Due Diligence: Keep Members and Regulators Happy
The NCUA often repeats the "due diligence" theme in regulations, letters to federally insured credit unions, and examiner questionnaires. Here are five ways to regret an outsourcing decision:
The following eight steps incorporate the points outlined in the NCUA's 2001 letter:
1. Know your problem or goal.
Approach vendor selection with predefined objectives tied to your short- and long-term strategies. Don't pursue products or services unless they directly contribute to a defined credit union objective.
2. Know your expectations and desired results.
Staff must be clear on why they're soliciting vendors and the desired outcome. Before arranging a client demonstration or visit, create a cross-functional project team and brainstorm business, technology, and financial requirements.
3. Know your due diligence analysis standards.
Due diligence should precede all outsourcing activity or product purchases. The biggest risks often are associated with the most innocuous, nonintrusive vendor relationships.
4. Know your vendor.
Sometimes credit unions shortcut the due diligence process due to preconceived ideas or opinions about vendors. Some view a vendor's reputation as sufficient evidence of impeccable service. Or a tip from a trusted credit union colleague might cause your CEO to ask, "Why aren't we using them?"
Ask these questions during vendor selection:
5. Know your costs.
Why outsource? Cost reduction is among the top answers. But how many deals actually reduce expenses? Typically, contracts define direct costs that may include the service or license fees, implementation, continuing support and maintenance, and vendor training. Consider important intangibles and how outsourcing affects internal operations. If you aren't clear about service levels, terms, recourse and liability, and fees, consider an attorney review.
6. Know your data.
Data protection by far is the most important aspect of any outsourcing relationship. Remember, NCUA issued Section 748's Appendix A to comply with the 1999 privacy law. Data breaches and identity theft are of utmost concern to members and regulators.
7. Know your internal operations.
Outsourcing usually means internal change. Therefore, identify how this vendor service or product alters your current policies, processes, operations, and in-house skill sets.
8. Know your monitoring requirements.
Outsourcing may relieve the credit union of direct management of a process or function, but responsibility for risk and successful operation remains with the credit union. Define measurable service levels. Then monitor vendor performance, and document and report problems.
Credit unions ultimately are responsible for performance lapses of third-party service providers. Monitoring can protect your credit union against claims of negligence and support regulatory compliance. Due diligence is ongoing through monitoring—it is not a one-time event that's finished when the contract is signed.
Norine Richards is director of risk management for Ent Federal Credit Union in Colorado Springs, Colorado. This story first appeared at www.creditunionmagazine.com and is reprinted with permission.
Powered by Comment Script
|Renew Membership Online|
|Update Member Information|
|Frequently Asked Questions|
|CUNA Councils Connect|
|In the Spotlight|
|Council Web Polls|
|Additional Resources from CUNA|
|All Past Conferences|
|Award & Recognition Program|
|CUNA Council Calendar|