As the web of vendors to credit unions becomes more complex – core vendors, digital banking vendors, credit/debit card processors, Loan Origination System (LOS) providers, IT vendors, consultants, loyalty programs, legal services, and the list goes on – vendor management has become a necessary core competency. However, most credit unions don’t have the time, resources and/or expertise to manage their vendors properly. At many credit unions, the problem goes much deeper. With no contract life-cycle management in place, auto-renew contracts continue, sometimes in perpetuity. There is a lack of awareness of the risks of not managing vendor contracts.
Without formal vendor management, a credit union lacks awareness of who their key suppliers are, where they are spending their money, and ensuring that their third-party vendors remain compliant with Federal and State regulations. In addition, vendor management will ensure that the third-party vendor continues to protect and secure the credit union‘s data and that of its members, whether on-premises or outsourced, reviewing annual reports and ensuring the vendor is compliant with the SSAE 18 / SOC 2 Report and Payment Card Industry Data Security Standard (PCI DSS), for example.
It’s hard for a credit union to ignore its vendors. They are critical to success, and most times, are at the heart of the organization’s processes and activities. Although invisible to members when everything is going well, failure on the part of a vendor is a direct reflection on the credit union.