Reputational Risk, Abusive Practices, Customer Complaints and Social
Media Monitoring for Critical Customer-Facing (CCF) Vendors and Third
Party Outsourcing Relationships
Fully-Compliant with the New 2013 FFIEC, FDIC, CFPB and OCC Guidance
Background and Business Problem
New guidance examination standards posed by FDIC, OCC, FFIEC and CFPB in 2013 have focused on
new dimensions of risk from vendors and third parties to whom a financial institution may outsource the
acquisition or servicing of customers for various marketing, lending or other product-related initiatives,
either on a one-time basis or a recurring, ongoing basis. New risks have emerged from the potential for
these types of vendors to utilize aggressive, non-compliant, or abusive practices to secure and maintain
customer relationships. Other equally-important risks arise from the vendors' utilization of social media
or from customers voicing negative opinions using social media outlets, leading to greater compliance or
reputational risk, respectively, for the financial institution. Recognizing this, regulators have stepped up
the requirements for vendor management, as articulated in their regulatory publications related to
vendor and third party risk management. The recent updates include:
- FFIEC Guidance on Social Media (January 2013); (Note: the FFIEC prescribes uniform
principles and standards for six regulatory entities in the supervision of financial
institutions: CFPB, FDIC, Federal Reserve, NCUA, OCC and SLC.)
- FDIC Compliance Manual, Abusive Practices - Third Party Procedures (July 2013);
- OCC New Guidance for Third Party Risks (October 2013)
This guidance and new set of requirements has filtered down in 2013 and recent bank examinations are
producing commentary consistent with these new publications and updated requirements for banks to
formalize the practices of monitoring social media content, customer complaints and other data as a part
of their vendor management business practices.
In its most recent regulatory examinations, regulators have been issuing comments and recommendations like the following:
“Implement a process for using complaints filed directly with service providers, or through
social media or other publicly-available channels to monitor complaints raised against
service providers, and incorporate this information into service provider monitoring and
due diligence efforts.”
VendorInsight® is a class-leading technology solution employed by many financial institutions ranging
from multi-national, large regional and multi-affiliate banks to smaller, community banks and credit
unions to provide a platform for integrated vendor management. Currently, VendorInsight® provides a
comprehensive array of tools and automated technology solutions that enable best-in-class business
process and workflow for the various vendor management activities such as due diligence, contract
monitoring, risk assessment, performance reviews and policy compliance. The VendorInsight® solution
also delivers content for critical and high-risk vendors such as news, financials, SEC filings and other
market-based risk alerts derived from the screening of news and market events (e.g., earnings decline,
change of control, M&A activity, data breach, etc.), including financial and SSAE16 due diligence reviews.
The introduction of this new solution for customers addresses a complex set of guidance that spans more
than three regulatory bodies and is a natural extension of the technologies and dedicated resources
already in place at VendorInsight®.
As it is the philosophy of most banks to leverage existing vendor relationships and vendors' technologies
to avoid excessive personnel and staffing costs, especially where activities do not justify the addition of a
full-time employee. VendorInsight® is able to offer this solution as an economically-efficient and reliable
answer to the new regulatory and examination requirements by leveraging the existing technologies,
staffing, software capabilities and infrastructure at VendorInsight®.
The VendorInsight® CCF Vendor Monitoring Solution
VendorInsight® will perform the following activities on a quarterly review basis for the critical,
customer-facing (CCF) vendors identified by our financial institution customer. In addition to monitoring
for the vendor name, VendorInsight® will also monitor and report on the presence of the name of the
customer financial institution. Each quarter, VendorInsight® will perform:
- A custom, manual review of all news items and research items from the previous quarter for each
critical-customer-facing (CCF) vendor. The specific focus of the review is to identify items related
to non-compliance with lending or disclosure laws, regulatory restrictions or other CFPB, FDIC or
OCC-related news items.
- Automated screening of each CCF vendor name, including the name of the financial institution
against the CFPB database of customer complaints. A quarterly report characterizing the number
of opened complaints, closed/resolved complaints, and responsiveness of the vendor in resolving complaints will be provided and automatically uploaded into the VendorInsight® records
- A custom online search of web content for each CCF vendor to identify social media items related
to customer complaints with the vendor's services, actions, or quality of delivery. A summary
report characterizing the number and nature of findings will be provided.
Pricing and Delivery
2013 Q4 and early 2014 pricing for each group of ten (10) critical-customer-facing (CCF) vendors or third
parties is expected to be $2,975 quarterly (invoiced annually with the VendorInsight® annual Program
Fee). All reports and summary items will be posted directly into the VendorInsight® system by
VendorInsight®, unless otherwise preferred. CCF monitoring may be discontinued or resumed at any
time by the customer as a part of its configuration of the VendorInsight® with all fees billed on a pro-rata
VendorInsight® recommends the addition of these services to all customer beginning in Q4 2013.
Considering the excellent reputation of VendorInsight®, the favorable cost of the proposed solution
versus hiring new personnel or developing new systems or technologies, and the natural fit of the new
guidance within the domain of our vendor management technology, and the specific requirements
imposed by FFIEC, FDIC and OCC in their new guidance, it is recommended that each financial
institution customer of VendorInsight® leverage its relationship with VendorInsight® to enable
automation, integration and ease of workflow for these new vendor monitoring activities. The inclusion
and addition of VendorInsight®'s Critical Customer-Facing (CCF) Vendor Monitoring for Reputational
Risk, Abusive Practices, Customer Complaints and Social Media Monitoring for Customer-Facing
Vendor Outsourcing Relationships may be added by addendum to the VendorInsight® Services
Agreement and customer configuration at any time.
Further, it is our expectation that the scope of this type of vendor monitoring will evolve as regulators
and bank examiners further develop their thoughts and practices around this compliance requirement
and we will continually develop our solutions to meet the requirements and business needs in this area.
In keeping with our promise, the VendorInsight® solution protects our financial institution customers
and enables them to flexibly adapt to new emerging requirements as may be necessary over time.