1 (888) 836-6463 CONTACT US
Best Practices

Top 10 Vendor Management Terms That Every Team Should Know

Jan 30, 2018 by Venminder Experts

So, you’ve mastered the terms Business Continuity Planning (BCP) and Disaster Recovery (DR) and have a good understanding of what is needed to manage a sound vendor management program. 

Below is a list of 10 key terms that will further help you build out a well-versed program and provide an additional layer to your vendor management sophistication.

The 10 Vendor Management Terms

  1. MRA - Matters Requiring Attention: This is a term that you don’t want to run into very often if you are on the opposite side of the examination table. MRAs are used when a deficiency is identified and requires some form of corrective action. Use this in your vendor management arsenal when performing your own assessments on your vendor panel. 

  2. Right to Audit Provision: This is critical language in your vendor contracts. Without this key item included, you’ll run into difficulties at your annual audit reviews. Without this provision, the vendor can decline to cooperate in sharing due diligence material with you. 

  3. RTO - Recovery Time Objective: This is the measurement of time that is needed for a system to return to operating after going down. An example would be that the vendor determines they require the systems to be back up and operational within four hours. It would be prudent to check when the vendor last tested a RTO scenario and if they met their RTO SLA. The key here is to obtain the testing results and any remediate action should they have failed to meet the RTO. 

  4. RPO - Recovery Point Objective: Unlike the measurement of time mentioned in the RTO, this term is based on the importance of retrieval of data, the time it would take and your tolerance of such a delay to retrieve lost data. In this example, the RPO would look at how long your vendor can function between back up of data. If the data is critical to the vendor operation, then RPO is an extremely high-risk item and should be viewed as a critical pillar in managing business continuity. The key here is to review RPO times and check for any failures to meet the RPO and the corrective action or re-testing of such an outage. 

  5. Statutory Law: The mortgage industry is awash of law and regulations, and it is easy to bundle everything into one category. However, as vendor management becomes more sophisticated, it doesn’t hurt to understand this key term; especially when dealing with vendors and their own internal compliance and legal teams. Simply put, a statutory law is one that has been passed by state or federal government. The regulatory laws which follow the statute are issued by government agencies such as the CFPB and OCC.  

  6. GLBA: Since we just touched on law; how about GLBA? Short for Gramm-Leach-Bliley Act, this law provides consumers with limited protections against the sale of private financial information. This is extremely important in vendor management considering that vendors of all shapes and sizes may have unfettered access to personal confidential information. 

  7. Evergreen: Believe it or not, this is a key term that every vendor manager should be on the lookout for when reviewing an existing contract or entering into a new one. The term is a contract provision which automatically extends or renews the agreement term after the initial term has been met. If you discover an evergreen provision, check your termination language and escalate to your legal team. While an evergreen provision may make sense for a paper delivery or maintenance type service, you may run into trouble if you have signed up a service which is deemed highly critical to your operation. 

  8. Reputation Risk: It takes years to build a good reputation and only minutes to destroy it. Don't be the victim of reputation risk caused by your vendors. While there is always focus on operational and financial risk that the vendor may expose your organization, making sure that you work with a reputable vendor will go a long way in ensuring that you are not tarred with the same brush should something go wrong. In an age of social media and litigation, any vendor becomes an extension of your brand. 

  9. RFP – Request for Proposal: If you are on the lookout for a new product or third party service provider, a valuable tool at your disposal is the RFP document. This document is shared with a select group of known vendors or could be published on your company website as you attempt to find the correct vendor to meet your specific business needs. Depending on the size of the organizations, RFPs are the only way to manage the procurement process.

  10. Cure Notice: If your vendor fails to meet contractual agreements, a cure notice will help place the vendor on notice. This document should outline very clear and specific detail as to the requirement of curing any service level or product deficiency and set the expectation of next steps in the vendor contractual relationship. Next steps could include monetary refunds up to and including termination of the service. 

This is not an exhaustive list but will help if you are new to vendor management. Good luck! To continue to learn about the foundational elements of vendor management, download this helpful infographic.

6 Pillars of Effective Vendor Management

Venminder Experts

Written by Venminder Experts

Venminder has a team of third-party risk experts who provide advice, analysis and services to thousands of individuals in the financial services industry.

Follow Venminder Experts

Subscribe to the Venminder Blog