With Regulators Looking On, How Scary is Managing Vendor Risk?

Posted by Michael Carter on Oct 23, 2019 2:15:00 PM
Find me on:

With Regulators Looking On, How Scary is Managing Vendor Risk

The FDIC and NCUA each issued wake-up calls earlier this year pertaining to vendor management. While neither reflects a change in policy, both agencies emphasized their intentions to look more closely at banks and credit unions’ supply chain management and business continuity processes, particularly in the technology arena. The tone of the communications sounded as if the guidance was being offered as “helpful advice.” However, such guidance – regardless of the tone – should cause bank and credit union leaders to assume that, in the future, their practices in these areas will be an examination focus. Here are some thoughts that could provide some assistance in such an environment.

Contact Me About TAB

An Invitation to Greater Scrutiny

Let’s start with the practical aspect: regulators are sending a clear signal that vendor contract management will be a key component of upcoming examinations. If auditors find lapses on this front, they’re likely to dig deeper in other areas to see what else might not be up to code. Examinations are inherently stressful; it’s hard to imagine any bank or credit union passing up an opportunity to make them a bit less complicated.

There’s an added twist, however. Risk review of these contracts is not a one time, “set it and forget it” exercise completed at signing. Given the common practices of auto-renewals and extending by addendum, it’s likely that many in-force contracts would now be deemed out of compliance by regulators even if they passed muster at some point in the past. Then there is the issue of growth, both in terms of the institution and the number of vendors with which it does business.  While the growth of a product or business line is a good problem to have, the additional third-party entities required to service such expansion calls for more business continuity. The FDIC and NCUA want evidence institutions have thought through these matters. 

Can’t Live With ‘Em, Can’t Survive Without ‘Em

A central factor in the increasing portfolio of third-party providers banks and credit unions must work with is the increasing rate of digital innovation. Understanding what supplier to team with in order to meet the increasing demand of consumers in this area is a non-trivial exercise. This is especially true given that many CTOs and CIOs will tell you that by necessity, they spend roughly 80 percent of their time dealing with internal challenges and optimizing current operations. It’s unrealistic to expect them to remain fully up to speed with the latest developments in a rapidly evolving fintech industry.

Here’s another cruel irony: it’s simply impossible to assess emerging fintech providers using the same yardstick applied to traditional vendors. These young firms would rarely pass muster based on such criteria. At the same time, financial institutions need to place a few savvy bets on these technologies to avoid being overtaken by tech-centric nonbank competitors or losing more of their deposits to the largest of financial institutions. It’s a point I emphasized in a recent industry presentation, “FinTechs: Can’t Live with Them, Won’t Survive Without Them.” I’d be happy to share a copy on request. 

The net of the presentation is this quote I shared with the attendees: “Each of you have an enormous challenge that you must address each day. You are the ones that keep your institutions competitive and growing. This is not a simple task. In today’s work of expanding innovation keeping track of what technology partner can best serve the needs of your customers and members is beyond scope, just based on the hours in the day, if nothing else. Do yourself a favor and get help.”

The Bottom Line: The importance of digital innovation and vendor management extends far beyond checking a box on an examiner’s worksheet. Boards as well as executive management teams should be equipped to offer their perspective, but that’s a topic for another time. For now, a good starting point is ensuring that your institution’s supplier contract documentation stands up to NCUA and FDIC expectations. As you expand your vendor set, the counsel of an objective external advocate steeped in the nuances of fintech dynamics can be a big help in deciding where to place your bets when it comes to partnering with innovative, startups and early stage companies.

Topics: Vendor Contract Management, Vendor management, Vendor Risk

Subscribe to our blog

Recent Posts

Posts by Topic

see all