VendorInsight®.

As it is the philosophy of most banks to leverage existing vendor relationships and vendors' technologies to avoid excessive personnel and staffing costs, especially where activities do not justify the addition of a full-time employee. VendorInsight® is able to offer this solution as an economically-efficient and reliable answer to the new regulatory and examination requirements by leveraging the existing technologies, staffing, software capabilities and infrastructure at VendorInsight®.

The VendorInsight® CCF Vendor Monitoring Solution

Solution Deliverables

VendorInsight® will perform the following activities on a quarterly review basis for the critical, customer-facing (CCF) vendors identified by our financial institution customer. In addition to monitoring for the vendor name, VendorInsight® will also monitor and report on the presence of the name of the customer financial institution. Each quarter, VendorInsight® will perform:

  • A custom, manual review of all news items and research items from the previous quarter for each critical-customer-facing (CCF) vendor. The specific focus of the review is to identify items related to non-compliance with lending or disclosure laws, regulatory restrictions or other CFPB, FDIC or OCC-related news items.
  • Automated screening of each CCF vendor name, including the name of the financial institution against the CFPB database of customer complaints. A quarterly report characterizing the number of opened complaints, closed/resolved complaints, and responsiveness of the vendor in resolving complaints will be provided and automatically uploaded into the VendorInsight® records database.
  • A custom online search of web content for each CCF vendor to identify social media items related to customer complaints with the vendor's services, actions, or quality of delivery. A summary report characterizing the number and nature of findings will be provided.

Pricing and Delivery

2013 Q4 and early 2014 pricing for each group of ten (10) critical-customer-facing (CCF) vendors or third parties is expected to be $2,975 quarterly (invoiced annually with the VendorInsight® annual Program Fee). All reports and summary items will be posted directly into the VendorInsight® system by VendorInsight®, unless otherwise preferred. CCF monitoring may be discontinued or resumed at any time by the customer as a part of its configuration of the VendorInsight® with all fees billed on a pro-rata basis.


VendorInsight® recommends the addition of these services to all customer beginning in Q4 2013. Considering the excellent reputation of VendorInsight®, the favorable cost of the proposed solution versus hiring new personnel or developing new systems or technologies, and the natural fit of the new guidance within the domain of our vendor management technology, and the specific requirements imposed by FFIEC, FDIC and OCC in their new guidance, it is recommended that each financial institution customer of VendorInsight® leverage its relationship with VendorInsight® to enable automation, integration and ease of workflow for these new vendor monitoring activities. The inclusion and addition of VendorInsight®'s Critical Customer-Facing (CCF) Vendor Monitoring for Reputational Risk, Abusive Practices, Customer Complaints and Social Media Monitoring for Customer-Facing Vendor Outsourcing Relationships may be added by addendum to the VendorInsight® Services Agreement and customer configuration at any time.

Further, it is our expectation that the scope of this type of vendor monitoring will evolve as regulators and bank examiners further develop their thoughts and practices around this compliance requirement and we will continually develop our solutions to meet the requirements and business needs in this area. In keeping with our promise, the VendorInsight® solution protects our financial institution customers and enables them to flexibly adapt to new emerging requirements as may be necessary over time.