Stephen Covey has said, "Start at the beginning with the end in mind."
This applies as you consider what you really want from your overall Vendor Management Plan. To illustrate the point, I will use a comparison of building a house and building your Vendor Management Plan.
Planning – Much the way an architect draws up a plan for a house, you will need to detail the type of program you want for Vendor Management. The plan can be complex or simple based on your needs and the "end you have in mind". Ask yourself a very basic question to get things started. "Do I want to manage my vendors more effectively?" or "Do I just want to be compliant and satisfy the NCUA and State Regulators?" or is it a blend of the two answers? Hopefully you will understand that properly vetting and managing your vendors will pay dividends and reduce risk for your credit union. In the long run it is wise to build a strong Vendor Management Program which just happens to make you compliant with regulators.
Foundation – Building a house requires a good foundation. The foundation of Vendor Management starts with implementing the vision and goals you have for the program. It also contains several business decisions including outsourcing versus using internal resources. It also includes adoption of a vendor management policy by the Board. Keep in mind the NCUA will review what you do in practice compared to the policy adopted by the credit union. As you refine your plan be sure to carefully follow the dynamics contained in the NCUA's Supervisory Letter 07-01.
Support Columns / Walls – Supporting structure for your Vendor Management plan is critical, as are support columns for a house. As detailed in the NCUA's Supervisory Letter, there are three major components to a vendor management plan.
- Risk Assessment and Planning is the first. To properly assess risk exposure for vendors you will need to establish consistent criteria to appropriately weigh the risk vendors pose to the credit union. Start with measuring the risks identified by NCUA which are Credit, Interest Rate, Liquidity, Transaction, Compliance, Strategic, and Reputation. Also, look for other exposures which are important to your credit union such as Member Data Exposure.
This assessment process will help you grade or designate a level of criticality and risk each vendor poses to the credit union. This criticality will have a significant impact on the due diligence data collection, as a more critical vendor will require more due diligence being performed. Remember to plan for exceptions to your policy which require specific documentation for the exception.
- Due Diligence is the second component. Many vendors and credit unions make the mistake of thinking this is all that is required. However, Examiners require more than an "electronic file cabinet" approach. Once you have established levels of criticality (no small task) you need to have a corresponding list of documents and other qualifiers a vendor must provide for your review.
It is also essential to develop an understanding of the vendor's business model and financial condition. As you may reason, during the sales process it is easier to obtain sensitive information from a vendor than after the relationship is contracted.
Two other hints for effective collection of vendor data are: First, be sure to include a clause in your agreement which compels a vendor to provide regular due diligence information at least annually. Second, develop and use a "Vendor Kit". This is a kit you give to all potential vendors which lists the information and documents you require if they want to do business with your credit union. Again, this is most effective in the sales or renewal process and you need to be firm.
- Monitoring and Controlling the Vendor is the final component. Managing contract expirations and notification time-lines is a must for the Plan and will have a significant impact on the performance of the vendor. Many credit unions have expressed frustration with a fractured contract tracking effort which fails to manage renewing contracts. It is just too easy to forget a date and it is not uncommon to miss a contract renewal or termination notice. This important detail will cost you money and efficiencies if not handled well.
Another untapped aspect of a vendor management plan is to hold "Accountability Meetings" with vendors. This regular Accountability Meeting allows you to measure their performance to expectations and make corrective changes to meet program goals. You can develop templates for these meetings which put the onus on the vendor for reporting on accountability to established objectives stated in the sales process. Someone said, "What gets measured gets done!"
As you build your plan carefully consider your goals and objectives and begin with the end in mind. If you truly manage your vendors with a solid Vendor Management Plan, it will pay dividends.