An effective third-party risk management process follows a continuous life cycle for all relationships and incorporates planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination. In addition, throughout the life cycle of the relationship, as part of its risk management process, bank employees have certain responsibilities—oversight and accountability, documentation and reporting, and independent reviews. The OCC depicts this cycle in the figure below. Figure 1: Risk Management Life Cycle In each area, the Bulletin differentiates to some extent between specific references that are expressed as a mandate through the use of strong affirmative language and other somewhat softer “best practices” that are identified through reference to actions a bank should “consider” taking. Planning Before entering into a third-party relationship, a bank’s senior management should develop a management plan for its third-party relationships. This plan should account for, among other things, risks associated with the activity, the strategic purposes, the legal and compliance aspects, the complexity of the relationship, the cost to control the risks, the nature and handling of customer interactions, implications for information security, specific laws and regulations applicable to the third-party activity, how the bank will monitor and assess compliance, and whether the relationship is consistent with the bank’s broader corporate policies. The plan should be presented to and approved by the bank’s board of directors when critical activities are involved. Due Diligence and Third-Party Selection With regard to the conduct of due diligence on potential third parties, a bank should not rely solely on experience with or prior knowledge of the third party as a proxy for an objective, in-depth assessment of the third party’s ability to perform the activity in compliance with all applicable laws and regulations in a safe and sound manner. More extensive due diligence is needed when a third-party relationship involves critical activities. Further, on site visits may be useful to understand the third party’s operations and capacity. Senior management should review the results of the due diligence review to determine whether the third party is able to meet the bank’s expectations and whether the bank should proceed with the relationship. For third-party relationships that involve critical activities, management should present the results to the board. During due diligence, banks should consider the third party’s:
The All England Lawn Tennis Club (Championships) Limited has an LEI.
ALBERGHIERA SOLE S.R.L. IL REGISTRO IMPRESE NON GARANTISCE LA CORRISPONDENZA DEGLI ASSETTI PROPRIETARI CON LA REALE COMPAGINE SOCIALE, POICHE’ LA SOCIETA’ NON HA PROVVEDUTO ALL’AGGIORNAMENTO DATI PREVISTO DALLA L. 2 - 28/01/2009 ART.16 CO. 12 UNDECIES is the longest legal entity name of all the pre-LEIs.
The production company for the movie All is Lost has an LEI.
Almost 50 YMCAs have been assigned LEIs.
Across all the LOUs, about 10% of registered entities have either LLC or L.L.C. in their name.
Alacra has been integrating the pre-LEI files from the endorsed pre-LOUs as the data has been published. In response to customer demand we have been adding these entities to the Alacra Authority File, our reference database that previously contained only rated, regulated and listed companies globally.