Skip to Main Content
PCBB Banc Investment Daily April 03, 2015
Banc Investment Daily
April 03, 2015

Three's A Party Around Vendor Risk

There's no hard and fast origin of the term "two's a company, but three's a crowd," although both William Shakespeare (in various plays) and Oscar Wilde (The Importance of Being Earnest") loosely used the term (although neither ever claimed to be the first to use the phrase). Meanwhile, artist and cultural icon Andy Warhol also used the phrase in his own way, saying, "One's company, two's a crowd, and three's a party." However it started, the meaning is simple - a third person joins an otherwise comfortable pairing, but in the end often doesn't mesh well with the first two individuals.
That's very much the case for community banks and mobile services developers, who often use third-party vendors to seal the deal and get a bank's mobile financial services operations up and running. One of the most prominent risks associated with banks, technology and third-party vendor relationships, is also a regulatory risk. The Fed even states that "If not managed effectively, the use of service providers may expose financial institutions to regulatory action, financial loss, litigation, and loss of reputation".
The number of community banks providing mobile services continues to grow given rising customer demand - 60% of smartphone and tablet users say mobile banking is either "important" or "extremely important", according to the 2013 Mobile Financial Services Tracking Study from AlixPartners. As such, banks large and small are turning to third-party service providers to get the job done in mobile. Our advice is that this process is fine, but bankers should consider some things before jumping into any third-party deal.
First, consider that pairing with a capable third-party mobile banking vendor allows community banks to quickly bring mobile banking products and services to market without the cost and labor intensive demands of building your own solutions in house. However efficient it may be though, enlisting a third-party vendor to provide mobile banking services can also expose a bank to significant risks, so care must be taken. This admonition can be extended to all of a bank's relationships with third-party vendors.
In this area, community banks are advised to especially strengthen management oversight of critical activities on the part of third-party mobile vendors. Specifically, focus attention on any area that could cause the bank to face significant risk where a third-party vendor fails to meet expectations, has significant customer interaction and impact; requires substantial investment to manage the risk, or has a major impact on bank operations.
Next, know that properly vetting third party vendors is not only for mobile but for other services as well. Make sure your vendor has a clean track record in the industry, has no record or involvement in regulatory or data breach incidents and has solid data management protection systems in place to properly protect your customers' financial data. Potential red flags include ongoing or past litigation, a record of subcontracting services out to other providers and not having adequate insurance. Be sure to also look at their finances. If a vendor's finances aren't solid enough that you would offer them a loan, chances are you shouldn't do business with them either. Also, spell out your bank's expectations, proper compliance and security standards.
Three doesn't have to be a crowd when it comes to third party mobile services providers if it is done properly. But if you're not careful, the poor choice of a third party vendor can lead to financial loss, reputational damage and the possibility of legal problems for those who didn't do their due diligence.