CHERYL GROSS & ASSOCIATES
to the Financial Industry
36 Bromfield Street, Suite 306
Cheryl Gross, PMP, President
FFIEC Guidance on Vendor Management — Is There A Common Sense Approach?
When working with clients on Vendor Management, we generally hear one of three questions:
Let’s take a step back and talk about three issues:
Vendor Management Programs
When you look at Vendor Management from an academic perspective, it’s a logical process which you'll see when you click here. The key elements are:
Your organization does all of these things and has for years. The issue is that the rules are not written down, and as a result it is very difficult to demonstrate that the rules have been applied and were applied across the board. Sound familiar?
The Business Case for Vendor Management: Lessoned Learned
It seems a month doesn’t go by without hearing that a Vendor has compromised customers’ personal and private information. The Boston Globe disclosed that they had inadvertently published subscribers’ names and credit card numbers. Fidelity Investments disclosed that a laptop containing 196,000 current and former Hewlett Packard employees’ retirement information had been stolen. Clearly, these eventualities were contemplated in the FFIEC Vendor Management guidance and speak volumes about reputational and compliance risk. Time and money may never repair the damage. If you think it can’t happen to your organization, you only need to look as far as the monthly credit bureau tapes sent from your core servicer to the credit reporting agencies. If they are sent by mail, carrier or courier, you’re at risk, as they are generally not encrypted.
Let’s roll back the clock to 1995 and examine operational and financial risk by looking at one of the largest Vendor failures in New England—ELSI (Education Loan Services, Inc.). ELSI failed because of the cost associated with upgrading their technology to accommodate servicing requirements related to reauthorization of the Federal Student Loan program. At the time of the failure, ELSI serviced approximately $3 Billion in student loans for roughly 22 Financial Services Companies. Over the course of the next year, we all scrambled to find appropriate servicers. At the end of the day, many Banks chose to exit the business and offer student loans on a fee-for-service basis, and most of us lost money as a result of defaulted out of guarantee loans that were not paid off.
ELSI is a textbook case for a Vendor Management Program. Most organizations got in trouble because we signed the boilerplate servicing contract. We saw the failure coming, but didn’t have a termination provision in the contract. Bottom line, we were locked into the contract until ELSI pulled the plug. Fortunately, to the best of my knowledge, no Banks failed as a result of ELSI failure, but many of us, myself included, had a lot of damage to repair.
ELSI taught us many lessons, the most important of which were:
Cheryl Gross & Associates was founded in 1994; our goal is to partner with our clients to create economic value and sustainable productivity gains by providing outstanding project management expertise, leveraging internal resources and offering objective perspective. We create value by providing senior focus and organization to strategic, financially significant opportunities. We deliver challenging assignments that pay for themselves by being accelerated.
Our President, Cheryl Gross, is a financial services professional with over 25 years experience in retail banking, private banking, residential and consumer lending.
Ms. Gross has served in positions with Boston Five Cents Savings Bank, Boston Safe Deposit and Trust Company and Household International.Ms. Gross holds a Master of Business Administration with a concentration in Finance from Babson College, Wellesley, Massachusetts and a Bachelor of Science from St. Lawrence University in Canton, New York.
Would you prefer to receive The Nib via e-mail?
Please call (617) 426-3701
or send your e-mail address to:
Vendor Management Program
Establish the Vendor Management guidelines, keeping the following in mind:
Review all in process vendor selections in the same manner as a regulator.
Review all existing vendors against your risk assessment criteria.
We’re sure that this has never happened in your organization, but we’ve seen occasions where businesses have acquired software applications which do not meet their needs, cost considerably more than expected and / or never achieve the anticipated productivity gains. Generally, the problem displays itself in one of the following ways:
When we begin analyzing the issues, we generally find that the organization has had four or five vendor demonstrations and selected the software that they believed fit their needs. The result is a very costly error that is attributed to individuals being resistant to change, and everyone has to live with the application until the capitalized costs are expensed.
The reality is that technology is expensive—as a rule of thumb, you can plan on the total hardware and software cost equaling three times the software cost.
In our view, a well-designed Vendor Management Program consisting of the following elements will prevent costly mistakes:
A comprehensive Vendor Management program when combined with project management mitigates the risk associated with acquiring the wrong technology tools and provides the following benefits:
Message from our President
The focus of this issue is Vendor Management. Many of you view Vendor Management as best practice or a compliance issue. I suspect that few if any of you view it as an opportunity to reduce expenses.
Ask yourself the following questions:
I hope you’ve found this newsletter interesting and informative. Your comments are always welcome.
© Cheryl Gross & Associates. All rights reserved.