Internal Control Questionnaires and Verification Procedures

Third Party Vendors

  1. Has a bank officer been assigned responsibility for ensuring that the bank adequately monitors the effectiveness of customer protection systems?

  2. Has the bank developed a written oversight program to monitor the activities of outside vendors operating bank-related sales programs?

  3. Does the governing agreement with third party vendors include provisions regarding:

    1. Training for bank employees?

    2. Methods of implementing the customer protection standards contained in the bankís policy?

    3. Permission for the OCC and the bank to have access to appropriate records involved in bank-related sales?

    4. The scope and frequency of reports to be furnished?

  4. Do reports furnished by third party vendors include:

    1. A list of all new account openings and initial trades?

    2. A list of significant or unusual (for the customer) individual sales?

    3. A list of all written and oral customer complaints and their resolution?

    4. Sales reports by product, salesperson, and location?

    5. Internal compliance reviews of accounts originated at the bank?

    6. Copies of reports furnished to the third party vendor by their regulator?

  5. Are reports furnished by a third party vendor:

    1. Prepared by someone independent of the vendorís sales force?

    2. Timely and sufficiently detailed?

  6. Does bank management have procedures in place to avoid reliance on third party audit and control systems if the vendorís control personnel receive transaction-base incentive compensation?

  7. If another party, such as a clearing broker or third party vendor performs the product selection analysis, does bank management understand and agree with the analysis method?

  8. If customer information is provided to the third party vendor, has a legal opinion concerning the bankís authority to share customer information with third parties been obtained?

  9. Has a bank officer been assigned responsibility for ensuring that adequate training is provided to bank staff, and for reviewing the hiring and training practices of any third party vendor?

Previous: Compliance Program Next: Risk Management and Insurance