Evaluating technology vendor contracts can be a challenging and time-consuming task, but it’s an important step in helping your financial institution understand risk...
Evaluating technology vendor contracts can be a challenging and time-consuming task, but it’s an important step in helping your financial institution understand risk and incorporate favorable rates and terms.
Evaluate your needs
Developing a deep understanding of your short- and long-term needs can help you secure opportunities to support your strategic initiatives. Insights gained will help identify critical priorities. For example, if you plan to grow through merger or acquisition, understanding termination penalties is critical as they can be so severe that the deal is no longer viable.
Know the market
Understanding who the technology vendors are, what they offer, and how their services are provided can help you identify those best aligned with your critical success factors. For example, consider the type of technology and current industry trends when negotiating the appropriate length of the contract and renewal periods. While there are often financial benefits to long-term contracts, certain technologies change rapidly, and a short-term contract may allow your financial institution to be more flexible.
Conduct due diligence
Performing due diligence on your technology vendors should provide assurance that they can meet your needs. For example, you should review their due diligence package, which should include audited financial statements, insurance coverage, audit coverage, security history, ability to meet disaster recovery and business continuity requirements, reports of their internal controls, and other key documents. Additionally, assess their corporate history, and legal and regulatory compliance. This will help you to avoid being blindsided by a technology vendor’s financial, business continuity, and/or performance failures.
Give yourself time
Choosing a new technology vendor, or renegotiating a contract, are important decisions you do not want to make quickly. The time invested often leads to identification of critical functionality, stronger negotiation power, and cost savings. For example, if you are considering replacing a current core system, plan to begin the process 18-24 months prior to contract expiration. Having this time allows you to thoroughly assess your needs, conduct due diligence on any new products and services being considered and maintain leverage.
Review the pricing
Evaluating the technology vendor’s proposal and appraising pricing as it relates to market value, growth, strategy, and potential future expenses should be completed prior to finalizing pricing. You should confirm the proposal contains the most appropriate pricing method for your financial institution’s needs. Understand the cost of the service initially, and if it changes over time, so you can budget appropriately. For example, if your technology vendor charges by transaction volume, this can easily require more of an investment and impact your strategic plan if you are looking to grow your financial institution in the next five to ten years.
Appraise the terms
Defining the rights and responsibilities of both parties and making sure the contract does not contain provisions or incentives that could adversely affect your financial institution should be completed early in the process. Make sure the agreed upon pricing, respective fee schedules, product terms and conditions, auto-renewal periods, and any details regarding product enhancements or replacements are clearly defined. For example, if your technology vendor provides notification that a product or service is being replaced, there should not be any question as to whether the replacement product or service will offer, at a minimum, the same level of functionality, at the same price.
Reviewing the contract language carefully is critical. Pay attention to incident response, backup and recovery services, subcontracting, and technical support. Understand service level agreements, which are formal documents that outline your financial institution’s predetermined requirements for the service and establish incentives for meeting — or penalties for failing to meet — the requirements. Develop a clear understanding of the technology vendor’s responsibility for the security and confidentiality of your financial institution’s resources including information and hardware. Work with your trusted technology advisor and legal counsel on contract considerations. For example, documenting expectations related to required services, performance and functionality, security and confidentiality, and the overall relationship.
Finalize the agreement
Developing a contract that clearly defines the obligations of the technology vendor to help limit your financial institution’s liability, enforce the contract, and mitigate performance disputes should provide confidence in your partnership. For example, adequate and measurable service level agreements may seem standard, but if your technology vendor experiences downtime, this is not the time to find out whether they are enforceable. Position your financial institution to secure a comprehensive contract with acceptable terms and conditions at a fair price.
Manage the vendor
Establishing effective risk management practices, regardless of whether functions are performed internally, or by your technology vendor, is critical. Your board of directors and senior management are responsible for making sure functions are performed in a safe and sound manner and in compliance with applicable laws. The degree of oversight, and review of outsourced functions, depends on how critical the function is to your financial institution’s operation. For example, more extensive ongoing management is needed when a third-party relationship involves critical activities that include significant financial institution functions (e.g., payments, clearing, settlements, and custody), significant shared services (e.g., information technology) or other activities that could cause significant risks or impacts.
How we can help
The contract is the single most important control in your ongoing relationship with your technology vendor. Our team can help you complete a thorough review, due diligence, and negotiation of pricing and terms to protect your financial institution before the ink dries on the contract. To learn more about contract advisory for financial institutions, join CLA for our IT Webinar Series on September 21, 2021. Contact Us to learn how we can help you.
Want to learn more? Complete the form below and we'll be in touch. If you are unable to see the form below, please complete your submission here.Contact us