Vendor due diligence is not just for small banks anymore-it is for all banks. After the COVID-19 pandemic and the continued development in the Banking as A Service (BaaS) environment and the explosive growth of payment services by all types of vendors, banks of all sizes must have a robust vendor due diligence program in place and even more so when dealing with fintechs.
Regulators have become extremely interested in your VDD program these days and want to make sure that you are managing the various risks of the services that your vendors are providing for your customers. Of course, they expect that you want to offer the best of services and the fastest of payment processing and the coolest gizmos and gadgets in your mobile banking apps, but who are these new fintech vendors that seem to be coming out of the woodworks these days that we had never heard of, even a year ago? Do you really know what you should about these vendors? You may not think you even have fintech vendors but look again and you might be surprised!
In this 1-hour session we will discuss what the regulators are looking for in your next safety & soundness exam and how your fintech due diligence program should look. We will help lay out the groundwork to make sure that your program helps you to:
Have well-documented SOC reviews in file.
Have clear communication with your vendor Points of contact on critical issues.
Deal with vendors who seem to not understand their regulatory obligations to your customers.
Address your executive management team with the critical vendors and related information they need to know to make the best approval (or decline) decisions of those fintechs.
Address your board to ensure they are fully familiar with who the vendor is and what services they actually provide.
Truly do a deep dive and understand the real risks in not obtaining all of the necessary documentation and vetting of your moderate- and high-risk vendors when things go wrong.
Document your onboarding and full due diligence of fintech providers and properly classify them.
Identify the various risks associated with your fintech-related vendor management program (reputation risk, operations-risk, etc.).
Instructor(s)
Maureen Carollo, CRCM, CAMS
Maureen E. Carollo is SVP, Director of Compliance for Sovereign Bank in Oklahoma City, a $1.2 billion community bank. She was most recently Chief Compliance & Chief Risk Officer, SVP, for Old Glory Bank and has over 35 years of experience in the deposit operations, loan administration, compliance management, internal audit and BSA/AML/CFT management areas and holds the Certified Regulatory Compliance Manager (CRCM) designation and the Certified Anti-Money Laundering Specialist (CAMS) certification. She is a graduate of the Southwestern Graduate School of Banking at SMU in Dallas, Texas, and graduated with recognition for leadership. She serves on the “ABA Bank Compliance” magazine Editorial Advisory Board, where she has had multiple articles and columns published. She has also received an APEX Award for “Excellence in Publishing.” She has been a regular speaker for the ABA Regulatory Compliance Conference, where she serves on the Advisory Board and was awarded the 2021 “Distinguished Service Award” for Compliance. She has also regularly spoken at events for Marquis Centrax, CbanC and Bankers Online. She is also active in the Oklahoma Bankers Association, where she has been past Chairman of the Compliance School Board of Regents and has served on the Board for over 20 years. She is also a frequent speaker for the OBA’s Compliance School and past speaker for their Operations School, Consumer Lending School, and Intermediate Banking School.
Audit and Internal Controls,Compliance Management and Auditing,Compliance,eCompliance,Information Security,Privacy and Legal Searches,Risk Management,Technology