Answer-first summary for fast verification
Answer: The bank should review all third-party audit reports of the vendor that are publicly available.
**Correct Answer: A** **Explanation:** A is correct. From the guidelines regarding internal controls: "For significant service provider relationships, financial institutions should assess the adequacy of the provider's control environment. Assessments should include reviewing available audits or reports such as the American Institute of Certified Public Accountants' Service Organization Control 2 report." B is incorrect. The bank should review the vendor's incentive compensation structure and ensure that the structure does not encourage vendor sales representatives to direct customers towards higher margin products without regard for the risk incurred. Compensating sales reps mostly with commissions would not be appropriate. C is incorrect. Outsourcing critical processes is not ruled out as a guideline, for example: "A community banking organization may have critical business activities being outsourced, but the number may be few and to highly reputable service providers." "(Larger) financial institutions may use hundreds or thousands of service providers for numerous business activities that have material risk..." D is incorrect. The bank should monitor the vendor's contingency planning process and "assess the adequacy and effectiveness of a service provider's disaster recovery and business continuity plan and its alignment with its own plan." **Section:** Operational Risk and Resilience **Learning Objective:** Describe topics and provisions that should be addressed in a contract with a third-party service provider. **Reference:** "Guidance on Managing Outsourcing Risk," Board of Governors of the Federal Reserve System, December 2013
Author: LeetQuiz .
Ultimate access to all questions.
No comments yet.
The senior management team of a small regional bank has established a committee to review procedures and implement best practices related to entering into significant contracts with third-party vendors. The committee is reviewing one proposed relationship with a third-party vendor who would have a significant responsibility for marketing the bank's financial products to potential customers. In establishing policies to reduce the operational risk associated with this potential vendor contract, which of the following recommendations would be most appropriate?
A
The bank should review all third-party audit reports of the vendor that are publicly available.
B
The bank should ensure that the vendor's sales representatives are compensated mainly with commissions from the sale of the bank's products.
C
The bank should prevent the third-party vendor from having access to any of its critical processes.
D
The bank should be responsible for developing the vendor's contingency planning process to mitigate risk exposure to the vendor.