Banks and other financial institutions have conducted tactical vendor management activities for decades. Much of this activity also has been performed in silos throughout these organizations.
As reliance on third-party providers domestically and globally grows, often driven by competitive pressures, the management of those vendors has become increasingly complex and scrutinized. Indeed, it’s not unusual for the largest financial institutions to have more than 50,000 vendors!
Add to the picture aggressive rollout of new services and products, heightened merger and acquisition activity, and new regulations regarding third parties, and it’s no wonder that financial services industry observers are left with one word to describe the current state of vendor management: Chaotic.
Even in the midst of this challenging environment, companies that employ the right strategic approach can do more than just meet compliance requirements; they can capitalize on better vendor management to achieve operational improvements and enhance the value provided by third parties. A recently published Protiviti white paper, Vendor Management: Realizing Opportunities in the Financial Services Sector, offers guidance in this regard.
One of the most common problems afflicting organizations is that there is no single point of accountability for managing vendor activity. Different functions and lines of business often hire their own vendors – or sometimes the same vendor – unaware of the vendor’s existing relationship with the company. The lack of centralized vendor data or reporting may make it difficult, if not impossible, to understand the complete picture with each vendor, identify spending patterns or uncover opportunities for more cost-efficient sourcing. Such a deficiency also hinders sharing of best practices across business units.
Furthermore, companies that lack good mechanisms for the ongoing management of their vendor relationships likely will struggle to ensure that contractual terms and related service-level agreements are fulfilled. These issues, in part, explain why regulators – including the Office of the Comptroller of the Currency and the U.S. Federal Reserve Board – are increasingly concerned that institutions have:
- Failed to perform adequate due diligence and ongoing mentoring of third party relationships
- Entered into contracts without assessing the adequacy of a third party’s risk management practices
- Entered into contracts that incentivize a third party to take risks that are detrimental to the bank or its customers in order to maximize the third party’s revenues.
A sophisticated vendor management organization (VMO) can help institutions to tackle these compliance issues, but just as importantly, it can help them build strategic partnerships with vendors to drive greater value. Protiviti has identified six critical elements that an evolved and mature VMO is built upon: Contracts, spend, classification, metrics, governance and relationships.
How these elements are assembled and the degree to which they are developed determines the effectiveness of the VMO. The first step in making necessary enhancements is to ask key questions, such as:
- Are our vendors classified using factors such as the importance of business function supported; geography; ease of replacement; dollars spent; frequency of use; data privacy requirements or level of reputational risk?
- Do our current vendor management activities include a mechanism for reducing risks?
- To what extent are our current spend analyses driving vendor management decisions?
- How effective are our existing relationship management metrics in improving vendor performance?
By answering these questions, companies can gain a clearer picture of their existing state of vendor management and a better understanding of the work required to elevate it to a strategic level that yields real operational benefits.
Do you have a vendor management organization that delivers more than just basic performance and compliance management? I’d love to read your insights in the comments.