Maple Street’s compliance review — Simplified

Written by Patrick Gully, CRVPM II, Vice President of Client & Vendor Services

Nobody likes work that’s painful. Nobody likes work that seems to be work for work’s sake. But if you pull back the curtain, contract compliance is much more than checking boxes or pleasing examiners. It’s a critical component of your vendor management program. Done correctly, good compliance is a stepping stone to expense reduction.

Some community banks and credit unions want to go at compliance and vendor management by themselves. We wish them the best of luck. But they could be wasting time and money.

Say goodbye to time-consuming information gathering – Maple Street can end your compliance headaches.  If you’re maximizing our Vendor Advantage System® and having our professionals negotiate your contracts, we do most of the work for you and guarantee you’ll pass your exam.

Keep reading to discover the science behind your contract compliance. And remember – Maple Street professionals will take all of these steps for you!

Do you need a legal review?

Usually, you don’t. NCUA and FDIC provide guidelines that are recommendations, not requirements. 

Legal reviews are recommended for contracts that have complex language or when it’s a large expense for your institution. If there’s a lengthy term, you may also want to have a legal review to avoid being stuck in a relationship that could be detrimental to your institution.

The Sweet 16 is no party

If Maple Street negotiates your contracts, two key elements are choosing the right vendor and contracting well. 

In addition to savings, Maple Street’s professional negotiators will go over what has been referred to as the Sweet 16 to ensure compliance. Per the FFIEC Guidelines on Risk Management of Outsourced Technology Services, the Sweet 16 are known contract issues the guidelines recommend you address. Please note, this isn’t a requirement to get the vendor to agree to terms.

These items should be considered when contracting with service providers.  This list isn’t all inclusive and your institution may need to evaluate other considerations based on circumstances.

  • Scope of Service
  • Performance Standards
  • Security and Confidentiality
  • Controls
  • Audit
  • Reports
  • Business Resumption and Contingency Plans
  • Sub-contracting and Multiple Service Provider Relationships
  • Cost
  • Ownership and License
  • Duration
  • Dispute Resolution
  • Indemnification
  • Limitation of Liability
  • Termination
  • Assignment

In addition to the Sweet 16, our negotiators provide a high-level risk analysis of business contract terms. However, for specific legal review, you will need to utilize your legal counsel.

Privacy compliance review

One of the key components to the Vendor Advantage System® is measuring and monitoring your vendors.  As such, Maple Street reviews all your active contracts.  

  • We capture the terms of the contract – what type of contract, initial term, renewal term (if any) and notice period.
  • We check if the contract is complete. If it’s incomplete, what’s missing? 
  • We capture notice information, including notice addresses and requirements.
  • We determine what services are being provided within a contract and the privacy compliance, which specifically addresses GLB and Red Flag Rules.
  • We address the language within the contract to confirm the vendor is compliant with the following:
    • Gramm-Leach-Bliley Act (GLB) Federal Law – requires financial institutions to explain their information-sharing practices to their members/customers to safeguard their information
    • Red Flags Rule – sets out how certain businesses and organizations must develop, implement and administer their Identity Theft Prevention Program

How CADi helps with compliance

To see the sensitivity and compliance of your contracts in CADi, navigate to the Contracts section in the main menu on the left. Select the Compliance tab on the right.

To mitigate risk of members’ or customers’ exposure of non-public personal information, sometimes clients will send an unexecuted contract to Maple Street, requesting we review it. Please be advised, we don’t perform legal reviews. However, we can review the agreement for compliance with privacy regulations, specifically GLB & Red Flag Rules. The review follows the same guidelines for compliance we use for your active contracts. After the privacy compliance review, we’ll provide you with certification, as to our determination.

When it comes to contract compliance, there’s a science to getting it right and reducing your expenses.

Lucky for you, Maple Street will:

  • Check your contract for compliance
  • Manage your contracts
  • Negotiate and address Sweet 16 items

We ensure all of the time-consuming steps are executed, letting you focus on what you do best – exceeding your members’ or customers’ expectations. Call us at 800-513-6839 or email to learn more.