Vendor management doesn't always go smoothly, and sometimes can get quite frightening. In the spirit of Halloween, check out these 17 vendor management horror stories followed by ways to stop or even prevent the nightmares.
The 17 Horror Stories
1. Frankenstein’s Processor
Sometimes when you bolt on different companies and platforms, you create a monster. It lumbers like a normal company but all of the pieces weren't working together well. The scary part was our management team knew it didn’t seem quite right but couldn't fully control it.
2. Constrained Contract
We executed a contract in 2005 which had a 5 year term. However, beginning in year 3 of that initial term (and each year thereafter), the contract was automatically extended for 1 year until such time as we gave a notice of non-extension of the agreement. The notice of non-extension must be given 180 days prior to the initial term commencement date. Upon giving notice of non-extension, we were still bound to the agreement for 2 more years.
When this was explained to us, we immediately forwarded it to our board and asked for assistance in preparing the notice of non-extension and in requesting an amendment to the contract. As of today, we are stuck in this 2005 agreement until 2019.
3. Past Bedtime
We didn't give ourselves enough time to prepare for our exam. We ended up having to burn the midnight oil in anticipation of the arrival of examiners.
4. Beware the Ghoul Behind the Curtain
We signed on with a terrific new call center. All was going well until we found out the complaint volume had spiked. We didn’t have good service level reporting. We couldn't get answers and apparently our related vendor outsourced to some overseas locations and we couldn't quite figure out where they all were or who was overseeing them.
5. Mysterious Puzzle
In preparation of our exam, we spent consecutive hours and weeks pulling information together in order to be ready for the examiners. Due to lack of organization, we had to pull all the needed information from all different places.
6. Eerie Silence
We asked one of our vendors for a document, a due diligence request. The vendor wouldn't respond. After much stress trying to get a response, the vendor finally sent it over...and, it was the wrong item.
7. The Vampire Bit Our Data
Data storage providers are great for slicing and dicing your customers’ information, but where does it all go? Is there adequate protection in place? And what happens to the data after the contract expires? Does your data live on forever in some dusty forgotten place? We didn't ask the important questions and we paid the price.
8. Disappearing Act
The team member at our financial institution in charge of vendor management went on vacation. Next thing we hear...the examiners are coming in 2 days. We didn't know where to start and where anything was.
9. Night of the Living Dread
One night a contractor for a third party service provider maliciously unleashed a virus, compromising our systems. The communication process and cleanup was a complete mess. Let's just say we failed to clarify in advance 2 important questions: Who is notified and when? Is there adequate cybersecurity insurance in place?
10. Clueless, Headless Horseman
We were in charge of all aspects of our contracts. One day we were asked what our core or critical vendors were. We responded, "What are those?" Turns out, we realized we had no clue what the terms core or critical vendors meant...which was a problem.
11. Lack of Flexibility
Based on a VCMO contract summary and SOC summary prepared by a vendor, we identified deficiencies in another vendor’s data handling, security and also inequitable assessment of liability to their institution. We requested more favorable language, the vendor declined. Luckily, to handle that nightmare, we walked away...and the vendor is now doing everything it can to court us back.
12. Ghost Language
We received documentation, SOC reviews and cybersecurity reviews, that we requested. But, when we started reading over it, we didn't know what it even meant and what we were supposed to do with it. (Venminder can especially help with this, download our SOC eBook and Dictionary.)
13. Trick and Treat
Based on a VCMO contract summary prepared by a vendor of a Non-Disclosure Agreement, we identified some significant deficiencies in another vendor’s address of confidential information and liability for security of the same. The vendor refused to execute our NDA and wanted to use its own. Luckily this story has a happy ending...later, we presented the contract summary findings to the vendor and as a result, the vendor executed our NDA.
14. Deadly Break Up
One vendor didn't meet regulatory requirements, so we had no choice. We could no longer work with that vendor. So, we had to have that awkward conversation telling the vendor that our business relationship had to end.
15. Penny Pincher Monster
After we requested documentation from a vendor for their vendor management duties, we received a bill. The vendor sent the documentation over and charged us for it.
16. Full Moon Behavior
We tried to explain to senior management and board how time consuming vendor management is. Management and the board simply didn't understand and gave us unreasonable expectations with limited resources.
Examiners audited us and were not impressed. They said it wasn't good enough, we had 2 months to turn it around and they were coming back. The pressure was on.
These are all stressful vendor management experiences, but there are ways to avoid them. Educate yourself and your team and take advantage of tools out there to help you.
2 Steps to Prevent Telling Your Own Horror Story
Follow these steps for vendor management that you won’t be afraid of:
#1. Dust off your vendor management program and make sure it’s up to date. Clear the cobwebs off any due diligence that’s grown stale and moldy.
#2. Shake the skeletons out of your closet and make sure any problems have been fully remediated, documented and reported to your board and senior management.