vendor compliance for credit unions
TRANSCRIPT
Vendor Compliance Monitoring
Jim Vilker, VP Professional Services, AuditlinkEdward Sullivan, CEO, TrustExchange
Copyright 2016 TrustExchange 2
AuditLink is dedicated to making
your credit union more prepared to
meet the ever-changing compliance
requirements
Copyright 2016 TrustExchange 3
Copyright 2016 TrustExchange 4
The TrustExchange is a community of businesses who
securely disclose and monitor key
information to increase their trust in
each other.
Copyright 2016 TrustExchange 5
Together, we provide a complete solution
to design, implement and continuously monitor Vendor
Compliance.
Copyright 2016 TrustExchange 6
Today, as Vendor relationships grow wider and deeper, standard solution
providers can’t keep up.
Copyright 2016 TrustExchange 7
Company
Customer
Regulators
Vendor N
Vendor 1
Vendor 2
Typical Compliance Interactions
Copyright 2016 TrustExchange 8
Credit Union
Customer
Regulators
Marketing Vendor
RiskMitigators
FacilitiesVendor
StaffingVendor
ITVendor
CoreProcessor
Credit Union Compliance
Copyright 2016 TrustExchange 9
CUSO Compliance Interactions
CUSO
CU 3
Regulators
Vendor3
RiskMitigators
Vendor5
Vendor4
Vendor 2
Vendor 1
CU 4 CU 5CU 2CU 1
Copyright 2016 TrustExchange 10
Vendor Compliance Lifecycle:
Monitoring AND VisibilitySelection
Implementation
Compliance Performance
Operational Performance
Renewal
Copyright 2016 TrustExchange 11
Exponential RequirementsNew Requirements are an
Exponential Increase in Activity
• Current Activity and Cost• Due Diligence• Contract Management• Data Collection• Report Compilation• $500-$1,100/vendor /year
• New Requirements• All of the Above• Objective, Subjective and
Operational Data Monitoring• Visibility throughout enterprise• $2,200-$5,000/vendor/year
Copyright 2016 TrustExchange 12
SCALE EVENT CENTRIC
NO TRUST BUSINESS MODEL
• 40M Companies• Validate 20M/yr• Data Points/yr:
0.5
• Event vs. Process
• Check vs. Monitor
• React vs. Proact• Lagging
hindsight data
• Errors • Not Timely • Not Actionable• Stale Sources
• Fee to Check• Fee to Submit• Fee to Self-
Certify• Fee to
“Manage”
TODAY: 4 Key Problems
Copyright 2016 TrustExchange 13
EXPONENTIAL SCALE PROCESS THINKING
TRUST DISCLOSURES BUSINESS MODEL
• Monetize Value• Tiered Offering• Account
Management• “Verticalize”
Solutions
• Tiered Disclosures• Key Events • Bona fides • 3rd Party Certified• Custom
Disclosures
• Monitor Over Time• Increased
Frequency• “Gamify” for Data
Quality and Timliness
• “Exponentialize” Events
• “Crowd Source”• Public Data
Sources• Role Based Data• Partner Data
Think Facebook Think WAZE
Think KickStarter Think Salesforce.com
SOLUTION: TrustExchange
Copyright 2016 TrustExchange 14
Wouldn’t it be Nice If...Monitor ALL Vendors
Custom Compliance
Custom Risk Rank
Alerts PUSHED
{{{
High
Med
Low
•Payments•Clearing•Settlement•Reputation•Operations•Customers•Non-Core•Staffing•Facilities
{{{
High
Med
Low
•Annual Audit•Qtrly Financials•Monthly SLAs
•Annual CPA Cert•Annual Insurance Cert•Qtrly SLAs•Annual Insurance Cert•Annual Contract Review•Annual SLAs
Copyright 2016 TrustExchange 15
Vendor Compliance
SelectionDue
Diligence
Ongoing Vendor
Monitoring
Objective
Subjective
Operational
HighRisk
MediumRisk
LowRisk
Criteria 1 Criteria2 XXXYYY
QTR Financials Invoice Review Insurance Attny Cert Management
Criteria 1 Criteria2 XXXYYY
Criteria 1 Criteria2 XXXYYY
QTR Financials QTR XXXYYY
QTR Financials QTR XXXYYY
Customer Reviews
Supplier Reviews Industry HealthYYY
Security Audit MTLY SLA XXXYYY
QTR Financials QTR XXXYYY
QTR Financials QTR XXXYYY
QTR Financials QTR XXXYYY
QTR Financials QTR XXXYYY
Copyright 2016 TrustExchange 16
Compliance Monitored
Copyright 2016 TrustExchange 17
Vendor Detail
Copyright 2016 TrustExchange 18
ImplementationLoad
Configure
Curate
Operate
Vendors
Data
Risk
Trust
Customers
Vendors
Certify
Alerts
Actions
Reports
90 Days
Features• Peer Based Rating (Private and Public)• Event “timeline”• Custom Rules and Policies• Custom Categories• Custom Policies• Custom Monitoring Dashboards• Custom Reports and Alerts• Full set of Enterprise features (users,
administrators, roles)Copyright 2016 TrustExchange 19
Applications• Monitor Key Relationships– Customers, Vendors, Partners– News, Key events, Public Data
• Competitive Intelligence• Sales Intelligence• Compliance– “Collaborative Compliance”– Customer Compliance, Vendor
ComplianceCopyright 2016 TrustExchange 20
Copyright 2016 TrustExchange 21
Stay Tuned• Best practices on– Criticality assessment– Categorization of vendors based upon
risk– Daily monitoring and management of
events– Reporting to • Executive teams• Boards• Regulators