8 Techniques to Improve Your Bank s Vendor Management Program. IBAT TechMecca

8 Techniques to Improve Your Bank s Vendor Management Program IBAT TechMecca February 4, 2014

Speaker 512-351-3700 bsmith@aboundresources.com Brad Smith President, Abound Resources 20+ years experience helping community banks achieve their business goals by integrating strategy, sales/marketing, operations and technology 500+ vendor evaluation projects in de novos to multibillion dollar institutions Lead negotiator representing community financial institutions on 200+ software, hardware and outsourcing contracts valued at $150+ million Former Manager of Deloitte & Touche s Community Bank Technology Consulting Practice Instructor at several banking schools Advisor to several community bank trade associations

Who We Are Management consulting firm for the community and small regional banking industry We empower banks to achieve their goals. Goals achieved. Guaranteed. Based in Austin, TX; clients in 47 states Founded in 1997 by former industry execs and Big 5 consultants 500+ software evaluations, 700+ vendor contracts Vendor Neutral Advisors average 25+ years in bank management; lending, cash management, compliance, operations and IT

What We Do Vendor management practice Due diligence gathering service Due diligence review service vmrisk reports bvendor software Outsourced vendor management Vendor evaluations Vendor utilization studies Vendor contract negotiations Vendor implementation

Agenda 1) Introductions and Objectives 2) Vendor Management Overview 3) 8 Techniques to Save Time and Improve Compliance a) Design your program to improve compliance and ROI b) Simplify due diligence gathering with these techniques c) Use tools and checklists to save time 4) Questions

Bank examiners and auditors are increasingly citing vendor management exceptions

You don t want your vendor management program cited

But good intentions can lead to a huge workload if not designed and executed correctly When You Start Your Real Job

These 8 techniques can simplify vendor management and compliance Simplify vendor management

Explore vendor management solutions to save time and breeze through exams

How to Do It Vendor management begins before the purchase Four Phases 1. Vendor Selection 2. Contract Negotiations 3. Implementation 4. Ongoing Optimization and Vendor Management Amount of Leverage You Have

Selecting the Right Vendor Every bank needs a good vendor selection methodology. Build it into your Purchasing Policies. For larger/complex purchases, consider a structured, objective process that puts you in charge: Needs analysis RFI/RFP Finalists Demos Due diligence Vendor selection

Contract Negotiations Define scope of services, products and responsibilities No gray areas! Regulatory guarantees, notification of security breaches, participation in BRP, SSAE16 and financial reports, etc. SLA specifications with incentives/disincentives Protect your interests; use outside counsel or consultant as on big purchases Orderly conversion Regular meetings

Contract Negotiations - SLAs An SLA is a formal negotiated agreement between the bank and their service provider. May also be a three party agreement to include multiple providers. It records the common understanding about: Services to be provided Priorities Responsibilities Performance guarantees The main purpose to agree on the level of service and the associated incentives/disincentives for meeting those responsibilities.

Implementation Poor implementation is nearly impossible to recover from Clear roles typically they install or convert, you implement For software, don t forget process redesign Project Management Best Practices Establish adequate system controls Segregated duties and dual controls

Ongoing Optimization and Vendor Management Put it on your IT Steering Committee Calendar Keep tabs on financial health of vendor Periodically review vendor performance Participate in user groups and band together Review invoices Identify vendor interdependencies/brp testing Review vendor s SSAE16 s annually Assign owners for each system

Design your program to save time, increase ROI and improve compliance Vendor management is the discipline of establishing vendor cost, benefit and risk management goals AND selecting and managing vendors to consistently meet those goals

Tip 1: Agree on Vendor Evaluation Processes and When to Use Purchase Price Risk Rating Tier Evaluation Method High 1 Full RFP High 2 Full RFP High 3 or 4 Short RFP Med 1 Full RFP Med 2 Full or Short RFP Med 3 or 4 Short RFP Low 1 Short RFP Low 2 Short RFP or 2 Bid RFI Low 3 or 4 2 Bid RFI Note: For illustration only

Tip 2: Standardize vendor evaluation criteria Benefits Financial benefits Product functionality Technical considerations Service and support Vendor strengths Cost Total 5 year costs Capital costs Ongoing expenses Risk General Vendor risk Financial risk Contractual risk SSAE16 risk BCP risk Note: For illustration only

Simplify due diligence gathering with these techniques

Vendor Risk Management Conceptual Flow Vendor Risk Assessment Due Diligence Requirements Due Diligence Review Report of Adjusted Risk

Tip 3: Use a 4 Tiered Risk Rating Three-tiered Risk Rating Four-tiered Risk Assessment Approach Result? 107 fewer documents to request, gather, review and base recommendations from

Tip 4: Only Ask for Documents You re Going to Act On

Tip 5: Negotiate in compliance and time savings

Use tools and checklists to save time Vendor Management Bloat Tool

Some tools solve non-existent problems

Some tools only dress up a bad process

Some tools only create more work

Tip 6: Use standards and checklists The basics Vendor risk assessment Vendor evaluation checklist Vendor due diligence checklist Vendor contract review checklist Vendor implementation checklist Vendor review checklist Contract language standards

Tip 7: Design the Board report first, then work backwards or

Tip 8: Evaluate automation and co-sourcing options

Best Practices for Running Your Program 1. Agree on vendor evaluation processes and when to use 2. Standardize vendor evaluation criteria 3. Use a 4-tiered risk rating 4. Only ask for documents you re going to act on 5. Negotiate in compliance and time savings 6. Use standards and checklists 7. Design the Board report first, and then work backwards 8. Evaluate automation and co-sourcing options

So, how do you put these ideas into place?

Prevent vendor management bloat with the best tools and techniques

And all will be right in your vendor management world

Questions