Trusted Advisor to Banks and Credit Unions

Are Banks and CU’s “Required” to have a third party due diligence review of their vendor contracts?

We attended some interesting presentations last week at the Illinois Bankers Association. One in particular was called “The ISO’s guide to Third Party Oversight” by a company called CoNetrix. Sounds about as interesting as watching paint dry, doesn’t it?

The initial reason we attended was to try to ensure that the Remedy Request for Proposal (RFP) that we use for our core vendor systems selections continues to meet best practices and audit standards. What we learned, however, was that there are several agency’s whose recent publications advocate for a third party “expert” to review contract processes. Particularly for large vendor contracts, like a core vendor renewal, eCommerce, or debit/credit contracts:

  • FFIEC
  • FDIC
  • OCC
  • NCUA
  • FRB

It is interesting that each of these agencies, independently, seems to recommend that there is enough risk in these large, expensive 5-7 year contracts that Boards of Directors should have someone besides internal teams reviewing pricing and terms and conditions.

Now, keep in mind that the vendor that put on this session also sells a vendor management software. With that in mind, though, their purpose seemed to be to educate the CIO’s in the room of the exact regulatory bulletins where the guidance was introduced over the years.

I found the presentation interesting, simply because of the volume of core vendor systems selections and contract negotiations that Remedy performs. For more on that, you can check out our contract negotiations page:

Why is this important?

Unfortunately, the message fell on less than enthusiastic ears, because as we looked around the room during the presentation, we saw at least as many of the CIO and IT Manager participants reading their emails than paying attention to the speaker.

The takeaway for us was that although the regulatory agencies recommend a third party review of price and contract terms and conditions, a recommendation is not a mandate, and so CIO’s and CTO’s have flexibility in whether they wish to follow the guidance or not.

Our final word on this topic: If Remedy and some of our counterparts are willing to review the entire contract-terms, conditions, pricing, and handle all of the heavy lifting of contract negotiations for a bank or credit union for a percentage of what we can save you, isn’t that a win-win for the bank?

The Board of Directors gets to check a box on their next audit, they get an independent third party review of the pricing and terms and conditions, and, they get cost savings that their CIO/CFO likely cannot get them.

We’ll never understand why many CIO’s and CFO’s believes that they should handle these negotiations without some help!

At any rate, after this Illinois Bankers presentation, we now have a better understanding of where to find the regulatory bulletins from each of these agencies related to contracts and vendor selection. Feel free to give us a call if your bank or credit union’s board of directors needs that information during your next contract renewal or internal audit..

Leave a Comment