Q-29. The senior management team of a small regional bank has established a committee to review procedures and implement best practices related to entering into significant contracts with third-party vendors. The committee is reviewing one proposed relationship with a third-party vendor who would have a significant responsibility for marketing the bank's financial products to potential customers. In establishing policies to reduce the operational risk associated with this potential vendor contract, which of the following recommendations would be most appropriate?