Third-Party Due Diligence

September 21, 2005

Increasingly, credit unions are being encouraged by regulators and operationally compelled to look to third-party service providers, reports Credit Union Management magazine. The reasons run the gamut from meeting specialized operational requirements to taking advantage of cost-efficient operational opportunities to extending better financial services to an institution's membership.

The National Credit Union Administration has gotten it right in this area of operational procedure. In November 2001, the agency published Letter to Credit Unions 01-CU-20, “Due Diligence over Third Party Service Providers.” Nonetheless, with so much "guidance" and "advice" flowing to institutions day in and day out, this document may have received short shrift. That's a shame, as the letter's sage counsel is a "must-read!"

Unfortunately, the agency's message jumps right into what actions should be taken prior to entering into a relationship without ever articulating what "due diligence" means.

Due diligence refers to the caution an individual exercises before undertaking an action. Illustratively, the concept embraces everything an individual would do before purchasing a new car, such as: assessing the vehicle's quality, its pricing, and the seller's reputation for good service.

How, then, should a credit union conduct a due diligence evaluation of a potential transaction or relationship?

For starters, before entering into "serious" discussions with a potential service provider, check out the organization's reputation. Ask yourself, is the entity known for delivering what it states it will? Have other organizations had problems with it? Will it offer a product worthy of the credit union's image and service?

Other questions include: Have any complaints been raised concerning the organization? If so, what was their nature, were they substantiated and reasonable, are they critical to whether you enter the relationship?

Along with deciding whether the organization in question is worthy of doing business with, a second area of consideration should be the terms and conditions of the proposed agreement.

Quite frequently, a third-party provider will offer up a deal on a "take it or leave it" basis. The refrain heard is "this is the way we do it," "our pricing is so and so," or "we don't deviate from the terms and conditions in the contract we're offering."

No relationship is carved in stone. There is always room for negotiation, not only on pricing and quantity, but also on specific terms and conditions.

If a party truly wants to do business, it will accommodate reasonable needs. Indeed, this experience has been drawn from dealing with such monoliths as IBM and MasterCard, to name just a few.

Pay Attention to Details

Whenever you are about to sign an agreement with a third party, it's important to have legal counsel on hand who will "fly speck" every aspect of the "legal" deal and its predicate agreement (the contract that the CU and the service provider are entering into and the basis of the transaction) to ensure the credit union's interests are protected.

Every word and phrase in a written agreement counts. A single word, phrase, or sentence can mean the difference between the existence or lack of a substantial protection to the credit union.

Another critical aspect of a due diligence review is information technology security. Virtually every operational action taken to support the extension of credit union services and products in some way is linked to an IT underpinning. Laws and implementing statutes are crystal clear when it comes to this topic-financial institutions have an obligation to ensure the integrity of institutional and members' personal information. Consequently, carefully tracing how a third party's IT protocols will interface with the credit union's and the extent of the potential partner's security practices are not matters to be taken lightly.

Look Before You Leap

A final word of advice is to ask yourself, "What is the business future of the company that we propose ‘to go to the dance with?'" Is the company a start-up operation? How strong are its financials? What is the prospect for future business? These are just a few of the issues that must be considered.

In the end, it simply makes sense to "look before you leap" when it comes to third-party relationships. Why expend energy, resources and efforts on a situation that has the real potential for being short-lived? Extending services and enhancing operations always present greater or lesser elements of risk. A comprehensive due diligence investigation is the pathway to diminish the dangers and enhance the opportunities.

Stephen Eisenberg is an attorney for Pentagon FCU in Alexandria, Virginia. This article first appeared online at The Point for Credit Union Research and Advice’s website at thepoint.cuna.org. Reprinted with permission.

Post this page to:

Comments