Credit unions must diligently select vendors, manage third-party risk up front and ensure their investments hit the mark over time.
Here’s an analogy that relates to the current state of vendor management at many credit unions: It’s time for a new car. You research your options carefully online, comparing prices, special offers and reviews of new features. During the test drive, the salesperson enthusiastically describes and demonstrates all the technology assists. Back at the dealership, you negotiate a good deal, opt for financing through your credit union, get a quick tutorial on the controls and directions on where to find additional information, and drive happily off the lot.
Over time, though, you feel vaguely disappointed with your purchase. The sales demonstration made all the features seem so easy, but you haven’t had time to figure out the navigation system and real-time traffic updates. And isn’t there a dash cam somewhere? Your car gets you where you need to go, but you have a nagging feeling you’re missing out on something.
Vendor management typically follows the same arc—with a strong focus on selection and risk management up front but a disconnect in continuing oversight to ensure system optimization and to monitor pricing over time. Cost and potential benefit are assessed at the beginning of a relationship, but few vendor management programs emphasize performance, which involves assessing whether the services deliver on expectations cost-effectively and ongoing due diligence over the life of the contract.
Current vendor oversight tends to be focused on risk management, which satisfies regulators but may give short shrift to ensuring that employees are maximizing the output of systems and services to get the most for the CU’s investment. In the future, vendor management should put equal emphasis on regularly analyzing costs and benefits alongside monitoring risk. The following four strategies can help.
1. Close the Functionality Gap
New solutions are often launched to great fanfare and a commitment to train staff on the system’s full capabilities. But over time, employee turnover and system upgrades may combine to decrease optimization. New employees don’t get the training and support they need. Capabilities used infrequently get left by the wayside. And enhancements go unlearned. Like every other job skill, the know-how to wield the intricacies of a robust technology system develops over time with experience, tiers of training and refreshers, and ongoing support from managers and vendors. Training is not one and done.
The responsibility to ensure that systems are deployed optimally rests with both the CU and the vendor. The CU faces financial, strategic and reputation risks in allowing its technology investments to languish below full functionality. The managers who vetted the solutions so carefully must follow through on implementation; training and periodic evaluations make the most of these tools.
At the same time, vendors should proactively work with client CUs to ensure they’re getting full value for their purchases. By offering regular training and checking in with users, vendors can better deliver on the promise of their offerings and ensure that clients are getting what they paid for.
2. Watch the Wallet
Closely related to the challenge of optimizing system functionality is vigilance in monitoring the costs and benefits of solutions and vendor relationships. A stark reality is that variances in financial services technology pricing are neither rational nor transparent. Services are often negotiated without clear information about market pricing. CU managers shopping for a new system don’t find the costs listed on vendor websites or printed in brochures. They do what they can to advocate for the best possible pricing and terms. Before signing off, they should carefully review and ensure that they understand all aspects of pricing.
Changing circumstances over the life of a contract may affect pricing during its term—and most certainly influence decisions about negotiating a renewal of the relationship. For example, as services become more commoditized, market prices typically compress. However, many contracts include price escalators, so unless these are actively managed, costs will go up when they should probably go down. This cost risk has a direct impact on return on assets and return on equity.
Another consideration with some systems is the volume of transactions, which may increase significantly as a credit union grows over the term of a contract. Tiered-pricing thresholds can be negotiated so that per-transaction costs decrease as volumes rise.
When it’s time to negotiate a contract extension, a CU might be 30 percent or more over current market pricing through a combination of market and volume factors. But, again, it’s difficult for managers to determine where their organization stands. The vendor may offer a 15 percent discount for renewal, which seems like a good deal even though the CU is missing out on an additional 15 percent that new clients are getting. The result is a great deal of misalignment in pricing across the industry.
Whenever a major vendor contract comes up for renewal, it absolutely should be renegotiated. Managers should come to the table with a thorough understanding of price escalators in the current contract, such as a Consumer Price Index or Employment Cost Index clause. And they should do some market research or hire a vendor that negotiates regularly for many CUs to find out about the impact of factors that might call for further discounts in pricing, including the aforementioned volume growth, projections for growth and price compression caused by commoditization.
3. Right Size Vendor Risk Management
In an industry dealing with a burgeoning regulatory burden, most CUs have done a good job with their vendor risk management programs, perhaps even over-investing time and resources. The Federal Financial Institutions Examination Council guidance on risk management calls for ranking vendors according to the complexity and importance of the services provided and the relative risks posed in each contractual arrangement, beginning with tier 1 or “critical” vendors for each CU, tier 2 or “significant” vendors and so on.
In assigning these risk designations appropriately, CUs commit to providing the optimal level of oversight and review to each tier of vendors. For CUs in the $300 million asset range, we typically see nine tier 1 and tier 2 vendors. The number of vendors in these top categories increases to about 20 for organizations in the $3 billion range. These averages may not match your situation, as oversight requirements vary based on complexity of operations and reliance on vendor solutions. A best practice is the use of a third-party risk management system as a means of establishing a workflow to track vendors, risk ratings and required documents.
Within the vendor management framework, each tier of vendors is subject to regular reviews based on risk potential. An annual review of critical vendors, for example, might involve reviewing business continuity plans and financial statements for these organizations. The review criteria for lower tiers are set commensurately, so risk managers are focusing their oversight appropriately. It may be possible to streamline vendor management criteria for some tiers without increased risk.
4. Protect Your Interests
These practices can help ensure that your credit union is getting the most for its investment in technology systems and services:
- Seek user feedback. Set up a formal process to survey a sample group of users of your major systems to gauge their satisfaction. Focus on such topics as member and employee satisfaction, functionality and ease of use, integration with other services, and training and support. While regular surveys and feedback sessions are useful, a user survey should be conducted at a point that would give the credit union adequate time to go through a formal RFP process, select a new vendor and complete the conversion if a replacement system is warranted. Depending on the scope and complexity of the system, the timing of these user surveys could be anywhere from 18 to 30 months before the current term date.
- Renegotiate major vendor contracts at every opportunity. Revisiting pricing and contract terms will help ensure that your credit union’s outlay is aligned with current market pricing. And this process provides an opportunity to negotiate key contract terms that may not have reflected your organization’s best interests previously. One example we see consistently is service-level agreements. The FFIEC guidance is clear on what credit unions should look for in SLAs, but these are often either limited or left out of contracts. If credit union staffers handling the negotiations are not fully versed on what items to ask for and how those asks should be spelled out, SLAs and other contract terms that don’t adequately protect your credit union’s interests may result.
- Review vendor risk management practices. Evaluate the criteria you’ve established to determine your critical and significant vendors. Is the process creating an ongoing commitment that consumes more resources than are really required to manage vendor relationships? Simplifying could free up capacity to focus on the functionality and productivity of these systems and services. Reread your regulators’ guidance to ensure your program does what it’s designed to do without going overboard on the time and resources you commit.
- Get the help you need. Technology services can vary significantly from client to client in how they are optimized and priced, and in how contracts are written. A third-party strategic partner can provide your CU with rational, informed insight and guidance in an often-irrational marketplace. Getting support for negotiations can provide a clearer view of terms and pricing in line with the current market and a game plan to optimize performance of the system and service throughout the contract term.
To head off a disappointing purchase like the one in the opening car-purchase analogy, commit to operationalizing all those features and functions that won you over in the first place. Don’t let other responsibilities and projects take precedence over getting your money’s worth out of key technology solutions.
Nick Lane is a consultant with CUES Supplier member and strategic provider Cornerstone Advisors, Scottsdale, Ariz.