"Accounting Due Diligence"
Evaluating Third Party Relationships Richard Handrick Supervisory Examiner Region IV What Will We Cover? o Letter to Credit Unions 07-CU-13 & Enclosure - Supervisory Letter 07-01 o Elements of An Effective Program o Questions 2 Vendor Relationships o Credit Unions Utilize Vendors for • Lending Services (Centrix, Zopa, CUSOs, CUDL) • Regulatory Compliance (BSA & OFAC) (Bridger) • Electronic Services (Data Processing, Internet Banking, Bill Pay, Credit Card) (DI, PSCU, Checkfree) • Asset Liability Management (c.Myers, Corporates) 3 Elements of An Effective Program o Risk Assessment and Planning o Effective Due Diligence Review o Measuring, Monitoring, and Controlling Risk 4 First Element of an Effective Program o Planning and Risk Assessment • Expectations for Outsourced Functions • Criticality of Relationship • Staff Expertise • Cost-Benefit Relationship • Insurance Coverage • Impact on Membership • Exit Strategy 5 First Element of an Effective Program o Planning and Risk Assessment • Does the credit union’s plan include measurable and achievable goals? • Do the credit union’s financial projections address a range of outcomes? • Do the financial projections fit into the overall strategic and ALM framework? 6 Second Element of an Effective Program o Due Diligence Consideration • Background Checks • Business Model • Cash Flows • Financial Condition • Contract and Legal • Accounting 7 Due Diligence Background Checks o Consider the Vendor’s Past Experience o Request References from Other Clients o Review Past Legal Concerns, if Applicable o Ensure Licenses and Certifications are In Place and Current o Secure References from Other Sources 8 Due Diligence Business Model o Vendor’s Business Plan o Credit Union and Vendor Responsibilities o Conflicts of Interest Between Vendor and Credit Union o Vendor Third Party Relationships 9 Due Diligence Cash Flow o Cash Flow • Understand Cash Flow Process (Member to Vendor to Credit Union) • Reporting Mechanism • Annual Audit Tests 10 Due Diligence Financial/Operational Condition o Ability to Fulfill Contract Commitment o Audited Financials, if Available o Information from Other Financial Sources o Requirements for Independent Audits, Other Reviews in Contract 11 Due Diligence Contract/Legal o Address all Required Areas o Legal Opinion from Attorney with Appropriate Expertise and Independence o Compliance with State and Federal laws 12 Due Diligence Accounting o Accounting • Adequate Accounting Infrastructure • Compliant with Generally Accepted Accounting Principals • CPA Guidance 13 Third Element of an Effective Program o Measuring, Monitoring, Controlling Risk • Policies and Procedures Limit Vendor Activities and Risk Establish Program Limits List of Approved Parties Staff Responsibilities Program Oversight Reports/Reports to Management 14 Measuring, Monitoring, Controlling Risk o Monitoring • Timely Reports • Contain Sufficient Information • Provided to Management/BOD • Annual Audit Tests Accuracy • Infrastructure to Monitor Performance • Assign Oversight to Appropriate Staff 15 Measuring, Monitoring, Controlling Risk o Controls • Member Data Communicated and Stored in Secure Manner • Measure Compliance with Contract • Quality Control Procedures • Evaluation of Program 16 Summary 3rd Party Relationships o Outsourcing Increases Risk o Officials Responsible for Sound Operations, Safeguard Assets and Member Information o Sound Risk Management, Planning, Due Diligence, Measurement, Monitoring, and Control 17 Questions 18