Do You Make These Mistakes In Your Contracts?

April 8, 2019 at 8:51 am Leave a comment

Mistakes happen. Just ask the ref who didn’t call a double dribble on Virginia moments before it made the game winning free throws in the final four on Saturday night. Never mind the fact that any 13 year-old kid officiating the local game at the YMCA would have spotted the foul.

Fortunately, we can all learn from other’s mistakes. A recent letter to banks subject to the FDIC’s jurisdiction is worth reading and paying attention to for credit unions even though it doesn’t apply to them.

According to the FDIC, its examiners are spotting a trend in which banks contracting with technology service providers may not be adequately defining the rights and responsibilities of third-party technology providers regarding business continuity incident response responsibilities.

According to the FDIC, “Some contracts do not require the service provider to maintain a business continuity plan, establish recovery standards, or define contractual remedies if the technology service provider misses a recovery standard. Other contracts did not sufficiently detail the technology service provider’s security incident responsibilities such as notifying the financial institution, regulators, or law enforcement.” It goes on to remind banks that they are obligated to address such issues as part of their obligation to adequately protect member data under regulations promulgated pursuant Gramm- Leach- Bliley Act. By the way so are credit unions.

Besides, business continuity is of course ultimately the responsibility of a financial institution. Just as I like to point out that “the vendor made me do it” is no defense to a regulatory oversight by your credit union, it is equally true that a lack of business continuity resulting from a poorly drafted and executed contract is no defense to examiners and it sure isn’t much of a consolation to members being denied access to the banking services they rely on.

By the way, Credit unions also should also make  that they give themselves the right and actually take on the responsibility to periodically audit the business continuity plans of key third-party providers. Contract language is great but suing someone for breach related to business continuity is not nearly as helpful to your members or your credit union’s reputation as maintaining adequate services in an emergency.

Even though this is a FDIC guidance, it has long been recognized than NCUA and other financial regulators expect contract terms to appropriately delineate third-party responsibilities. My guess is that many of the same pressures which are leading to business continuity oversights in technology contracts are present for many credit unions. Let’s face it, there is not only a recognition that our members expect the latest gizmos and gadgets but there is no shortage of third-party vendors pitching these services who have kindly drafted their own contract to speed up the process.

March Job Numbers Released

Just a quick note that on Friday, the Department of Labor released the March job numbers. According to the Department 196 new jobs were created with the unemployment rate remaining 3.9%.

Entry filed under: Compliance, General. Tags: , , .

Housing Reform Is Finally Here! Three Things You Need To Know This Wednesday Morning

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 756 other followers


%d bloggers like this: