While talking to a prospect recently, he shared a comment that his examiner made from a recent exam. It went something like this:
“You need to put away the manual spreadsheets and look into a robust software that will help you combine the contract area and the accounting area for a more centralized vendor management program. The excel spreadsheet of yesteryear will no longer cut it.”
So, if your bank or credit union's vendor management program is still being done manually with spreadsheets, here are a few tips to keep in your back pocket when you ask for vendor management budget dollars.
How do you place a dollar value on risk?
Vendor management is all about managing risk. Allocate too few dollars to it and you may regret it at some point in time. Here are a few possible unintended consequences:
- Your data has been breached at your vendor. (think Target) Don’t be naive and hope it doesn’t happen. Most experts agree these days that it’s not a matter of if, it’s a matter of when. Is your vendor doing penetration testing? If so, what were the results? Do you know what your vendors incident response plan is? How does their incident response plan tie into your own? Translate: what the heck will you do when it happens? Could you have anticipated the risk by reviewing your vendors cybersecurity preparedness, determining it was inadequate therefore allowing you to make the decision to move to a more secure vendor?
- Do you know who your vendors vendor’s are? Are they held to the same standard as you and your primary vendor? Where is your data? How many vendors vendors vendors does it pass through? Appendix J is no joke. Yes, it focuses on disaster recovery primarily but don’t miss the reference to your vendors vendor’s. While you’re trying to get your arms wrapped around your own primary vendors, beware: the next wave is coming. If you aren’t already doing proper oversight on the critical vendors to your critical vendors you will be asked to do so. Soon.
- Findings in your next exam. Ouch! For many of you, you’ve been doing vendor management the same way for a very long time and your examiners have been satisfied. Those days are likely over. Whether you read the tea leaves, take our advice or hear it from your peers, vendor management is a hot button for the examiners and you should expect bigger demands in regards to your vendor management program. And rightfully so, really. Risk has a whole new meaning these days and you need to demonstrate you understand it and have taken all reasonable measures to mitigate it. That can’t be an exercise in checking boxes any longer.
Effective Contract Management – It’s a win win!
Chances are your vendor contracts represent the lion’s share of your non-interest expense. If you haven’t been faithfully negotiating your contracts at each renewal period you likely have some savings opportunities laying around just waiting for you to ask for them.
- First, look at all of your high dollar technology contracts. Do any of them have auto price increases built in? And are any of those going to kick in next year? Don’t forget to budget for those!
- On those same contracts, do any of them have an approaching maturity date? Be sure you start your negotiations way ahead of time. For example, you should start re-negotiating your core contract 18 to 24 months ahead of the maturity date.
- Are you due a loyalty discount on any of your technology contracts? In other words, how long have you been doing business with this vendor and when was the last time price was negotiated? Technology prices tend to come down over time. Don’t continue to pay the same price you contracted for 10, 5 or even 3 years ago. Remember, it’s much cheaper for your vendor to keep you than it is to replace you. Even a modest loyalty discount will add real dollars back to your bottom line. Negotiate enough of them and you’ll MORE than pay for your vendor management expense.
- Have you reviewed your contracts for compliance with FFIEC guidance? You may have had an attorney review your contracts but was their expertise on contract law, regulatory guidelines or both? Chances are some of your older contracts are not in compliance with the most recent guidelines. While compliance issues may not directly save you dollars, having the right terms and conditions in your contracts can certainly reduce your risk and save you grief down the road.
Take what you can get and then build on it each year.
If you have never outsourced any part of your vendor management in years past, then this will be a new line item in next year’s budget. Let’s face it, there’s never enough dollars in a budget to get everything you need or want.
So, don’t shoot for the moon. Lay out a plan over a 3 year period that will get you where you need to be one step at a time. Don’t misunderstand. We’re not suggesting you can take 3 years to develop a proper vendor management program.
That needs to happen right away. But you can slowly grow your budget over time and off-set in the early years with a lot of hard work. As we mentioned in part 3 of this series, understand your strengths and weakness and ask for a budget in the first year to cover your most critical weaknesses.