How to Raise the Vendor Management Bar

Vendor management maturity levels vary across the company spectrum. As part of our many in-depth consultations with clients and prospects alike, we find that the staffing, expertise and even the expectations of what vendor management means to an organization varies by several degrees.

Let's go through common reasons for neglecting vendor management, frequent questions and attitudes and how to raise the vendor management bar.

Common Reasons for Neglecting Vendor Management

People hesitate to do proper vendor management because of aspects such as these:

• Vendor oversight adds another layer of responsibility to an organization.
• Vendor management adds more items to the TO DO list.
• Vendor management increases the cost of doing business – reduces margins.
• Vendor management could be viewed as an intangible to executive leadership and the board.
• Leadership may know they must do vendor management, but only do enough just to get by.

If this sounds familiar to your organization, there’s still hope for you as a vendor management professional and that of your board. And, if you’ve already gotten past these hesitations, then you’re through a rough spot.

Frequent Questions and Attitudes From Lenders

Let’s now go through some common questions and attitudes I’ve seen in the industry and my thoughts towards them.

• Why is oversight so important? The common-sense answer is because depending on what type of company you are, there is likely a regulation which requires oversight of your third parties.
• Can’t we check the box? Of course, you can, if you want to play chance with your regulators.
• The vendor seems like a nice group of people. I’m sure they are too, but nice doesn’t take home a compliance award. Strong systems, policies and procedures and evident controls prove how well a vendor can support you and your client.
• Isn’t de-regulation going to help me get away with less oversight? De-regulation at some level may be a reality, however regardless of de-regulation, the cyber threats, hacking, access to systems and NPPI exposure are real risks which are on the rise regardless of the level of regulation the industry may or may not experience in the future.

This should help solidify the importance of vendor management and vendor oversight. Now, let’s go through best practices.

9 Things to Do to Raise the Vendor Management Bar

Here are 9 things you can do today to mature your vendor management program without missing a step.

1. Meet with all your critical and high risk vendors. Ask them to train you on the actual process of ordering their product or service. This is also a fantastic way to compare how each system operates and provide insight into pros and cons of each service that isn’t readily identifiable just from a contract or annual oversight practice.
2. Meet with the lines of business who use each product. Your internal customers offer an enormous amount of insight into the product and service.
3. Know your craft. Bootcamps, online articles (you’re reading this one for a reason) and vendor management courses are great ways to stay educated. Information today is just a click away. Gain internal endorsement that vendor management training is equally important as compliance or guideline knowledge.
4. Meet your peers. Compare notes (just don’t share any Intellectual Property or trade secrets). Vendor management professionals are some of the most skilled professionals I know since they have a good mix of operations, technical, risk and compliance expertise.
5. Know the regulators which impact your organization. This could be FFIEC, OCC, NCUA, CFPB, SEC…and even state regulators may have hot buttons that they like to review.
6. Know the regulations which impact you and your vendors. This may include GLBA, Red flags, UDAAP, FCRA, ECOA, UETA, TCPA, AIR, HMDA and TRID.
7. Subscribe to vendor management blogs to stay updated. For example, you can subscribe to Venminder’s blog here: https://www.venminder.com/blog
8. Subscribe to enforcement action information pertaining to your industry or vendor category. This helps you learn from other peoples’ mistakes.
9. Subscribe to complaint databases or negative news. This is a resource to help stay on top of your vendors.

Vendor management is a fantastic discipline and requires an in-depth level of understanding of many different components and a lot of work. Taking the above information will help lay foundation and avoid common pitfalls.

See how your peers are keeping up with third party risk management, download our whitepaper.