February 26, 2014
Credit Union Management magazine’s “Tech Time” column runs the fourth Wednesday of the month.
Over the course of my career, I have worked with hundreds of credit unions of all asset sizes. As a result, I’ve studied and understood leading technology service provider contracts. But I admit to being mightily surprised when I learned that some vendors are charging credit union clients to view their Statement on Standards for Attestation Engagements No. 16.
Developed by the American Institute of Certified Public Accountants, the SSAE 16 (formerly SAS 70) audit confirms that a vendor has undergone an in-depth examination of respective control objectives and control activities. At the end of the day, these are industry requirements. The majority of vendors contractually agree to be compliant with SSAE 16. In doing so, the vendor charges “maintenance” fees to the credit union. That’s fair and a common practice.
Certain core processors, for example, will offload the SSAE 16 costs directly through their client base and direct these clients to contact the client group president and pay a fee when requesting a current copy of the report. The client group is composed of institutions with a subscription fee for membership. So if you are a member of the group, the report is provided to you at a discounted rate. If you are not a member, you have to pay full price for the copy.
Upon recent review of a credit union data processing contract, I came across the following language: “Company X shall provide Client with a copy of such independent audit report (SSAE 16 Type II) of the Company X service center providing services within a reasonable time after its completion, and may charge Client a fee based on the pro rata cost of such audit apportioned among Company X’s clients.”
To charge an additional fee for this service is a somewhat recent phenomenon and is essentially a vendor double-dip, as the credit union is likely already paying a maintenance fee. Maybe vendors are adding this clause to pass on the fee, to make extra money, or to try and dissuade credit unions from learning SSAE 16 findings. My intuition tells me that it’s likely the first scenario.
To be clear, the majority of vendors do not charge a separate SSAE 16 fee because it is built into overall cost of the service. Additionally, most vendors are forthright in sharing respective processes to ensure transparency. Here are three tips credit unions of all asset sizes can use to negotiate or re-negotiate contracts to ensure related savings are maximized:
- Make it explicit. In any and all vendor-credit union contracts, credit unions should amend terms and conditions stipulating that the SSAE 16 audit is required annually and that no additional costs will be charged by the vendor to the credit union for providing access to the most recent copy of the report.
- Reserve the right to amend your contract in the future. What if a credit union recently signed a contract without including the aforementioned amendment? All credit unions can reserve the right to send a request for a contract revisal. Nearly all vendors sometimes send contract addendums to credit unions—be it a new product or service or for a deconversion. So why can’t a credit union do the same? They can, and should.
- Stand firm. When Samaha & Associates helps a credit union negotiate with a vendor, we update all contract items line by line to ensure items vital to a credit union (like this one) are included. When we request vendor response on contract negotiations, we keep going back to the vendor until the interests of the credit union are comfortably represented.
Whether a credit union works with a consultant or goes it alone, it has to be bold in negotiating a fair and workable contract that will serve the institution and its members well over time.
Sabeh F. Samaha is president/CEO of Samaha & Associates Inc., Chino Hills, Calif., a consulting group that works collaboratively with financial institutions to help improve business processes by optimizing efficiency and increasing revenue opportunities.