Pressure to perform well in today’s financial services industry is at an all-time high. With new competitors emerging at every turn, credit unions find themselves under pressure from upper management and the Board of Directors to cut costs, increase efficiencies, and boost revenue, all while maintaining firm control of operational details, meeting all regulatory and reporting requirements, and managing within the existing budget. It’s a task worthy of Hercules, and credit unions are finding that outsourcing some of the workload to third-party vendors is the only solution, both from a time-management perspective and from an efficiency standpoint.
However, outsourcing work of any kind to a third party is fraught with peril, especially when the vendor’s services impact your members. That seemingly perfect vendor that you’ve chosen is essentially an extension of your organization. Ideally, they’ll act, think, and perform as you would expect your employees to. When that doesn’t happen, the potential for damage to your reputation is quite high. But that’s not the only risk. The business itself may be jeopardized.
Vendor Risk Management is Key
Having a strong vendor risk management (VM) program in place before bringing on a third-party vendor goes a long way toward mitigating the risks associated with outsourcing tasks and services. Many credit unions struggle with implementing a robust VM program because of the extra costs and time management required to sustain it. However, having a vendor risk management plan in place should be viewed as a necessary step toward fiduciary and organizational responsibility. After all, if something goes awry with one of your vendors, your institution is the one that bears ultimate responsibility for the consequences. A solid VM plan will not only help identify and mitigate the risks of working with a third party; it can also save thousands of dollars in fines and penalties.
If you’re still wondering whether implementing a VM program in your credit union is the right next step, take a look at the top 5 benefits for doing so:
Improve your vendor acquisition strategy. While the NCUA has not ruled out outsourcing as an operational strategy for credit unions, it has issued guidelines around how the decision to outsource is approached and evaluated. Supervisory Letter 07-01 to credit unions states, “Credit unions must complete the due diligence necessary to ensure the risks undertaken in a third party relationship are acceptable in relation to their risk profile and safety and soundness requirements…The risk management process involves identifying and making informed decisions about how to address risk.”
Due diligence dictates that a VM program be put in place to assess the viability of new business partners. A vendor risk management program enables you to choose partners who are capable of delivering products and services in a way that fits within your organizational structure, while appropriately managing risk within your credit union’s risk appetite. Vendors who have experience in partnering with credit unions or other financial institutions should have the ability to blend in seamlessly, to the point that members have no idea that they’re dealing with an entity other than the credit union itself. In addition, performing a vendor risk assessment ahead of time can help you determine which companies make good partners. If the company you’ve chosen to partner with isn’t financially stable and able to carry on business uninterrupted by daily minutiae, you’ll be the one paying the price in the long run.
A good VM strategy can also cut down on the number of vendors needed. By bringing on one experienced, capable partner that can handle a variety of services rather than three or four that only specialize in one area, you may drastically reduce the risk associated with outsourcing operations. Reducing the number of vendors also streamlines efficiencies and can result in cost savings for the organization.
Mitigate risks involved in working with a vendor. Increased efficiency and reduced cost are two reasons credit unions decide to outsource. Both of these are achieved by working with high-quality vendors. However, working with vendors also opens the door to risks on many different levels. The organization is now susceptible to additional threats that may originate from within the third party. VM assessments help identify those risks and put measures in place to monitor, control, and/or mitigate them. Many security breaches happen as a result of external attacks through third party systems. Think back to recent episodes like the Target or Google security breaches for validation. Both of these situations came about as the result of inadequately-protected systems that were accessible by third-party vendors. Vendor risk assessments help determine your chosen vendor’s stance on security and other potential areas of risk.
Governance and regulatory requirements are met and enforced on a consistent basis. In order to manage vendors effectively and responsibly, credit unions need some method by which to measure their performance on a regular basis. Vendor risk management systems help track this information. Knowing where your vendors stand in relation to performance, benefit to the organization, and profitability helps you maintain control of the operation at all times – something regulators like to see. VM systems help create guidelines for review of vendor operations and performance and this, along with establishing reporting frequency, keeps the relationship on track and running smoothly with a minimum of effort.
Cultivate efficient, productive working relationships. Credit unions may outsource for a variety of reasons: They may want to expand their product or service portfolio; they may not have the internal personnel or expertise to handle certain processes; or they may need help managing programs they wouldn’t otherwise be able to offer. Regardless of the reason, good VM practices include establishing guidelines for working with vendor employees at all levels of the organization. Guidelines should also outline how sensitive data is transferred between organizations, proper escalation channels for difficult issues or member complaints, and how personnel challenges are dealt with. Ensuring that this is documented and disseminated throughout both organizations from the start of the partnership leads to greater productivity on both sides, resulting in strong, more effective relationships. This, in turn, boosts employee morale and results in improved delivery of products and services to members.
Create a strategic partnership. Some vendors are so good at what they do that they’re able to partner with the organization on a more sophisticated level. This is when real synergies happen. As organizations work together over time, relationships start to coalesce. Conflict resolution becomes easier because the parties know each other better and have established a level of trust. Both are now working toward a common goal, that of increased revenues. In this scenario, it’s not uncommon for the partners to start looking for ways to expand their capabilities to even greater breadth and depth, resulting in continued financial success on both sides.
Offering VM Help for Credit Unions
Vendor risk management is something every credit union must take into consideration before hiring a third party to handle any of the day-to-day operations of the business. Rochdale Paragon Group offers vendor risk assessments that help credit unions vet a potential partners’ worthiness. By identifying the degree of associated risk, analyzing it, and then strategizing on ways to mitigate it, credit unions can choose strategic partners that truly add value to the organization. We also assist in obtaining the due diligence information necessary to provide assurance that you’ve selected the right partner for each critical function. If your credit union is ready to take vendor risk management to the next level, contact Rochdale Paragon Group for more information.