Maintaining the balance between partner and supplier, however, can be tricky and must be negotiated at the contract level. The industry is in an era of heightened accountability -- when as much publicity surrounds data breaches and similar incidents as it does today, all parties must ensure they are covered.
Contracts between banks and vendors must clearly explain where the responsibilities of each entity begin and end, stresses First American's Jenkins. "This language is more prevalent in contracts than in the past. Every lawyer wants to hold the vendor responsible, and the vendor wants the customer to take some responsibility. But I'm seeing customers and vendors come to compromises more," he says.
"The more progressive vendors are already incorporating the appropriate GLBA verbiage and defining public and non-public information into their contracts, which reduces some of the burden when we go through negotiations," explains First Merchants' Fluhler. "Accountability is definitely on the bank to hold the vendors to the contracts. The vendors are accountable to ensure they uphold the contract."
In the end, however, banks bear the ultimate responsibility for compliance issues, as the vendor is still considered an extension of the bank by regulatory standards. After all, says The Santa Fe Group's Jones, "The buck is not transferrable."