Confidentiality Agreements and Vendor Due Diligence

October 31, 2023    Advisory Solutions

Customer information and records are to be kept strictly confidential. Under no circumstances should customer information be provided to or shared with any person or entity that is not authorized to have access to or use of such information.

The ESI Confidentiality Agreement is available in Merrill for use whenever a third-party or other outside vendor may have access to ESI’s confidential client information or records. Third parties with access may include, but are not limited to: shredding services, document storage facilities, office cleaning services, or IT service providers.

Vendor Due Diligence
Prior to engaging the services of a third party, each branch should conduct due diligence to help ensure vendor suitability.

Best practices include:

  • Consider the third party’s depth of resources and previous experience providing the specific product or services;
  • Conduct research on potential vendors to gather key information such as customer complaints, data breaches, and other areas of concern;
  • Evaluate the vendor’s cybersecurity safeguards, if applicable;
  • Ensure the vendor is willing to sign the confidentiality agreement prior to engagement.

Vendor Oversight
On an ongoing basis, each vendor should be reviewed to ensure that they remain suited to provide the agreed-upon product or services to the branch.

Periodically, the following should be reviewed, as applicable:

  • Whether the branch still requires the vendor’s services;
  • The vendor’s technology and process for maintaining information security, including the privacy and security of customer data or other financial information;
  • Ongoing due diligence of the vendor;
  • The vendor’s compliance with the confidentiality agreement;
  • The vendor’s contact information.

Vendor Change
Whenever your office is hiring or changing a service provider, ensure you complete a new ESI Confidentiality Agreement with the new vendor.

Maintaining Copies

  • If you are located in the Field OSJ, keep a copy of the ESI Confidentiality Agreement with the Field OSJ records.
  • If you are located in a detached branch office, maintain a copy in your branch office and provide a copy to your Field OSJ for their records.
  • Email a copy of the fully-executed ESI Confidentiality Agreement to ESICompliance@nationallife.com, to be added to Firm records.

Questions
If you have any questions regarding the confidentiality agreements, please feel free to contact ESI Compliance at 800-344-7437.

TC137336(1023)1