As community bankers, wearing several hats is just part of the job. But, with community banks having more vendor relationships than ever, when is vendor management a task better outsourced to a third-party system? Here are questions to ask yourself.
By Cheryl Winokur Munk
Community banks often work with dozens—even hundreds—of outside vendors. But procedural headaches and regulatory requirements can make managing a menagerie complicated. That’s where a third-party vendor management system can prove useful.
Working with a provider offers community banks a centralized approach to vendor risk management. This can include helping banks stay up to date with regulatory requirements, segregate vendors by risk, monitor and update contracts, onboard new vendors, and easily keep track of important vendor details, such as their financials and cyber controls.
Years ago, banks didn’t use as many vendors, and regulations weren’t as complicated. Nowadays, keeping up with vendor management can be a full-time job. “The complexity of trying to manage third-party risk is exponential today, and oftentimes banks find they need outside help,” says James Hyde, CEO of Venminder, a provider of third-party risk management solutions based in Elizabethtown, Ky.
To be sure, a number of community banks are still muddling through the process manually, using programs like Microsoft Excel or Word—or even manila folders—for record-keeping purposes. But for most banks, the extreme level of upkeep, organization and attention to detail to make sure all the i’s are dotted and t’s are crossed—and to keep regulators at bay—is simply not feasible or cost effective when using these methods.
“If we were to do it completely manually, it would be a full-time job for someone to keep track of vendors. I think we’re getting quite a bit of benefit for the cost.”
—Sara Teague, TrustTexas Bank
“That starts getting complicated very quickly,” says Chris Sherman, who manages third-party risk for $779 million-asset Sutton Bank in Attica, Ohio.
The cost of using a provider can vary, depending on factors such as the provider itself, the complexity of a bank’s needs, the number of its employees and the services selected. Costs can range from $500 a year for a small bank to $50,000 or so for a larger institution. For some, the peace of mind is worth the cost. “It helps us manage the whole process better,” says Sherman, whose bank contracts with Venminder for vendor management services.
Sara Teague, executive vice president of $330 million-asset TrustTexas Bank in Cuero, Texas, works with around 350 vendors, from landscapers to more critical providers, and keeping up with them all proved too much for the bank’s staff to handle. Now, instead of storing documents in manila folders, it has automated the vendor management process through Tandem, a subsidiary of CoNetrix based in Lubbock, Texas.
“If we were to do it completely manually, it would be a full-time job for someone to keep track of vendors. I think we’re getting quite a bit of benefit for the cost,” Teague says, adding that the bank pays around $1,000 a year for these services.
You don’t have to be a large bank to use a provider for vendor management services. Venminder, for example, provides software and vendor management services to a host of banks, generally ranging from $10 million in assets to more than $200 billion in assets. This includes banks that work with about 10 vendors to those that use more than 7,000 vendors. The platform is modularized, so banks can determine what they need, Hyde says.
Is an outside provider right for you?
There are a number of questions banks need to ask about their vendor management processes to determine if it’s time to consider an outside provider—or change providers.
These questions include:
- Can your community bank easily manage the required documentation to appropriately supervise your vendors?
- How much time are you spending chasing vendors for information?
- Are you able to easily assess whether your vendors are meeting regulatory requirements?
- Are you able to keep up with the task of determining who else your vendors work with for regulatory review purposes?
- Do you have the on-staff expertise to effectively and efficiently review vendors?
If the answers to these questions are “no” or “not really,” it’s probably time to consider outside help. You may prefer to do everything in house, but it may be more efficient to work with a provider, so you “can focus more on taking care of your customers,” says Alyssa Pugh, who helps develop cybersecurity content and educational resources for banks and credit unions at Lubbock, Texas-based Tandem, which works with community banks. The majority of its customers have $100 million to $3 billion in assets.
When choosing a provider, price will clearly be a factor. But there are many questions to ask beyond just price, such as:
- What services are being provided and at what price point?
- Are there a la carte options, or are you forced to use an out-of-the-box solution?
- Is the system user-friendly, and does the provider offer software training and support?
- How long will it take to onboard the bank?
- What is the provider’s commitment to continually develop its products and services?
Ultimately, it’s cheaper and easier to work with a provider than it would be to hire one or two additional resources to manage vendors full-time, Sherman says, adding: “But if you don’t know what you’re getting, it’s money out the window.”
Cheryl Winokur Munk is a writer in New Jersey.