A Guide for Bankers and Vendors
I stay in touch with a large network of contacts from throughout financial services and fintech. Aside from the worry, fear, and frustrations all of us are facing at the moment, I’m hearing a growing concern that innovative solutions are not or cannot be implemented right now.
Bankers say their existing processes and technology did not account for the situation we find ourselves in today. Internal processes and supporting technology were not built for a distributed workforce. Particularly, not one that was working from home and sometimes using personal devices not vetted by the organization. Customer-facing digital experiences, if designed by the institution at all, were not built for a digital-only world. For example, most organizations have mobile remote deposit limits that only allows low value checks to be deposited. The situation was tolerable in a world where a customer could go to a branch and deposit a larger value check. What can bankers do?
Technology vendors say they have solutions that can address financial institutions shortcomings, but as usual financial institutions cannot move quickly enough to deploy them.Technology providers are reaching bankers, but the discussions seem to lead nowhere. Bankers are interested but follow up phone calls are hard to get by.
What are the tech vendors doing wrong?
A solution to these twin problems is one that some of you will be surprised to hear from me. It is not defining a new strategy, or standing up an innovation function, or becoming agile. All of those are good solutions but require significant time, planning, and resources.
There are resources within financial services that are almost always overlooked when thinking about innovation, process improvement, and solving problems. These resources are often blamed for putting out barriers that stifle change. However, given a chance they can be not just great problem solvers but enthusiastic innovative change agents. Yes, you guessed it, I’m talking about risk management.
The astute financial service observers saw these resources go above and beyond the call of duty in the past several days. They were the ones tasked with interpreting an 11th hour guidance from the SBA to be able to offer PPP loans to small businesses. While many organizations had trouble getting their programs ready for Friday last week, many banks and CUs did stand up programs and were taking loans the day after the release of the guidance. Often the unsung hero was a risk management person that made reasonable assumptions and made the case for proper processes to be ready.
Back in 2010, when we introduced mobile deposit capture, my former colleagues and I involved our risk management team in developing processes and policies for what was then cutting-edge functionality.We understood that technology was ahead of any applicable guidance and industry experience was nearly non-existent. Our risk management team made policy and process recommendations that were beyond the capability of the technology. Ten years later, I still see mobile deposit policies and procedures throughout the industry that can’t compete with what our team developed then. That experience taught me to always include risk management. I have never regretted it.
As bankers identify processes and policies that need adjustment for today’s reality, they should be engaging their risk management resources early. Risk management should be included in defining the problem, not just in approving an already proposed solution.
The process of vetting a new technology provider is a complicated one for all financial service companies. It is an exercise that touches most facets of a company’s risk management program. Companies are looking to protect their customers and themselves, while complying with regulations that are often behind the times by decades.
The vendors know the problem well. The bankers that are responsible for buying technology and technology services also know the problem well. Yet, the dance between them is almost always the same time and time again.The buyer expresses interest in the vendors’ solutions. There is a period of dating that can mean everything from simple demos to stringent RFPs, and proof of concept projects. They take turns going back and forth sharing information with each other, but the marriage takes a long time to happen. Bankers and vendors complain about the time it takes, and they blame risk management.
Bankers can bring risk management early to the dating but that is not the solution. Vendors must do their part to make the process move as quickly as they can. In the 20 years I was involved in recommending or buying services from technology providers, I can count in one hand when the vendor seemed to be genuinely prepared to make the vendor due-diligence easier.
Vendors know that they are likely to be asked a myriad of documents. Yet, it always seemed to be a surprise when I took my turn and asked for “something else,”even when I shared the full list of our requirements up front.I’m surprised that most technology providers selling to financial services don’t have a due diligence package pre-assembled and ready to be turned over to a financial service company as soon as a mutual non-disclosure agreement is signed.
At a minimum, a due diligence package should include:
- General company information
- A copy of the latest audited financials
- Insurance certificates
- Explanation on legal and regulatory compliance
- Information security technical review, including penetration test results
- Description of business continuity and disaster recovery
- Sample contract
I’ve seen vendors also include documents that can help the banker speed up the review and approval process, like sample RFPs, business cases, and financial models.
Re-frame the Vendor On-boarding Process
Risk management can be a hindrance when trying to move quickly in the best of times. As we are facing an unprecedented situation, it is paramount that financial service companies and their technology vendors re-frame the vendor on-boarding process to deploy solutions quickly. Bankers should involve their risk management teams from the problem definition through final rollout. Vendors should aim to make the purchasing process as easy as possible by doing as much of the work for the banker up-front.