How good are your vendor contracts?

April 17, 2015 at 8:40 am Leave a comment

To its credit, for almost a decade now NCUA has been emphasizing the need for due diligence when entering into third party relationships. Unfortunately, based on what I have seen, the quality of credit union oversight varies widely with too many credit unions continuing to place too little emphasis on a properly drafted contract which commits vendors to upholding privacy standards and establishes a framework whereby your credit union monitors vendor performance.

So, I’m not surprised with the results of a survey released last week by New York’s Department of Financial Services. The Department surveyed 40 financial institutions about their vendor management activities. Its findings are likely to result in proposed state regulations outlining vendor relationship requirements. It concluded that:

  • Nearly 1 in 3 (approximately 30 percent) of the banks surveyed do not require their third-party vendors to notify them in the event of an information security breach or other cyber security breach.
  • Fewer than half of the banks surveyed conduct any on-site assessments of their third-party vendors.
  • Approximately 1 in 5 banks surveyed do not require third-party vendors to represent that they have established minimum information security requirements. Additionally, only one-third of the banks require those information security requirements to be extended to subcontractors of the third-party vendors.
  • Nearly half of the banks do not require a warranty of the integrity of the third-party vendor’s data or products (e.g., that the data and products are free of viruses).

http://www.dfs.ny.gov/reportpub/dfs_rpt_tpvendor_042015.pdf

As I see it, one of the biggest problems is that businesses think of the contract as one of those last second details to be addressed after a vendor has been selected.  It doesn’t have to be this way.  For your larger vendor contracts you should ask your finalists to provide you with copies of their base contracts.  You have leverage you should use if you find that one vendor has better terms than another. Furthermore, if one vendor is more committed than another to insuring data security then you can and should take this into account when making your final decision. Finally, you are being penny wise and pound foolish if you don’t pay for an attorney who has experience with vendor contracts and who is aware of pertinent regulatory requirements.  By the way, the Association is willing and able to provide these services.

Is the Fed Getting Cold Feet?

The recent spate of lack luster economic news may keep the Fed from raising interest rates when it meets in June, according to an interesting WSJ article today. If this reporting is correct, a consensus is emerging that with inflation still below its 2% target range and employment still lagging, it makes sense to wait until later in the year before deciding to pull the trigger on the first rate increase since the Fed placed short term interest rates near 0 in December 2008.

Two quick thoughts, this is another great example of the Groundhog Day economy we have been stuck in for some time now. Economists confidently predict every Fall that the economy is finally on solid footing only to back away from the predictions following tepid economic growth in the first quarter. For what it’s worth, this blogger still believes the Fed will raise rates ever so slightly in June, if only to shift the debate away from when interest rates will rise to how high they should go. Low interest rates have artificially inflated equities for several years now by making the market the only place to get an adequate return.

On that note, have a nice weekend.

Entry filed under: Compliance, Economy, Legal Watch, New York State, Regulatory. Tags: , , , .

Three Key Answers To Your Data Breach Questions Do We Really Need More Homeowner Protections?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 437 other followers

Archives