People completing a form

A 4-Point Vendor Management Checklist to Mitigate Risk & Keep Employees Happy

January 18, 2024

Authored by Carrie Helmle & Ash Omar and published in CU Insighton January 2, 2024. 

Third parties, particularly fintechs, are generating a lot of interest in the credit union sector. While the NCUA still has not obtained vendor oversight, that doesn’t mean they aren’t diving into vendor due diligence processes.

Against this backdrop, the work of the credit union staff leading vendor management has never been more important to their organizations. Moving into 2024, there will no doubt be increased scrutiny on vendor connections to credit union systems, as well as vendor compliance competency.

As of today, the regulatory buck stops with credit unions. In the eyes of an examiner, a vendor’s mistake is the credit union’s mistake—and it can be a costly one. Not only from a financial standpoint, but reputationally, operationally and even culturally. Credit unions are under a lot of pressure to deliver elegant digital banking experiences, and many of the teams leading this charge are burning the innovation candle at both ends.

While there are many best practices that drive vendor management excellence, our team has run across four must-haves that can benefit every credit union.

1. Follow consistent processes for evaluating new vendors and suppliers.

Every vendor is unique, which can make it tempting to bend and shape due diligence processes to each potential partner. However, sticking to your guns in terms of what you request has several advantages.

First, consistency provides a strong track record for examiners who can see from documented uniformity how seriously your credit union takes vendor management.

Second, members of your vendor management team are subjected to less guesswork and have top-down support to push back against any potential partners, or even internal stakeholders, who may ask them to make an exception.

Third, consistency across processes makes it much easier to spot outliers—and therefore, potential risks.

2. Automate ongoing due diligence tasks.

Vendor due diligence is far from a one-and-done job. The pace of business today necessitates regular check-ins with partners. Contracts expire, insurance policies lapse, financial stability ebbs and flows. Credit unions are responsible not only for vetting partners before the relationship begins, but throughout. This often creates a lot of time-consuming and manual work for risk and compliance teams.

Integrating technology automation into the process can alleviate many of the tedious to-dos. More importantly, however, it can serve as a backup to the team, alerting them to any missed deadlines or upcoming assignments.

Some automation platforms can even do the assigning for you, sending personalized notifications to specific members of the team or to identified contacts within the vendor partner’s firm. Even better, some software can track how different individuals—from internal department leads to board directors—are progressing against their assigned tasks.

3. Establish workflows to track action steps and provide an audit trail.

Using technology to keep an eye on how tasks are progressing not only gets jobs done faster; it also maintains a culture of accountability. That’s something examiners very much appreciate seeing within any financial institution that is run by humans (which is all of them … at least for now).

Some of today’s most robust regtech platforms enable credit unions to customize workflows to their own people, processes and technology. This means there is consistency, but also documented history, of who does what and in which order. There is protection against misunderstandings, miscommunication and missed deadlines.

4. Store and organize vendor documents and contracts in a centralized location.

It’s not pleasant to talk about, but the fact remains that not everyone who works at the credit union today will work there tomorrow. Documenting outcomes is one thing; keeping them somewhere they can be located and easily accessed is another. It’s the rare examiner who will be okay with the excuse, “A former colleague misplaced those records.”

When deciding where to maintain vendor management documentation, look for tools that can play double-duty—storing, but also organizing, files. This makes onboarding of new risk and compliance team members much quicker and much more contextual.

You may have noticed a theme running through the above four practices. Each not only mitigates vendor risk, but also prioritizes the risk and compliance team experience. Keeping employees happy is more critical than ever now that compliance expertise is among the hottest talent commodities in the financial market. Competing for candidates is only one piece of the puzzle; making sure they have everything they need to be successful is equally as important.

Back

Recent/Related Articles

The Top 8 Risk Reports for GRC Leaders

May 20, 2024

With factors ranging from the economy to the environment to artificial intelligence playing a part, it is essential for financial institutions, insurers and other regulated businesses to have a sound risk management program in place, and here are 8 reports that help GRC leaders become more strategic.

Video: Why Should Risk Management Be Top of Mind for Boards?

May 13, 2024

Global CIO & Interim CEO, Ogie Sheehy, talked with CU Management (CUES) about why risk management and creating and maintaining a risk register are critical for boards.