From pastry chefs to tightrope walkers, every job requires a specific set of skills. For vendor risk managers, it’s all about an analytical mind and keen organizational skills.
Unfortunately, there’s often so much organizing that needs to be done that there isn’t nearly enough time to dedicate to analysis, which leaves open the door for undetected and unmitigated risk. Vendor risk managers can be so busy putting out fires that they can’t dedicate themselves to big picture thinking the way they should.
It’s a problem that can be overcome with the right processes and outlook. Here are five tips to help you succeed at vendor management by making your institution more organized and efficient:
- Ask to see every contract before it’s signed. Contracts that aren’t carefully negotiated and reviewed may include provisions that make it difficult to monitor vendor performance and mitigate potential risks. Work with your institution’s leadership to develop a review process for all potential contracts from a vendor management point of view. The people at the negotiating table may know about pricing and what they want the system to do, but chances are they aren’t thinking about risk.Even better, make sure everyone knows to ask about performance and monitoring criteria when hammering out a deal so there is less back and forth after the review. It will save everyone time in the long run and make for a better vendor management program.
- Keep contracts together and track expiration dates. If the head of IT or another key employee suddenly left your institution, would you be able to find all your vendor contracts? At too many institutions the answer is no. Contracts are scattered throughout computers, desk drawers, and filing cabinets with no centralization. No one knows how many vendors the institution has or where to find information about them.Keep all your contracts and their support documents in a central location. Even better, track key dates such as autorenewals, price increases and contract expirations. Many financial institutions accidentally re-up with vendors when it would be more beneficial to renegotiate a contract. It’s an avoidable problem. Keeping contracts and key dates in a centralized location not only saves time when hunting down information, it can save money too.
- Review vendor contracts for the right things. Make sure that whoever is reviewing your contracts is experienced in evaluating contracts for financial institution products and services. The average vendor risk manager is not a lawyer and may struggle with analyzing the nuances of long or complex vendor contracts. Even general counsel can fall short if their expertise is in reviewing real estate contracts. It’s critical to have someone look at these documents with an eye towards risk. It will save you headaches down the road.
- Have a system for collecting due diligence and monitoring documents. Chances are you have many vendors and those vendors owe you a lot of documents, everything from SSAE 18s to insurance certificates. Vendors aren’t always on the ball when it comes to turning over the due diligence documents you need, and regulators don’t care about excuses. Make sure you have a system for collecting and storing these documents. You need to know what documents you should have, which documents you actually have, which you still need and what you’re doing to try and collect them. If you don’t have the time to repeatedly call a recalcitrant vendor, find a way to outsource the task and know that it gets done.
- Seek out alerts. Don’t learn about vendor problems the hard way. Proactively seek out information on your vendors and make sure it’s reflected in your most current risk assessment. The alerts you receive may end up irrelevant to the specific products and services you use—or they may cause you to entirely rethink the vendor’s risk assessment and the relationship.