When Three's a Crowd: Effectively Managing Third Party Vendors

It is said "Two's company; three's a crowd," when two people are in a relationship and would prefer to be alone. Your credit union's tech revolves around the primary relationship of credit union and core processor, and when it comes down to the efficiency of your CU, this might be the relationship that matters the most. However, you may have many third parties crowding your space and taking away from time that should be devoted to activities which more directly impact your members. Vendors, suppliers, agents, brokers, specialists, consultants, and more are constantly vying for your attention as a credit union leader, and managing these relationships can be a job in and of itself. Leveraging third parties can help your credit union gain significant efficiencies, but managing them can be burdensome.

Effectively managing third-parties is a challenge and pain point for many small credit unions who don't have the time, money & personnel to manage a myriad of relationships and products. NCUA's Letter to Credit Unions 07-CU-13, entitled "Evaluating Third Party Relationships," provides significant detail regarding the due diligence required prior to entering into third-party relationships as well as the ongoing due diligence needed to monitor those
relationships. For example:

• Background checks - Essential for both individuals acting as third parties as well as companies. What are their references like? Have they ever been in legal or severe financial trouble?
• Business practices and operations - Is the company culture inline with your credit union's? Are there any potential conflicts of interest?
• Financial standing - Before entering into a relationship, you want to make sure they are going to be around for the duration of the contract. What is the third party’s financial condition? Is their cash flow adequate?
  
• Accounting considerations - How does the cash flow throughout their operation and between all parties involved? Are they complying with Generally Accepted Accounting Principles in maintaining their accounting records?
  
• Internal controls - Do they have internal controls to prevent fraud and data breaches? Do they also follow the guidelines accepted for credit union compliance when it comes to IT regulations and financial laws?
• Contract issues and legal review - Are you adequately protected should an issue arise? Are you able to terminate the agreement if things go south?

In addition to due diligence, there are Risk Management considerations further eroding the quality time you can spend on member services. Whenever a credit union outsources a function, it's relinquishing some level of control over that function, and the inherent risk still lies with your organization. Managing third-party risks often include adding in even more third parties, such as insurance companies, lawyers, independent auditors, etc. 

So how does a credit union executive maintain a healthy balance with third parties while still devoting the necessary attention their members need? 

1. Minimize - With the growing demands and complexity of technology in the financial industry, it is not likely that we will see a shift away from third-party demand. But there are many products and services, such as credit and debit card management, that credit unions are increasingly bringing in-house with their core.

2. Consolidate - Many core vendors are willing to collaborate with third-party relationships on behalf of the credit union outside of their primary function. For example, a core provider who will work with CUNA and other insurance providers to implement services and functions that aren't directly a part of their own core offering, or will work with ancillary service providers when a disaster occurs as part of your business continuity plan.

3. Focus - Evaluate which relationships should take priority by determining those that add the most value for your CU and your members, and apply your focus on those. Where you can, reduce your direct involvement by introducing more automation that comes hand-in-hand with a core's open architecture and Application Programming Interface (API). While some third-party vendors require ongoing relationships, some are more transactional and can be addressed by a department manager rather than C-level leadership. 

The relationship between your credit union and the member comes first. Without it, the rest is irrelevant. Partner with a core processor and third-party vendors who understand their roles and are devoted to your ultimate success. 

Download our eBook to learn more about the integrations FLEX has developed directly within the core.