Vendor Management & Due Diligence Requests
Designed to provide Data Furnishers with an online solution for processing Consumer Credit Disputes
Our approach to Vendor Management Information Requests
We understand that vendor due diligence is a critical function for all Financial Institutions (FI) and are keenly aware of the requirements placed on FI’s by CFPB and OCC with respect to third party vendor management.
Given that we provide a standard service to several thousand FIs, and that we receive several hundred requests for vendor management information annually, we have adopted a uniform approach towards satisfying the vendor management needs of most companies.
Learn about our approach to Vendor Management Requests
Online Data Exchange, LLC (OLDE) operates the e-OSCAR System for consumer reporting agencies (“CRAs”) and credit providers/data furnishers (“Users”) to facilitate the resolution of disputes about the accuracy and completeness of consumer information. The e-OSCAR service is a regulatory-mandated service to enable CRAs and Data Furnishers to comply with Fair Credit Reporting Act requirements.
The e-OSCAR team recognizes that many Users have strict vendor management protocols in place. Our team fully supports those efforts and has implemented a rigorous internal process for maintaining and providing appropriate documentation to Data Furnishers upon request. We will provide two core sets of information to Users upon formal receipt of the same.
Business Information Package
Due Diligence (Security) Package
Unless contractually bound to do so, OLDE does not respond to Data Furnisher provided questionnaires. We may consider completion of some questionnaires in unique situations, however, any effort to complete questionnaires by OLDE will be based upon our internal capacity alone. We do charge an hourly rate for the completion of any documentation outside of our standard Packages.
In order to access and view our Vendor Management &/or Due Diligence (Security) documentation, you must be a registered user of the e-OSCAR Learning Management System. You may access the e-OSCAR LMS (HERE). Subsequent to your request for information, we will send an email indicating that the appropriate documentation has been made available to you within the e-OSCAR LMS.
Should you determine that additional information is needed once your review of the Compliance Information Package and Business Information Package is complete, we will (upon request and on a first come, first served basis) open our data room to you allowing the review of documentation that cannot be shared in the previously distributed packages. OLDE provides a standard set of documents in the data room (this evidence is a compilation of evidence requested from multiple previous in person audits and that are typically required to complete a successful audit). Users will be provided 2 weeks to access the data room to review all evidence needed.
If it is determined that there may be additional information needed to clear a finding, OLDE will schedule a meeting with you (the DF), the vendor that will need to present the remaining evidence and OLDE. This will come at a charge of $250.00 per hour with a minimum of 2 hours for the call. OLDE will request that you provide a list of all outstanding items that will need to be reviewed no later than 2 weeks prior to the scheduled meeting in order to allow our vendors and our internal parties time to prepare and estimate how long the meeting will need to be.
Business Info Package
The e-OSCAR Business Information Package can be released to Users upon request, and generally includes the following materials:
OLDE Business Management Letter
OLDE Business Tax Receipt
OLDE Certificate of Insurance
OLDE Independent Auditor's Report
Per OLDE policy, we do not release additional financial information. OLDE is a non-public company established in 2006 by the Consumer Reporting Agencies (Equifax, Experian, Innovis and TransUnion) for the purpose of operating the e-OSCAR platform. OLDE has been continuously owned and sufficiently capitalized by the Consumer Reporting Agencies since its inception to ensure its ongoing operations.
Security Info Package
The e-OSCAR Due Diligence (Security) Package will be released to Users only upon receipt of an executed Non-Disclosure Agreement, and generally includes the following materials:
OLDE Compliance Management Letter - provides information about OLDE, the e-OSCAR System, affiliated organizations, and strategic partner (subcontractor) relationships
OLDE Written Information Security Policy
OLDE DR Exercise Plan & Results Summary
OLDE high level network diagram
OLDE Application & Network Penetration Tests
OLDE and key partner SOC and SIG documentation
Please note that if there are User requested artifacts or evidence that are not included within our Due Diligence Package, those items will only be made available through our online data room.
Submitting a Request for Information
In order to obtain any Vendor Management or Due Diligence information, Users must:
Submit a request via email to the e-OSCAR Help Desk (HERE), detailing the package type sought and including the name of the User company, the appropriate e-OSCAR Registration Number (account number) and the name of the User company's Registration Administrator
Electronically execute the e-OSCAR Non-Disclosure Agreement
We further do not accommodate requests to execute User company confidentiality agreements.