Financial services risk: third-party vendors fined $530 million by feds

Under the scrutiny of the new Consumer Financial Protection Bureau (CFPB), banks and financial institutions are discovering new – and painful – lessons in supplier risk.

Image courtesy of Stuart Miles via
Image courtesy of Stuart Miles via

Over the last year, the CFPB (formed in 2011) has levied fines on some major banks totaling $530 million for deceptive or “predatory” practices by third-party vendors of financial services.

That’s one eye-opening fact cited in a recent article by managing consulting firm McKinsey & Company titled “Managing when vendor and supplier risk becomes your own.” The article takes a brief but instructive look at the importance of understanding vendor risk in the financial industry, and even outlines six essential steps to managing third-party risks.

The article is a good read for many reasons, but the first essential step outlined has a lesson for every enterprise that doesn’t have a contract management solution in place, or is considering one.

From the article:

Regulators now expect institutions to know their third parties, how each of them interacts with consumers, and what activities it performs. Many firms do not have this information readily available. (Emphasis added) Supplier databases can be incomplete, and some of the most sensitive risks can reside in relationships that are not found in them … What’s more, in some firms individual business units have different ways of tracking their suppliers, making it difficult to compare and collate them across an entire organization. (Emphasis added)

Note here that “not have information readily available” and “have different ways of tracking their suppliers“ can be translated as “having a decentralized, poorly organized contract management system” (if indeed any system is in place).

Centralizing all of an enterprise’s contracts in one database is also the first step of any contract management process – and it’s an important step in third-party vendor risk management as well.

One thing we’ve discovered at Blueridge Software, creators of Contract Assistant, is that many organizations are not even aware of all of their vendors and suppliers – until they actually build their contract database. Even if accounts payable knows all third-party vendors, key business departments may not be aware of all of their business relationships.

It’s actually no coincidence that we find this salient point in an article about supplier risk; risk mitigation is one of the best reasons for implementing a contract management solution.

Without a centralized contract database, and a way to easily track activity and key dates, companies put themselves at risk from: unmet contractual deliverables and obligations, unexpected auto-renewals, missed milestones, and protracted or incomplete discovery process.

Not every financial institution may be large enough to merit the unhappy scrutiny of the CFPB. But if your business is interested in reducing risk on many levels, consider a contract management solution – before it’s too late.