Introduction to Vendor Management

Transcription

1 Introduction to Vendor Management BOI October 15, 2013

2 Speaker Brad Smith President, Abound Resources More than 20 years experience helping community bank achieve their business goals with technology 500+ vendor evaluation projects in de novos to multibillion dollar institutions Lead negotiator representing community financial institutions on 200+ software, hardware and outsourcing contracts valued at $150+ million Develop Abound s vmrisk methodology Former Manager of Deloitte & Touche s Community Bank Technology Consulting Practice Technology advisor to several industry trade associations bsmith@aboundresources.com

3 Who We Are Management consulting firm for the community banking industry We empower community financial institutions to achieve their goals. Goals achieved. Guaranteed. Based in Austin, TX; clients in 40+ states Founded in 1997 by former bankers and Big 5 consultants 500+ software evaluations Vendor neutral Advisors average 20+ years in CFI management; lending, cash management, risk management, operations and IT Endorsed by IBAT, ICBM and CUNA

4 What We Do Goals achieved. Guaranteed. Vendor management practice (RightPath VM) Vendor Evaluations Vendor Utilization Improvement Contract Negotiations Conversion and Implementation Services Ongoing Vendor Management and Risk Monitoring

5 Agenda What is Vendor Management? Why is It Important? The Biggest Issues We See Characteristics of a Good Vendor Relationship Case Study Best Practices and How to Do It Tips to Save Time and Improve Risk Management Action Steps

6 What Is Vendor Management? Ensure each vendor: Meets your needs Fulfills their contracts Provides value to your bank Your goals: Manage the risks associated with the vendor relationship Improve vendor ROI, performance and accountability

7 What Vendor Management Is Not It is not about getting their financials and SAS 70s It is not about beating them up. No adversarial relationships. Lose-lose

8 Reliance on vendors brings risk. As such, it s a regulatory hot button that will only get hotter ROI, service levels and performance issues Why Is It Important?

9 Why It s Important Vendor Risks Vendor doesn t provide the expected service due to bankruptcy, business interruption, etc. Buying something that doesn t meet your needs or performs unsatisfactorily Vendor without proper security causing financial or reputational loss Ambiguous expectations delayed implementations, inefficient operations, extra costs, potential losses, customer impact Give up legal protections

10 Why It s Important Service Levels/Performance Issues IT is now the second largest non-interest expense in community banks Community banks typically use less than 50% of their paid for functionality Poor vendor management (both IT and non-it vendors) has a direct effect on bank s ROI Decreased efficiencies Inability to offer products and services Negative impact on customer service

11 Why It s Important Regulatory Issues Financial institutions should establish and maintain effective vendor and thirdparty management programs because of the increasing reliance on nonbank providers. Financial institutions must understand the complex nature of arrangements with outside parties and ensure adequate due diligence for the engagement of the relationships and ongoing monitoring. FFIEC

12 Why It s Important Regulatory Expectations General expectations Vendor management policy Vendor risk assessments at time of purchase and ongoing Vendor due diligence at time of purchase and ongoing Suggest Service Level Agreements (SLAs) Resources FFIEC FIL FIL Section 501(b) of GLBA Outsourcing Technology Services FDIC s Effective Practices for Selecting a Service Provider

13 The Biggest Issues We See Vendors Over promise and underdeliver No service level guarantees Finger pointing - integration and interface issues Sell and forget Don t provide due diligence info Weak selection process; (buying based solely on a demo, no consensus) Banks Over-reliance Not holding vendors accountable Not holding themselves accountable Buy and forget

14 Characteristics of a Good Vendor Relationship They Pro-actively contact you beyond error resolution and new sales Look for ways to increase utilization Annual utilization study Report of support calls Personalized updates of new enhancements They look for ways to reduce costs You Hold them accountable Hold yourselves accountable Include them occasionally in IT Steering Committee meetings Get their input into your strategic technology plan Are active in their users group Work together for BRP testing

15 Case Study Exercise Discuss TriView s Suppliers and Partners Identify Your Bank s Suppliers and Partners Simple Risk Assessment for TriView Simple Risk Assessment for Your Bank Discuss Your Bank s Due Diligence Requirements Discuss Your Bank s Contract Points

16 How to Do It Vendor management begins before the purchase Four Phases 1. Vendor Selection 2. Contract Negotiations 3. Implementation 4. Ongoing Optimization and Vendor Management Amount of Leverage You Have

17 Selecting the Right Vendor Every bank needs a good vendor selection methodology. Build it into your Purchasing Policies. For larger/complex purchases, consider a structured, objective process that puts you in charge: Needs analysis RFI/RFP Finalists Demos Due diligence Vendor selection

18 Contract Negotiations Define scope of services, products and responsibilities No gray areas! Regulatory guarantees, notification of security breaches, participation in BRP, SAS 70 and financial reports, etc. SLA specifications with incentives/disincentives Protect your interests; use outside counsel or consultant as on big purchases Orderly conversion Regular meetings

19 Contract Negotiations - SLAs An SLA is a formal negotiated agreement between the bank and their service provider. May also be a three party agreement to include multiple providers. It records the common understanding about: Services to be provided Priorities Responsibilities Performance guarantees The main purpose to agree on the level of service and the associated incentives/disincentives for meeting those responsibilities. SLA Exercise EFT Services and lost revenue

20 Implementation Poor implementation is nearly impossible to recover from Clear roles typically they install or convert, you implement For software, don t forget process redesign Project Management Best Practices Establish adequate system controls Segregated duties and dual controls

21 Ongoing Optimization and Vendor Management Put it on your IT Steering Committee Calendar Keep tabs on financial health of vendor Periodically review vendor performance Participate in user groups and band together Review invoices Identify vendor interdependencies/brp testing Review vendor s SAS70 annually Assign owners for each system

22 Highlights from Abound Resources 2010 Vendor Management Survey Generally satisfied but believe vendor management will rise in priority in next 24 months Time is the biggest challenge Inconsistent process Manual, labor intensive process Lack of executive and Board-level oversight Source: Abound Resources 2010 Vendor Management Survey

23 Time Saving Tip 1: Standardize vendor evaluation criteria Benefits Financial benefits Product functionality Technical considerations Service and support Vendor strengths Cost Total 5 year costs Capital costs Ongoing expenses Risk General Vendor risk Financial risk Contractual risk SAS 70 risk BCP risk Note: For illustration only

24 Tip 2: Agree on Evaluation Processes, When to Use Purchase Price Risk Rating Tier Evaluation Method High 1 Full RFP High 2 Full RFP High 3 or 4 Short RFP Med 1 Full RFP Med 2 Full or Short RFP Med 3 or 4 Short RFP Low 1 Short RFP Low 2 Short RFP or 2 Bid RFI Low 3 or 4 2 Bid RFI Note: For illustration only

25 Tip 3: Negotiate in compliance and time savings

26 Vendor Risk Management Conceptual Flow Vendor Risk Assessment Due Diligence Requirements Due Diligence Review Report of Adjusted Risk Note: For illustration only

27 Tip 4: Use a 4 Tiered Risk Rating Three-tiered Risk Rating Four-tiered Risk Assessment Approach Result? 107 fewer documents to request, gather, review and base recommendations from

28 Tip 5: Only Ask for Documents You re Going to Act On Note: For illustration only

29 Tip 6: Automate and/or outsource

30 Best Practices for Running Your Program Business decision, not just a compliance issue Less is more Don t get lost in the weeds Standards and checklists Simple, visually effective report

31 Action Steps 1. Inventory your vendors and contracts 2. Assign an internal owner for each vendor relationship 3. Start tracking vendor issues 4. Grade your vendors on performance 5. Update purchasing policy and adopt a selection methodology. 6. Build standard language for all contracts. 7. Set a date for presenting Vendor Management updates to IT steering Committee.

32 Conclusion Vendor management begins before the purchase Hold each other accountable it s really relationship management Regulatory scrutiny will increase but do it for business reasons

33 Questions

34 How We Might Be of Help Vendor management: Vendor management policies and programs Vendor due diligence gathering and evaluation Vendor evaluation/selection Vendor utilization improvement Vendor contract negotiations Vendor conversion and implementation assistance Risk Management and Compliance ERM Assessments and Plans Risk Management Best Practice Reviews IT Audits, Security Assessments BSA/AML Reviews, Programs Loan Review Credit Risk Management Best Practices Review Troubled bank assistance Please contact: Brad Smith President Ryan Esquell VP of Sales