May 07, 2007

Q: What must banks do to get the most out of their vendor relationships?

John Garvey, PricewaterhouseCoopers: The first step is to establish the relationships at the right level for the vendor partner; the more senior, the better. Start with the CEO and go from there. This pays dividends in terms of the quality of the team working with your firm as well as the ongoing service. It also helps that when the inevitable issues arise, you have a direct line to the individuals that can make a difference.

Karen Roche, LogicaCMG North America: Openness and candor in communication are the essential characteristics of successful relationships and projects. Lay out responsibilities, expectations and requirements for both sides, and do it up front.

Dean Nicolacakis, Diamond Management & Technology Consultants: The first, often-ignored step is to think about a sourcing strategy rather than a series of tactical relationships. A sourcing strategy blends the right mix of employees, outsourcers, consultants, hardware and software vendors, and third-party processors, aligned with the company's strategy. It is critical that banks form partnerships with their vendors/partners based on aligned goals and arrangements; in fact, banks should explicitly have their vendor partners accountable for elements of key strategic objectives.

Dan Shannon, Metavante: To begin, identify and agree on the business requirements across the departments that the vendor will serve. Follow that with a thorough and structured election process to involve IT, business units, finance, legal, risk management and operations. Once implemented, ensure that a vendor has an appointed vendor owner to manage ongoing service levels, and put the relationship through an annual performance and risk review.

Q: What are the pros and cons of working with a key, preferred vendor as opposed to a diversified portfolio of providers?

Garvey, PricewaterhouseCoopers: Preferred vendor relationships are on the rise. The advantages are well chronicled -- better pricing power for the buyers, more incentive for the vendors to invest in getting to know your business, more attention as a larger customer. The downside is that an organization risks missing out on new and innovative ideas and services or people that may come from outside of its preferred vendor list. Focus on creating a core of preferred vendors, but keep the process open so that emerging players can join the group and so one-off transactions are possible in exceptional situations.

Roche, LogicaCMG North America: Using preferred vendors that know your processes, requirements and people is comfortable. That's often the problem. Vendors get complacent. Client companies get lazy. Clients can miss out on new and better ways of reducing risk, saving money and operating efficiently if they exclude new suppliers.

Nicolacakis, Diamond Management & Technology Consultants: The current trend is toward deals with shorter terms and multiple vendors for analytical and advisory work, and fewer longer-term preferred vendors for ongoing business process, project management and technology outsourcing. The pros of longer-term arrangements with preferred vendors are that they can provide more consistency and decrease cycle time through improved company knowledge. The cons are the risk of the vendor "going native" or trying to provide services that are not their specialty, resulting in lower performance and increased risk. Banks in preferred vendor relationships also tend to lower their scrutiny of the vendor over time and need to cycle responsibility for account ownership periodically to maintain a healthy tension.

Shannon, Metavante: Banks are making a great effort to decrease the number of vendors they are working with to reduce their risk exposure, simplify their vendor management and realize economies [of scale]. They even have come to us with suggestions for us to form new partnerships and make acquisitions so that we can establish a stronger partnership as a single point of contact for all their needs.

Q: How has increasing regulatory scrutiny affected banks' relationships with their vendors?

Garvey, PricewaterhouseCoopers: The regulatory environment has fundamentally changed the bank/vendor relationship. Regulators have been clear that they continue to hold banks responsible for the actions of their service providers. In other words, banks can't outsource regulatory compliance to third parties. This has meant an increased focus on bank/vendor risk management and has led to such things as vendor contracts including penalties for noncompliance with regulations, more independent audits of outsourced operations and greater coordination of responses to regulatory inquiries. Increasingly our clients are requiring their service providers to adhere to quality standards such as CMMi, BS7799 and ISO 27001, which all have their own external audit and recertification provisions.

Roche, LogicaCMG North America: Increased regulatory compliance demands have drawn banks and vendors closer together, making them partners whether they realize it or not. For example, vendors often handle personal financial data on the bank's customers. If a breach or identity theft from the vendor occurs, customers blame the bank.

Banks can never abrogate responsibility to drive compliance and to ensure that vendors are doing so as well. Vendors must be on top of all issues that banks deal with; they must understand, and work toward, the ultimate goals of the regulations.

Nicolacakis, Diamond Management & Technology Consultants: You can't offload security and confidentiality. Outsourcing vendors are doing a better job on data and infrastructure security issues, but offshore firms are challenged in performing employee background checks on employees. The turnover among employees at the Indian outsourcing firms is a reason for concern. According to recent statistics, only 30 percent or so are thoroughly vetted.

Q: What are the unique challenges inherent in managing outsourcing and offshoring relationships?

Roche, LogicaCMG North America: First is the cost-benefit challenge: "You get what you pay for." The client must balance reasonable investment with the increased value of using the outsourcing provider, which should bring technical or channel expertise as well as low-cost execution. Second is flexibility. Many banks find they have given up control of key deliverables and schedules, especially when they go offshore. Then when their priorities change, they have a hard time adjusting. Third is reentry. It should be part of the planning process from the beginning. You must move quickly to bring the work back in-house if the outsourcing provider can't deliver.

Nicolacakis, Diamond Management & Technology Consultants: Buyers in Diamond's annual Global IT Outsourcing Study consistently rank "managing complexity" as the top risk factor. They underestimate the effort required to make outsourcing successful. Buyers of offshore services also worry about getting work done in a timely and efficient manner; they need to provide the right level of oversight.

There's a lot both sides can do to make outsourcing successful. Create and maintain business cases to support outsourcing decisions. Set realistic and clearly defined expectations from the outset. Negotiate win/win contracts. Implement in phases to deliver realistic benefits with a minimum of disruption.

Banks should consider establishing a sourcing management office (SMO) to provide oversight over all solutions providers. The SMO is the means to manage costs, establish service-level agreements and measure vendor performance consistently.

Shannon, Metavante: When banks choose to relocate a business process offshore, there can be several challenges: extreme amounts of due diligence, culture differences, new customer acquisition processes, and personnel and change-management issues. A key ingredient to mitigate these risks is to ensure that the vendor has a plan and can relate its experience into solutions for the bank.