04:45 PM
Banks Increasingly Are Creating Vendor Management Offices
Where would banks be without their suppliers? From the office supply retailer down the street to core systems vendors, banks must maintain all of these relationships. And when one considers that large banks can have thousands of vendor relationships, it's no wonder vendor management is a growing trend in the industry.
Experts note that vendor management has been around in some form for many years. These days, however, the financial services industry is seeing a more formalized, structured version of the concept that continues to evolve with the changing business climate. According to Karen McIsaac, founder and managing director of Project Managers, a Charlotte, N.C.-based services firm that manages change initiatives for clients, vendor management encompasses everything around an organization's vendors, from vendor selection and procurement processes to closure of contracts and vendor performance evaluations.
Formal vendor management "makes good business sense," McIsaac says. "Vendor management solidifies partnerships and relationships between customers and vendors. Without it, there's a gap in the relationship."
Vendor management, however, is about more than keeping business partnerships productive -- it's also about remaining compliant. As a result, says Allyn Pytel, EVP, enterprise technology operations and support, with Cleveland-based KeyBank ($101 billion in assets), the industry's attitude toward vendor management has changed markedly over the past decade. "If you look back 10 years, some would see vendor management as unnecessary overhead, perhaps using it to actually cut back on the number of vendors used by the bank to save money," he explains. "Today, vendors are seen as an extension of the banks in delivering services to their customers, so they have to be held to the same rigorous standards as the bank."
This change in attitude came about due in part to laws such as the Gramm-Leach-Bliley Act (GLBA) and its provisions around the handling of sensitive data. "Because of GLBA, all parts of the process must be accounted for," Pytel relates.
According to Catherine Allen, chairman and CEO of consultancy The Santa Fe Group (Santa Fe, N.M.) and former head of bank technology organization BITS (Washington, D.C.), there are three primary reasons for the growing interest in vendor management among banks as it relates to regulation and risk: a greater reliance on third parties by banks, regulations around data privacy and security, and the increased focus on data safety due to publicized data breaches when information resides outside the bank. "You can outsource responsibility to a third party, but not liability," Allen says. "So financial institutions have to treat them like they are in-house."
"GLB, HIPAA and SOX each have significant penalties for failure to protect data," adds Robert Jones, a senior consultant with The Santa Fe Group. "These have all conspired to make vendor management a front-burner issue."
While Stephan Fluhler, CTO of Muncie, Ind.-based First Merchants Bank ($1.9 billion in assets), agrees that the industry's increased reliance on third parties has heightened banks' awareness of vendor management, he points out that the move toward electronification of payments also has upped the scrutiny on who is responsible for keeping sensitive data secure. "The increasing migration of payments toward electronic means, ... where a system could potentially store customer information or other sensitive data, has led to the increased awareness of vendor management and its importance," Fluhler explains. "There is a risk component involved in these systems that could potentially store sensitive information."
According to Mahesh Makhija, VP of banking and capital markets with Infosys Technologies (Bangalore), many of the vendor's clients have some kind of vendor management office. "Almost all of our large customers have this function," he relates. "A lot of our work is IT services that are offshored, so it's imperative for the banks to oversee this, especially with the risk management involved."
Makhija adds that the vendor management function at banks definitely is evolving. "They're becoming mature in how they think of their strategic sourcing function," he says. "This used to be ad hoc, where managers with certain skill sets sought relationships with certain providers. Now they have to think of the overall organizational structure and how to work with the vendors."