Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

The Real Impact of Core IT Vendor Consolidation on YOU

4 min read
Featured Image

In October we highlighted a clear and present danger resulting from the further consolidation of the Core IT vendors. Fewer vendors exist than ever before and the impact to your service level, legal rights and business options are even slimmer if the institution does not make restructuring your relationship and contract a strategic board-level matter.

We teamed up with attorney Gary Findley on this very topic that is widely informative to CEOs and CFOs of all sized institutions.

Oligarchy in Formation

In excess of 85% of the market is controlled today by services provided by the BIG THREE known as Fiserv, Fidelity and Jack Henry & Associates. The BABY TWO including CSI and D+H Harland control approximately 10% more and every other off-brand regional provider address just less than 5%. These 5 providers I refer to as the CORG (BORG with a ‘C’ for “Core” if you are a Star Trek fan).

The CORG provide all the critical services a bank or credit union may ever need in the back office or for their customer relationship including: Account Processing, Item Processing, Internet Banking, Bill Payment, ATM/EFT, Loan Processing, Card Services, WAN Telecom, etc.

Tying up so many services in multi-year, multi-million dollar contracts in the absence of new, outside competition is nothing less than an oligarchy in formation that the industry, and your institution, must seriously reconsider.

Having been a former IT vendor for many, many years I understand just how important these services are to your franchise and I also appreciate and respect just how hard these firms work to provide a valuable service but it doesn’t change the fact that free-market forces no longer have a foot on the neck of any of these providers.

Paladin research and independent industry reports from the BPI Network and others clearly shows that the pendulum is swinging more toward the CORG than your ORG.

Legal Strategy

Gary Findley has untold number of years advising community banks on these matters and as a corporate attorney and merger specialist he sees the impact first-hand of how institutions are caught flat-footed when its time to tussle with the CORG.

Shareholders are hurt badly when an institution attempts a merger and these contracts are pulled from the shelf and the dust blown from their voluminous, endless-addendum and legalese. His advice is simple:

  • Do your homework – make sure vendor service fits long term
  • Get legal opinion on areas of concern (there are many)
  • Open a negotiation immediately (even if mid-term)
  • Get outside advice on market intel, business terms and pricing
  • View vendor change as an OPPORTUNITY to get what you want
  • Don’t sit idle and wait for the CORG to come to you. You’ll lose.

Market Drivers and Lack of Price Efficiency

So why so many mergers? Like most of you, vendors have shareholders. In a no-growth market they must do everything they can to continue to grow accounts, services, revenue and earnings. Rather than spend many millions to develop a killer application to drive more services deeper into existing relationships it makes more sense to buy someone that already has the technology.

Customer acquisition costs are very high for vendors in a zero growth market that must wait many months or years for someone to change platforms – as we all know how painful it is to do a conversion. So then, just buy your competition and expand the client base. The economy remains flat and technology integration demand from existing clients motivates the CORG to provide more – but in the absence of competition, the prices are not dropping – nor are they leveling off.

Paladin research shows there is absolutely no pricing efficiency in the marketplace either national or regional. An institution in Texas paying vendor X $50,000 per month may have a peer in Idaho paying the exact same vendor $35,000 per month for the same service level and number of transactions and accounts. We randomly reviewed 9 institutions in the New England market between $250M-$500M in assets and across the BIG THREE vendors there was no rhyme or reason in pricing, business terms or incentives.

One is left to surmise core IT vendors have been “getting what they can” for many years because they have not been checked by any single authority or resource. Bankers are left to “guess” at what a Fair Market deal for their services may be. The contracts are signed, put on the shelf and only picked up every 5-7 years.

Real World Pain of Vendor Assimilation

Facts are that 8 out of 10 institutions are paying above market pricing and also have very unfavorable terms in their current CORG agreement – it’s really a matter of degree. There are many obvious indicators we look for when providing our research to a community bank or credit union during a cost assessment and/or fairness opinion on the status of their contract, business terms, service level and pricing.

If we learn that the institution was originally working with a vendor that had been purchased by a competitor (and sometimes purchased again) we know the likelihood of that institution paying significantly above Fair Market Value (see Paladin Blue Book) is almost assured. Learning that an institution has gone through one, two or more renewals (more than 10 years of services) without objectively restructuring the deal with outside help – that’s a gimme as well.

We recently dealt with a bank that was a former Fiserv client; moved to OSI about 5 years ago because they were unhappy and now they are right back on Fiserv’s doorstep through the acquisition of OSI in 2012. Should they be paying Fiserv prices or can they rely on the contract language in the OSI agreement.

If so, for how long? When can they expect Fiserv to drop the hammer on them – or not? Our advice is it is better to move now than wait, but few bankers find the time or courage to tackle something as foreign as a core IT contract when their career training is in banking and credit…not IT.

Advantage: CORG.

 Vendor Due Diligence Guide

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo