Assess Vendor Reputation Risk – Before You Have to Rebuild Yours

Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution.

#8 – Reputation Risk

Ben Franklin once wrote that “Glass, china and reputation are easily cracked, and never well mended.”

It’s a lesson that many financial institutions have learned the hard way as they’ve entrusted their reputation to third-party service providers whose mistakes have caused material damage. Whether it’s lawsuits, outages, fraud or data breaches, consumers notice bad headlines and take their business elsewhere.

Consider the headache $18.4 billion-asset First National Bank of Omaha faced earlier this year when it came out that its credit card add-on vendor charged customers for credit monitoring services they didn’t receive.

Neither customers nor regulators differentiated between the bank and its vendor—blaming the bank for ripping off customers. Not only did the bank pay millions in penalties to the CFPB and OCC, the bad publicity of newspaper headlines costs the bank in customer goodwill. Who knows when the bank will regain this loss of public trust?

  • Vendor mistakes like this can hurt a financial institution’s reputation, according to the FDIC and OCC, when they cause:

    • dissatisfied customers/poor service
    • frequent or prolonged service disruptions
    • interactions not consistent with institution policies
    • inappropriate sales recommendations
    • security breaches resulting in the disclosure of customer information
    • violations of consumer law and regulation
    • negative publicity involving the third party

    While there’s no guarantee that vendor actions won’t damage an institution’s reputation, thorough due diligence can help an institution gauge the risk a particular vendor poses and mitigate those risks. It just takes some digging. The good news is that almost all of those sources are publicly available and easy to find if you know where to look.

    It also helps that that many of these reputation risks overlap with other common risks including operational risk, transaction risk, compliance risk, cyber risk and cloud risk. FIs that use a comprehensive approach to vendor management will be best able to leverage existing work in these areas to quickly, efficiently and thoroughly assess reputation risk.