Due Diligence Over Third Party Service Providers

Credit unions are increasingly partnering with outside parties to enhance the services provided to members. This is especially true in the lending arena where third-party relationships are opening the doors to less traditional programs such as leasing, indirect lending, and risk-based lending (also referred to as sub-prime lending). These arrangements can make programs more cost-effective, enable credit unions access to expertise that has not been developed in-house, and promote programs that may not be feasible if entered into independently. However, we are also aware of cases of third-party relationships resulting in financial stresses for credit unions due to unanticipated costs, legal disputes, and asset losses. Generally, these situations occurred because the credit union either failed to exercise proper due diligence before entering into a relationship or failed to set up controls to monitor performance.

Due Diligence Review

Credit union officials are responsible for planning, directing, and controlling the credit union’s affairs. To fulfill these duties, the officials should require a due diligence review prior to entering into any arrangement with a third party. The following identifies minimum procedures a credit union should follow; however, this should not be considered an exhaustive list. Many times, information gathered from the review will lead to further inquiries or fact-finding.

Planning. The officials should determine whether the proposed activities are consistent with the credit union’s overall business strategy and risk tolerances. These risks include the potential loss of capital invested if the venture fails, the loss of member confidence if the program does not meet their expectations, and the costs associated with attracting and retaining qualified personnel and investing in the required infrastructure (e.g., technology, space, communications). If the officials do not believe the activities would complement their strategic vision for the credit union, the third-party lending relationship should not be pursued.

Background Check. It always is important to understand how the third party has performed in other relationships. Contacting credit unions or other clients of the third-party is essential. Inquire how satisfied these credit unions or third parties are with the prospective partner, and what pitfalls they may have encountered. Sources such as the Better Business Bureau, and Federal Trade Commission also maintain complaint histories on businesses.

Legal Review. The credit union’s attorneys should review all contracts to ensure that the officials clearly understand the rights and responsibilities of each party. For example, the review should indicate which party bears the costs of collateral disposition, and whether or not there are recourse arrangements. The credit union should exercise its right to modify contracts to make them fair and equitable. Further, a credit union should understand what actions it may take if the contract is breached or services are not performed as expected.

Financial Review. Financial statements of the company should be reviewed to determine the strength of the institution. Weakly capitalized companies or those exhibiting weak earnings may not be able to continue as ongoing concerns. This could lead to disruptions in member service, uncollected payments on loans and leases, and potential losses if the third party fails to remit funds due to the credit union. Preferably, a licensed CPA will have audited the financial statements to attest to their accuracy.

Return on Investment. The credit union should project its expected revenue, expenses, and net income on its investment, and recognize how each of these factors may change under different economic conditions. For example, expected losses, collection costs, or the volume of activity would fluctuate depending upon the economy or the members’ employment stability. Profit projections generated by the prospective third-party should be scrutinized and the underlying assumptions fully understood by the credit union.

Insurance Requirements. Third party relationships can result in increased liabilities. Therefore they necessitate a thorough review of the credit union’s insurance coverage, including the fidelity bond and policies covering such matters as errors and omissions, property and casualty losses, and fraud and dishonesty.

Controls

Once a third-party arrangement is entered into, it is important for a credit union to establish controls to ensure the relationship is meeting its expectations and the third party is meeting its responsibilities. As part of these controls, a credit union should adopt monitoring and reporting practices. Failing to do so constitutes an unsafe and unsound practice.

Policies and Procedures. The credit union should develop detailed policy guidance that sets forth responsibilities, authorities, and reporting requirements. Limits should be established so that the program grows at a controlled pace and reflects the risk tolerance of the officials. For example, a credit union may limit the number of leases initially granted so it can assess performance or identify problems before the leasing volume becomes significant.

Staff Oversight. A credit union staff member should be responsible for monitoring the performance of the program. Actual results should be compared to projections and the thirdparty’s performance should be reviewed to determine compliance with expectations and contracts.

Reporting. Reports should be submitted to the credit union’s senior officials and the credit union’s directors to keep them abreast of significant findings, especially areas of noncompliance. The officials should be informed when targets are met or exceeded, or limits breached. Reports should also consist of appropriate information so that the officials can make informed decisions and take timely corrective action.

Partnering with a third party to expand lending to members can lead to growth, improved profitability, and stronger member relationships. However, the credit union officials are responsible for establishing appropriate due diligence procedures and a system of controls to ensure these goals are met.