Here's a start for anyone interested.
XXX BANK
THIRD PARTY RISK ASSESSMENT DATED ____________
Common third-party arrangements that have been frequently utilized by institutions include, but are not limited to:
DOES THE BANK UTILIZE A THIRD PARTY TO PERFORM ANY OF THE FOLLOWING: YES NO
Subprime lending programs?
Credit card programs (e.g., subprime, cash-secured, affinity, and Rent-A-BIN card programs)?
Payday lending and other alternative credit programs?
Debit card programs?
Rewards programs?
Deposit taking or affinity relationships?
Overdraft payment programs?
Refund anticipation loans?
Audit programs of third-party relationships?
Broker-dealer relationships for brokerage services?
Mortgage brokerage services?
Automobile dealer relationships?
Flood determination services?
Reverse mortgage programs?
ANSWER THE FOLLOWING QUESTIONS FOR EACH ITEM ANSWERED YES ABOVE TO DETERMINE IF THE RELATIONSHIP IS SIGNIFICANT:
A third-party relationship could be considered “significant” if the answer to any of the following is YES:
Third Party Relationship Identified:____________________
YES NO
Is the institution’s relationship with the third party a new relationship or involve implementing new institution activities?
Will the relationship have a material effect on the institution’s revenues or expenses?
Will the third party perform critical functions?
Will the third party store, access, transmit, or perform transactions on sensitive customer information?
Will the third-party relationship significantly increases the institution’s geographic market?
Will the third party provide a product or perform a service involving lending or card payment transactions?
Will the third party pose risks that could materially affect the institution’s earnings, capital, or reputation?
Will the third party provide a product or perform a service that covers or could cover a large number of consumers?
Will the third party provide a product or perform a service that implicates several or higher risk consumer protection regulations?
Will the third party be involved in deposit taking arrangements such as affinity arrangements?
Will the third party market products or services directly to institution customers that could pose a risk of financial loss to the individual?
RATE THE FOLLOWING LOW, MODERATE, HIGH
“Compliance Risk” This risk exists when the products or activities of a third party are not consistent with governing laws, rules, regulations, policies, or ethical standards. L - M - H
“Reputation Risk” Third-party relationships that result in dissatisfied customers, unexpected customer financial loss, interactions not consistent with institution policies, inappropriate recommendations, security breaches resulting in the disclosure of customer information, and violations of laws and regulations are all examples that could harm the reputation and standing of the institution. L - M - H
"Strategic Risk” The use of a third party to perform banking functions or to offer products or services that do not help the institution achieve corporate strategic goals and provide an adequate return on investment exposes the institution to strategic risk. L - M - H
“Operational Risk” Third-party relationships often integrate the internal processes of other organizations with the institution’s processes and can increase the overall operational complexity. L - M - H
“Transaction Risk” A third-party’s failure to perform as expected by customers or the institution due to reasons such as inadequate capacity, technological failure, human error, or fraud, exposes the institution to transaction risk. L - M - H
“Credit Risk” The basic form of credit risk involves the financial condition of the third party itself. L - M - H
“Country Risk” Contracting with a foreign-based third-party service provider exposes an institution to country risk. L - M - H
"Other Risks” In addition to the risks described above, third-party relationships may also subject the institution to liquidity, interest rate, price, legal, and foreign currency translation risks. L - M - H