Home / Banking Strategies / Managing vendor and consultant risk

Managing vendor and consultant risk


Banks have always employed third-party vendors to build proprietary software applications and perform compartmentalized tasks in order to run more efficiently. On top of that, finding and servicing these applications and business functions often requires the use of a consultant.

With all these moving parts, it’s easy for friction to arise. And if these three parties – bank, vendor and consultant – butt heads, it can spell disaster for all, particularly the bank, since the work is performed under its brand.

Capital One Financial Corp. learned this lesson the hard way. In July 2012, it paid $210 million in a settlement involving deceptive schemes by its third-party call center to sell Capital One’s products. Capital One was ultimately caught in the crosshairs of the Consumer Financial Protection Bureau (CFPB) because of its vendor’s work. Other banks have come under scrutiny due to newer, stricter standards from the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Federal Financial Institutions Examination Council, and the CFPB.

According to law firm Williams Mullen, reducing this threat requires a thorough vendor risk assessment, due diligence, well-written service-level agreements and continuous monitoring — including a contingency in the enterprise risk management plan to account for any possible emergency or outage.

Clearly, there are many factors and risks that come with pairing up your vendor and consultant. Rather than shop for the cheapest vendor, utilize these three tests to ensure that consultants are finding the best tech vendors for working in tandem with your bank:

The “current market knowledge” test. A competent consultant should have hands-on experience with all market-leading vendors in order to understand the best solution for the bank. All too often, a consultant gets stuck in a rut, recommending the same vendors year after year.

While long-term relationships can be helpful, this strategy ties the successes and failures of the vendor to the bank. It can also lead to costly projects down the road, such as when the operating system manufacturer discontinues support of the current system, rendering the vital application provided by the vendor incompatible.

Instead of pigeonholing the bank into a relationship with a vendor that may not be around next year, foster innovation by ensuring consultants and business analysts meet regularly with key vendors to keep a finger on the pulse of technological changes.

The “top five” test. Not only should consultants be aware of the top five market leaders, but they should also know the top five players by growth rate. Although they may not have the installed customer base of the current leaders, these movers and shakers are gaining market share by attracting attention with their innovative approaches.

Don’t just court the established players; ensure that consultants and analysts are also meeting with vendors touting newer technology that may be more efficient and stable than the current integrated solution.

The “chosen by peers” test. It’s important for consultants to know which vendors their peers are utilizing. Though a vendor may not be the best fit for your bank, it needs to be evaluated to learn why another team chose it. Understanding the strengths and weaknesses of each vendor gives a bank insight into the competition. Ensure that the consultant knows who is working for whom.

Outsourcing banking technology can be a gamble, and it’s often necessary to hire a consultant to assist. The operational, compliance, and reputational risks of utilizing each vendor are among the many issues that should be evaluated by both consultant and bank. Ensuring these parties work together as a team guarantees continued success for all organizations involved in building the bank’s brand.

Ms. Jepsen is vice president of consultant relations at Jacksonville, Fla.-based Fidelity National Information Services (FIS). She can be reached at [email protected]