Vendor Management Made Easier
Credit unions rely heavily on third-party providers. Dealing with vendors—in some cases, scores at a time—raises another compliance issue: Making sure you’re getting what you contracted for.
Vendor management software makes this a straightforward matter, says Michelle Willits, associate manager of new alliances at CUNA Strategic Services (CSS). “While credit unions must do their own due diligence, we give them the tools.”
She cites three CSS resources that help credit unions manage vendor relationships:
1. Staff’s extensive knowledge of the due diligence process it has conducted on providers through the years;
2. Its own vendor management product; and
3. The relationship CSS has with Abound Resources, which gives credit unions a third-party source for expertise when they conduct due diligence on potential vendors.
One crucial element in the credit union-vendor relationship is financial liability, says Julie Esser, director of new alliances at CSS. “Don’t take ‘no’ for an answer when requesting financial information about a vendor, especially if you determine the vendor is critical to your operations. You might have to sign a nondisclosure agreement, but make it clear that getting this information is a requirement for doing business.”
The CSS vendor management program is evolving to allow credit unions to assess and assign criticality levels to relationships. A landscaper, for example, is rated lower than a core processor, Willits explains.
“The software allows a credit union to create a spreadsheet that covers all pertinent concerns about a vendor, such as whether it does background checks on employees
who work in sensitive areas,” Willits says.
One common problem is when vendors charge credit unions more or differently for the same services they offer other clients. “Our alliance provider, John M. Floyd & Associates (JMFA), provides a service that determines the fair market value of a vendor’s offering and ensures the services it renders meet the terms of the contract,” says Esser.
The initial assessment is free, and credit unions pay JMFA a percentage of the savings they realize from its negotiation with providers.
Esser advises credit unions to do the following: Document everything. “If you saw a red flag and later moved on in the negotiation,” she says, “determine what led to your original concern and what made you later decide it was not a problem. Write it down.”
Follow your gut instincts if something seems awry. “Either don’t enter the relationship or else look much further,” Esser advises. “Ask, what’s the probability of something going wrong? If it’s high, what will you do if it does? What’s your plan?”
Never sign any agreements that prohibit your credit union from serving members or meeting their needs following contract termination.
And, of course, check references, Willits adds. “Ask your peers if they’d recommend a vendor.”
Other CSS compliance relationships include:
• Perimeter E-Security. Through its security-as-a-software platform, Perimeter offers comprehensive compliance, security, and messaging services, including hosted e-mail, encrypted e-mail, firewall management and monitoring, vulnerability scanning, and intrusion detection and prevention.
• TraceSecurity, a provider of information technology (IT) security compliance, risk, and audit management solutions. It helps credit unions achieve, maintain, and demonstrate IT security compliance.
• Verafin, which provides Bank Secrecy Act and antimony laundering compliance and fraud detection software. Verafin’s customer base includes hundreds of financial institutions spanning a broad range of asset sizes.
• CUNA Strategic Services, Madison, Wis.
CUNA Strategic Services alliance providers:
1. Abound Resources, Austin, Texas: 512-231-1750
2. John M. Floyd & Associates, Baytown, Texas: 800-809-2307
3. Perimeter E-Security, Milford, Conn.: 800-234-2175
4. TraceSecurity, Baton Rouge, La.: 877-275-3009
5. Verafin, St. John’s, Newfoundland: 877-368-9986