The protracted vendor approval process – Good, bad, or ugly?


They say that slow and steady wins the race. But, if this slowness comes at the cost of collaboration and optimization, is it really worth it? We’re talking here about the protracted vendor approval process most financial institutions follow today. The process is so rigorous that it oftentimes feels harder than the proverbial camel going through the eye of a needle! For a lot of FinTechs, this is a sore point and one that deters them from wanting to collaborate with bigger banks. So, how long is too long when it comes to the vendor approval process? The answer, we think, is when it goes from being a necessary step to a frustrating roadblock to partnerships.

The word 'Approved' stamped out with a wooden stamp nearby
A coordinated and agile approach to vendor approval will see both sides winning

The current state of affairs

Everyone loses with the current arrangement

Who or what is to blame?

So, what’s the solution?

Playing our part in streamlining the process

Conclusion - By working together, everybody wins


The current state of affairs


Financial institutions have a notoriously slow, long, and arduous vendor approval process that takes anywhere between 6 to 18 months to complete. To be fair, banks do need a robust third-party approval process in place. Ever since the 2008 financial crisis, regulatory bodies such as the CFPB (Consumer Finance Protection Bureau) have increased pressure on financial institutions to reduce third-party risk. Ignoring these rules can invite fines that amount to millions of dollars.


In addition, banks also worry about the reputational cost of associating with a vendor ill-equipped to protect their customer’s financial information. The truth is that even if a data breach originates from outside the organization, banks often take the brunt of the blame for it. It’s no wonder then that enterprise banks have tightened their vendor approval processes significantly over the last 10-15 years.


All of this is understandable. However, it doesn’t explain the need for a process that is filled with long, complicated documentation and archaic procedures that require you to be well-versed in legalese. Nor does it explain why the process takes so long to complete.


Everyone loses with the current arrangement


It’s important to note that it is not just the vendors and suppliers that suffer here. Banks too stand to lose out with this arrangement. For one, they can miss out on cutting-edge technology that gives them a better way to mitigate risks, increase profits, and serve their customers and stakeholders better; all of which can help them gain a competitive edge in the overcrowded financial services space.


For another, these interminable practices can lead to concentration risk. With the process taking so long to complete, financial institutions have no choice but to rely on their limited list of approved vendors for all their needs. Should something happen to these vendors, a bank’s overdependence on one-shop solutions can leave them vulnerable to operational and supply chain disruption. Banks should counter this by developing a more agile vendor management process that gives qualified FinTechs a fair chance. If not, it could result in a dangerous case of ‘straining the gnat but swallowing the elephant.'


Who or what is to blame?


To manage vendors, financial institutions have a comprehensive, multi-step third-party management system in place. Vendors are subjected to an extensive review where everything from their company financials and security standards to their disaster recovery and incident response plan is investigated. Gathering and analyzing all this information understandably takes time. In addition, institutions often have multiple approval levels, with each additional level further lengthening the process. And we haven’t even reached the contract negotiation stage yet!


The problem here is not with how abundant, thorough, and meticulous the steps are but with the machinery that processes them. Sadly, many banking systems use technology still stuck in the 20th century. They come replete with double entries, slow processing times, errors, and an overall lack of collaboration. These issues, unfortunately, require a lot of time-consuming manual input and oversight to correct.


In addition, compliance teams comprising lawyers and risk officers very often do not have the technical know-how needed to understand the different security standards offered by vendors. Understanding the nitty-gritty of it all invariably adds more time to the already long-winded process. Add some red tape to the mix and you have a system that is perennially log-jammed and delayed.


So, what’s the solution?


To be clear, we are not advocating that financial institutions take a move-fast-and-break-things approach to the vendor approval process. We also do not advocate that banks loosen their compliance and risk requirements for third-party service providers. Doing that would create a soft underbelly in their security system, an undesirable outcome for all parties involved. We firmly believe that faster vendor approval should never come at the expense of risk control. That said, we can all probably agree that the process is badly in need of an overhaul. As the saying goes, you can't teach an old dog new tricks!


In a recent vendor management survey of over 240 financial institutions, 44% of respondents confessed that they do not have an integrated technology platform that can coordinate information from different departments. Instead, they predominantly use manual processes to accomplish this task. An additional 42% said that they use a mix of manual and automated processes. Only 7% of the companies surveyed used a fully integrated, predominantly automated system to manage third-party vendors. So, there is definite room for improvement here with automation. Creating automated, concurrent workflows that take care of repetitive tasks is a good way to get rid of errors. It can also establish a standardized approval methodology across different departments and can integrate information more efficiently.


Another way to simplify things would be to customize the assessments according to the task at hand instead of having a blanket approach to every vendor, no matter what function they perform. Banks can also expedite the process by addressing non-critical items at a later stage and hiring tech leaders who can understand the technological side of things from the get-go. And finally, why not use simple, jargon-free contractual language instead of 100-year-old vocabulary that needs a 2000-page legal dictionary to decipher it?!


Playing our part in streamlining the process


There are always two sides to every story. We would be remiss if we didn’t acknowledge the fact that we have a part to play in the process too. We would in fact be putting the cart before the horse if we asked others to move faster without first getting our own house in order (this is the last animal metaphor in this blog, we promise!).


Accordingly, we have identified key non-negotiable risk areas such as insurance, compliance, security, and data protection. We do our part by having all the necessary documentation in place for the above. We are armed with compliance certifications for virtually every regulatory agency around the globe. In addition, we have already put in place security policies and other best practices such as employee and third-party background checks to ensure there is no delay on our part. Using universally accepted security and compliance standards, we believe, is something that all vendors can do to simplify things on their end.


Conclusion - By working together, everybody wins


There is a distinct Dr. Jekyll and Mr. Hyde quality to the protracted vendor approval practices that banks use currently in that there is some ambiguity if they do good or harm. We suspect it’s a bit of both. What is sure is that continuing with these archaic practices hamper progress for both parties. It is high time now for financial institutes to adopt a coordinated, partnership-oriented, and agile approach to vendor approval. Similarly, it is also time for vendors to step up to the plate in terms of meeting regulatory demands. There’s no need for a ‘Silicon Valley Vs Wall Street’ tussle. By working together, everybody wins.


final1.png
Subscribe to the TRaiCE blog
Get our posts delivered straight to your inbox

Thanks for subscribing