Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,

Similar presentations


Presentation on theme: "1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,"— Presentation transcript:

1 1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke, III Member, Citigroup Trust Fiduciary Advisory Counsel

2 2 Our Agenda A brief history of outsourcing A brief history of outsourcing The current regulatory environment The current regulatory environment Remote vendor management Remote vendor management Performing an on-site vendor review Performing an on-site vendor review Some points to ponder Some points to ponder

3 3 Early Trust Accounting Hand posted records Hand posted records Machine posted records Machine posted records Electronic data processing Electronic data processing In-house hardware and software In-house hardware and software Service bureau contracts Service bureau contracts

4 4 Custody of Trust Assets Physical securities – by account and “FOSBI” Physical securities – by account and “FOSBI” FRB “book entry”, DTC and de-securitization FRB “book entry”, DTC and de-securitization Use of correspondent banks Use of correspondent banks Holding companies and consolidation of trust departments Holding companies and consolidation of trust departments Stand-alone trust companies Stand-alone trust companies

5 5 Investment Management In-house investment management In-house investment management Use of asset managers from other departments Use of asset managers from other departments Purchase of investment management services Purchase of investment management services Purchase of I/M services for specialized assets Purchase of I/M services for specialized assets

6 6 Tax and Other Servicing Purchasing tax servicing Purchasing tax servicing Use of tax experts from elsewhere in the institution Use of tax experts from elsewhere in the institution Other services: Other services: –Managing real property –Appraising real estate or closely-held companies –Managing other specialized assets Pricing of specialized services Pricing of specialized services

7 7 “Private Labeling” Trust Services The bundling of trust services The bundling of trust services Advent of SEI Investments (Trust Company) & similar institutions Advent of SEI Investments (Trust Company) & similar institutions Deciding what services to retain in- house: Deciding what services to retain in- house: –Sales and marketing –Front-office processing –Middle-office coordination –Back-office operations Particular concerns regarding sharing of client privacy and sharing of client information (see Sarbanes- Oxley, GLBA, USA PATRIOT Act and so forth) Particular concerns regarding sharing of client privacy and sharing of client information (see Sarbanes- Oxley, GLBA, USA PATRIOT Act and so forth)

8 8 Holding Companies and Use of Affiliates The FRB’s parts 23A and 23B The FRB’s parts 23A and 23B Pricing of services and measuring profitability Pricing of services and measuring profitability Proper MIS and risk management Proper MIS and risk management Cross-selling products and services Cross-selling products and services “Arm’s Length Transactions” “Arm’s Length Transactions”

9 9 Recent Regulatory Developments SR 00-4 (SUP) from the Federal Reserve –Outsourcing of Information and Transaction Processing –Specifically addresses trust activities –Footnotes incorporate Fed, FFIEC and other earlier guidance, including parts 23A & B and SAS 70 reports OCC Bulletin –Examination procedures focused on client privacy –Attachment A, part IV details oversight of service providers OCC Bulletin –Risk Management of Third Party relationships –Supplements, but doesn’t replace, previous guidance

10 10 OCC Bulletin Areas of Concern The bulletin lists four areas of particular concern reflecting a chronological order The bulletin lists four areas of particular concern reflecting a chronological order –A risk assessment to identify the bank’s needs and requirements, –Proper due diligence to identify and select the third party provider, –Written contracts that outline duties, obligations and responsibilities of the parties involved, and –Ongoing oversight of the third parties and their activities

11 11 OCC Bulletin An Aside Obviously, the bulletin anticipates that the institution starts at the beginning, i. e. first, a decision is made to outsource a product, then a vendor is selected and so on However, more often than not, the outsourcing has already occurred, the vendor is in place and now we must establish a program

12 12 Most Recent Regulatory Developments Impacting Vendor Management OTS Thrift Bulletin TB 82 (03/18/2003) –Reminder of certain notification requirements –Notes a need for a termination provision –Rescinding of TB-46, “Contracting for Data Processing Services or Systems” (A comprehensive list of references is attached) OTS Thrift Bulletin TB 82a (09/01/2004) –Replaces TB 82, but not –Clarifies definition of “significant” contracts –Clarifies responsibilities of boards of directors and management –Modifies notification requirement when contracting with foreign service providers

13 13 OTS Thrift Bulletin 82 & 82a Key Issues Does not replace CEO Memo #133, “Risk Management of Technology Outsourcing” dated 12/13/2000 [later replaced by CEO Memo #201 dated 07/15/2004] or TB- 81, Interagency Policy Statement on the Internal Audit Function and its Outsourcing” dated 03/17/203; but, leverage off those documents and expends the concept to cover other types of third party arrangements Provide guidance re risk management on third party arrangements, whether with affiliates or non-affiliates Advises that safety and soundness examiners will review internal controls and management of third party arrangements and will request appropriate corrective action as needed

14 14 OCC Position regarding Key Risks Risks Associated with Most Third-Party Relationships –Strategic Risk –Reputation Risk –Compliance Risk –Transaction Risk –Credit Risk

15 15 OCC Position - Further Risks Depending on the circumstances, third-party relationships may also subject the bank to: – Liquidity risk – Interest rate risk – Price risk – Foreign currency translation risk – Country risk (when dealing with a foreign based service provider)

16 16 Key Components for establishing a Vendor Management Program Drafting and maintaining an effective contract Drafting and maintaining an effective contract –Periodic updating Relying on or supplementing the SAS 70 Report Relying on or supplementing the SAS 70 Report –Recent expansion of the “Report” Establishing service level conditions & escalation procedures Establishing service level conditions & escalation procedures Creating, receiving and using MIS reports Creating, receiving and using MIS reports Issues relating to the use of affiliates Issues relating to the use of affiliates

17 17 Creating, Receiving and Using MIS Reports Meeting regulatory or other minimum requirements Meeting regulatory or other minimum requirements – FFIEC minimum standards for trust accounting systems – SEC minimum standards for transfer agency functions – Standards set by the contracting parties Frequency of reports Frequency of reports – Daily, weekly, monthly or quarterly – Hard-copy, electronic, other – Receipt in a timely manner

18 18 Creating, Receiving and Using MIS Reports - Continued Using the MIS Reports Using the MIS Reports – Getting the reports to the right people – Providing feedback to the service provider – Modifying the reports as necessary

19 19 Vendor Management Tools Most institutions use a questionnaire or checklist during vendor review Most institutions use a questionnaire or checklist during vendor review Typical names of these document include: Typical names of these document include: – Vendor qualification questionnaire – Environmental control questionnaire – Outsourcing evaluation – On-site vendor review

20 20 Implementing an Effective Management Program Pre-implementation Due Diligence Pre-implementation Due Diligence Performing the Annual Review Performing the Annual Review General Information General Information Facility Security Facility Security Human Resources Human Resources Industry Trends Industry Trends Accounting Accounting Compliance Compliance Use of Third Parties Use of Third Parties Disaster Recovery / Continuity of Business Disaster Recovery / Continuity of Business Information Technology Information Technology Reporting, Follow-up & Ongoing Monitoring Reporting, Follow-up & Ongoing Monitoring

21 21 Points to Ponder Examiners, auditors and others will be looking to see how pro-active we are relative to vendor selection and management Examiners, auditors and others will be looking to see how pro-active we are relative to vendor selection and management –Selecting a vendor Cost/benefit analysis Cost/benefit analysis Documentation Documentation –Managing the vendor Frequency of contact Frequency of contact Condition of files Condition of files –Arrangements with affiliates Sections 23A and 23B Sections 23A and 23B Disclosure Disclosure

22 22 Points to Ponder Making the decision to perform an “on-site” vendor management review Making the decision to perform an “on-site” vendor management review –The nature of the service provided Data processing Data processing Custody of assets Custody of assets Tax preparation Tax preparation –The nature of the service provider Another bank Another bank A non-bank firm A non-bank firm An affiliate An affiliate –Dealing with affiliates Relying on their auditors, compliance people and risk managers Relying on their auditors, compliance people and risk managers


Download ppt "1 Outsourcing & Vendor Management Fiduciary & Investment Risk Management Association 21 st National Training Conference April 18, 2007 Frederick Yorke,"

Similar presentations


Ads by Google