Over the years, our financial institution’s practice has seen numerous instances where financial institutions switch Managed Service Providers (MSPs) out of frustrat...
Over the years, our financial institution’s practice has seen numerous instances where financial institutions switch Managed Service Providers (MSPs) out of frustration due to MSP underperformance, out of scope costs, and lack of industry expertise. The process to select the right MSP for your financial institution requires confirmation of the MSP’s industry expertise, an understanding of contract features, and greater vendor oversight of the MSP.
Knowing the Industry
MSPs with a lack of financial institution industry expertise is one of the primary reasons financial institutions switch providers. MSPs which claim financial institutions as clients is not enough. The MSP must demonstrate their managed solution is developed specifically with financial institutions in mind. How can you determine this? The minimum solution should not only cover technology basics such as patching and monitoring but also include assisting with developing and maintaining the information security/cyber security program, IT exam/IT audit preparation assistance, employee and board cyber security training, robust reporting and controls validation, along with demonstrated experience supporting financial institutions. In short, the MSP should speak your industry’s language. The MSP should demonstrate they understand the unique applications, regulations, and oversight you face as a financial institution. There are many reputable MSPs but not many have strong financial institution industry knowledge.
Understanding the Contract
The financial institution must understand the MSP’s contract coverage and pricing model. MSPs typically use a one size fits all approach to delivering managed services. Prices are set based upon the number of devices covered such as servers, workstations, and firewalls. Some MSPs will go a step further and offer tiered pricing which considers employee headcount, software licensing costs, additional services, and cloud-based resource usage. An MSP that is experienced serving financial institutions will disclose upfront the type of work that is not covered under the agreement. Ensuring a clear understanding of what is and is not covered in your contract minimizes the potential for out of scope work which can often exceed the amount in the managed services agreement.
Managing the Vendor
Be prepared to closely manage any MSP to ensure they are meeting their contractual obligations. This issue is closely aligned with knowing the industry. Most MSPs are IT generalists which means they will serve any client. Because most MSPs work with clients in non-regulated industries the level of vendor oversight they receive have historically received from their clientele is minimal. MSP relationships are regarded as a critical vendor relationship by the regulators. As such, you must demonstrate sufficient vendor oversight or run the risk of an IT exam finding. MSPs which are built to serve financial institutions are aware of this regulatory oversight and will take proactive measures to not only provide the financial institution with vendor management training, but they will also go out of their way to proactively provide the financial institution with the reports and other documentation the financial institution needs to carry out their vendor oversight of the MSP.
How we can help
CLA’s information technology (IT) professionals can help free up your personnel’s time and keep your systems upgraded to meet the unique needs of your institution. To learn more about managed services for financial institutions, join CLA for our IT Webinar Series that begins on July 20, 2021. Contact Us to learn how we can help you.
Want to learn more? Complete the form below and we'll be in touch. If you are unable to see the form below, please complete your submission here.Contact us