Vendor Management

Servicers often use third-party vendors to provide services and products that support its business and financial strategies. It is critical that third-party relationships are managed in accordance with internal policies that affect operational, financial, and regulatory risks.

Introduction

Servicers should perform an initial risk assessment to determine whether or not to enter into a vendor relationship as well as develop a documented process for annual recertification to ensure the vendor is performing as required.

Servicers should have processes in place to effectively select and manage vendors used across all servicing functions. Effective vendor management also includes ensuring that knowledge of the outsourced process(es) is maintained in-house. Standardized practices should be in place to create a consistent approach to selecting a vendor and monitoring vendor activities. Practices should include a due diligence process used to evaluate a third party’s cyber security protocols.