Assess risk level of vendor
Collate all necessary documentation on vendor
Review vendor’s financial stability
Examine vendor’s compliance history
Confirm vendor’s insurance coverage
Verify adequacy of vendor’s personnel and internal controls
Ensure vendor's experience and qualifications match the service provided
Review service level agreements with the vendor
Approval: Vendor Documentation
Conduct ongoing vendor performance monitoring
Establish continuity plan in case of vendor failure
Monitor the vendor's compliance to agreed terms
Evaluate vendor's disaster recovery and business continuity plans
Ensure vendor's financial condition is not harming performance
Update vendor risk ratings periodically
Approval: Vendor Risk Ratings Update
Document all self-assessment and independent reviews performed
Retain all vendor-associated records as per regulatory requirements
Ensure compliance with all FFIEC guidance on outsourcing