BankBryanCave.com

Bank Bryan Cave

Blanchard

Main Content

Part 6 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

October 4, 2016

Authors

Jerry Blanchard

Part 6 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

October 4, 2016

by: Jerry Blanchard

This is part 6 of a Seven Part Guide to reviewing vendor contracts. Part 1 can be found here, and other parts can be found here.

Ownership of Trademarks, Copyrights, Patents and Other Trade secrets, Source Code escrow Agreements. Typically, each party should own its pre-existing materials and derivative works thereof and materials developed by the parties or their contractors individually and outside of the contract, and each party should provide the other with licenses to its materials necessary to receive or provide the services during the term.  The contract should include intellectual property provisions that clearly define each party’s intellectual property rights for their pre-existing materials and materials developed as part of the contract.

Does the vendor currently own or have the right to use all of the patents, trademarks, copyrights, etc., needed to provide the services under the contract or are they using intellectual property assets

Read More

Part 5 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 29, 2016

Authors

Jerry Blanchard

Part 5 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 29, 2016

by: Jerry Blanchard

This is part 5 of a Seven Part Guide to reviewing vendor contracts. Part 1 can be found here, and other parts can be found here.

Vendor Notice Requirements

Business -Strategic Changes. There are several categories of events the bank will want to be notified about.  The first involves things like significant strategic business changes, such as mergers, acquisitions, joint ventures, divestitures, or other business activities that could affect the activities involved. In certain instances the bank may want the ability to terminate the contract if the vendor merges with another company or if there is a change in control. Similar to a loan transaction, the bank has “underwritten” the vendor. Bank officers have has met the vendor’s senior management and are comfortable with the general direction of its business. A merger or change of control may change the strategic direction of the vendor and the

Read More

Part 4 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 20, 2016

Authors

Jerry Blanchard

Part 4 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 20, 2016

by: Jerry Blanchard

This is part 4 of a Seven Part Guide to reviewing vendor contracts. Part 1 can be found here, and other parts can be found here.

Services level. Services levels should be defined. For example, are the service to be made available 24/7 365 days a year or are they only needed during normal business hours. When the services involve some type of software or online technology, what is the minimum amount of   “uptime” required? Depending on the services involved, uptime might be 99.9%, for example.  vendors will understandably push back on that figure and might suggest 98%. The right figure need not be either one of those numbers and is dependent on the type of service being provided and its criticality to the bank’s delivery of services to its customers. To the extent there is planned downtime for things such as software updates it should occur during

Read More

Part 3 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 13, 2016

Authors

Jerry Blanchard

Part 3 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 13, 2016

by: Jerry Blanchard

This is part 3 of a Seven Part Guide to reviewing vendor contracts. Part 1 can be found here, and other parts can be found here.

Location of where the work to is to be performed

Domestic locations. Where is the vendor actually performing the work? Will they need physical access to the bank premises or equipment?  Will they be on-site during or after business hours? The contract should reference security policies governing access to the bank’s systems, data (including customer data), facilities, and equipment.  The vendor should be obligated to comply with the security policies when accessing such resources. If the work is being done at the vendor’s office, the bank will want approval rights any change in the location. Depending on the type of services being provided, the bank may also want the contractual right to go to the vendor’s offices to view the

Read More

Part 2 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 6, 2016

Authors

Jerry Blanchard

Part 2 of Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

September 6, 2016

by: Jerry Blanchard

This is part 2 of a Seven Part Guide to reviewing vendor contracts. Part 1 can be found here, and other parts can be found here.

Recitals.

Some contracts will contain several “WHEREAS” clauses at the inception of the document followed by a recitation of various facts about the parties and what they are trying to accomplish by entering into the contract. From a pure legal standpoint, “WHEREAS” clauses are not required but many parties like to include them to properly set the stage for what is to come afterwards. If they are included, the bank needs to review them, particularly those that describe the parties and the services that the vendor will perform. The recitals provide for an introduction to the parties and provide a high level overview of their agreement. It is a bit like looking at a topographical map and following two streams as

Read More

Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

August 30, 2016

Authors

Jerry Blanchard

Reviewing Third Party Vendor Service Contracts, a Seven Part Guide

August 30, 2016

by: Jerry Blanchard

Introduction

Managing third party vendor relationships has always been an important function in banks. More recently it has become a hot topic for state and federal financial bank regulators. The increasing complexity of what vendors are doing for banks and the related attention to cybersecurity threats all contribute to the greater scrutiny. The 2016 white paper by the OCC, “Supporting Responsible Innovation in the Federal Banking system: An OCC Perspective,” is just one of several guidance documents issued by the federal financial regulators over the past five years that focus to a large extent on third parties providing services and technology to banks. Significantly, some examinations have resulted in the regulators imposing settlements and impose civil money penalties on vendors. Previous to the OCC white paper, the CFPB issued third party guidance in 2012, the FFIEC provided guidance on IT service vendors in 2012 and

Read More

How Many Times Do We Have to Tell You Not to Open the Cat Video

April 11, 2016

Authors

Jerry Blanchard

How Many Times Do We Have to Tell You Not to Open the Cat Video

April 11, 2016

by: Jerry Blanchard

Everyone has been in a movie theater when one of the actors approaches that door to the basement behind which strange noises are coming. They reach out to turn the knob and in unison the audience is thinking “Fool, haven’t you ever been to the movies? Don’t you know that the zombies or ghouls or some other equally disgusting creature are waiting for you behind that door. Don’t do it!” They of course open the door, blissfully unaware of the grisly fate waiting for them.

I get the same sort of feeling when I read about cybersecurity lapses at banks. Think about the following:

  • “Someone dropped a thumb drive, I think I’ll just plug it into my computer at work and see what is on it. Surely nothing bad will happen. If nothing else, I’ll give it to one of my kids, they can use it on the home
    Read More

Divided Supreme Court Results in Non-Uniform Application of Reg B

March 25, 2016

Authors

Jerry Blanchard

Divided Supreme Court Results in Non-Uniform Application of Reg B

March 25, 2016

by: Jerry Blanchard

In what goes for kicking the can down the road at the Supreme Court, the Court has evenly split on an appeal arising from the Eight Circuit Court of Appeals decision in Hawkins v. Community Bank of Raymore, 761 F3d 937 (CA8 2014) where that court found that the Federal Reserve had overstepped its bounds in adopting rules under the Equal Credit Opportunity Act to protect spousal guarantors. The case arose out of a series of loans in 2005 and 2008 made by the Bank—totaling more than $2,000,000—to PHC Development, LLC to fund the development of a residential subdivision. In connection with each loan and each modification, the principals of the LLC and their spouses (who had no interest in the LLC) executed personal guaranties in favor of Community to secure the loans.

The spouses defended themselves in an action brought by the bank on the basis that Community had

Read More

US Supreme Court to Review ECOA Spousal Guaranty Rules

June 29, 2015

Authors

Jerry Blanchard

US Supreme Court to Review ECOA Spousal Guaranty Rules

June 29, 2015

by: Jerry Blanchard

The US Supreme Court has agreed to review a decision by the Eight Circuit Court of Appeals in Hawkins v. Community Bank of Raymore, 761 F3d 937 (CA8 2014) where the court found that the Federal Reserve  had overstepped its bounds in adopting rules under the Equal Credit Opportunity Act to protect spousal guarantors. The case arose out of a series of loans in 2005 and 2008 made by the Bank—totaling more than $2,000,000—to PHC Development, LLC to fund the development of a residential subdivision. In connection with each loan and each modification, the principals of the LLC and their spouses (who had no interest in the LLC) executed personal guaranties in favor of Community to secure the loans.

In April 2012, Community declared the loans to be in default, accelerated the loans, and demanded payment both from PHC and from the guarantors. The guarantors defended on the basis that

Read More

FDIC Examinations and Cyberattack Risk

May 7, 2015

Authors

Jerry Blanchard and David Zetoony

FDIC Examinations and Cyberattack Risk

May 7, 2015

by: Jerry Blanchard and David Zetoony

FDIC bank examinations generally include a focus on the information technology (“IT”) systems of banks with a particular focus on information security. The federal banking agencies issued implementing Interagency Guidelines Establishing Information Security Standards (Interagency Guidelines) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of third party service providers (“TSPs”).

The FDIC Office of the Inspector General recently issued a report evaluating the FDIC’s capabilities regarding its approach to evaluating bank risk to cyberattacks. The FDIC’s supervisory approach to cyberattack risks involves conducting IT examinations at FDIC-supervised banks and their TSPs; staffing IT examinations with sufficient, technically qualified staff; sharing information about incidents and cyber risks with regulators and

Read More
The attorneys of Bryan Cave LLP make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.