A credit union’s information technology (IT) systems are its backbone and central nervous system. Investments in these systems are significant, and the business risk in the event of their failure is even greater.
Yet too often, the process for selecting vendors, products, and services, and negotiating the contract that sets forth vendor obligations and credit union rights is rushed and flawed—customer references aren’t sought, system requirements are inadequately defined, and the fine print is ignored until it’s too late.
As NCUA Letter to Credit Unions 07-CU-13 (“Evaluating Third-Party Relationships") made clear, credit union boards have a fiduciary duty to ensure third-party relationships are conducted in a safe and sound manner.
In addition, state and federal regulators are holding credit unions accountable for performing due diligence and risk assessments in evaluating third-party vendors.
Credit unions must negotiate and obtain agreements that offer adequate protection in the event of a project failure or contract breach.
While there’s no silver bullet that ensures the success of IT projects, it’s possible to reduce the risk of failure through:
Credit unions should follow these steps to increase the likelihood that IT projects succeed.
System and vendor selection
When selecting a system and a vendor, credit unions should:
• Identify and express what functions the system must perform: problems it will solve, tasks it will perform, and time requirements.
If there’s any concern that internal credit union personnel aren’t sufficiently equipped to perform this job, an outside consultant unconnected to whomever might ultimately be hired for the work should be hired to help identify requirements, draft requests for proposals and review vendor responses.
• Request proposals from multiple vendors and leave time for face-to-face interviews with not only the sales team, but the vendor’s designated implementation team for the project.
Successful implementation requires excellent communication and responsiveness. Interviewing the implementation team offers important information on the vendor’s capabilities in this regard.
• Request customer references and follow up with them. Don’t underestimate the importance of the vendor having implemented the system in credit unions or other financial institutions.
• Analyze the vendor’s business to assess not only its track record with similar projects, but its reliance on subcontractors and its financial health.
• Ask to see the vendor’s form of contract that will be used as the basis for the final contract early in the process. Retain counsel with experience in software licensing and IT contracting to review the contract.
• Set a timeframe for vendor selection that permits time for thorough review and consideration of the proposals and negotiation process.
Next: The contract negotiation