Each one of us has our own set of standards, what we understand to be acceptable and what isn’t acceptable. Standards define a minimally acceptable behavior. Standards define how we live our lives. If we don’t live up to personal standards, then we must answer to ourselves and possibly to others. Standards certainly apply to our professional lives. Standards can be identified in how we conduct business, and how well we perform our daily responsibilities. In fact, every employee at your bank has a responsibility to demonstrate standards of performance.
However, when it comes to technology services performed on behalf of your bank, is your bank protected by contractually-defined standards? It should be. For every service provided, there should be well-defined standards of minimally acceptable performance.
In my first blog, (The Value of Technology in Community Banking Exceeds Cost, March 8, 2016 – link below) I wrote that there has been a paradigm shift in recent years where the majority of services to bank customers are now delivered via technology rather than by bank staff. The technology that your bank depends upon is in most cases provided by a third party service.
In the past, employees were the primary conduit that provided services to customers (mailing statements, providing balance information by phone, etc.). If employees did not perform or comply with performance standards, the situation could be easily corrected. Banks established easily understood performance objectives. If these objectives weren’t met, corrective action was necessary.
Today, these same services are provided by third party technology. Shouldn’t performance standards or objectives be understood and agreed upon contractually? And if they are not met, shouldn’t there be an agreed upon remedy or financial renumeration?
Consider what would happen if mobile banking went down for three days. How would your bank respond if statements were continually mailed late? Or, if your ATMs were frequently out of service? What would your bank do? What should your bank do?
My advice is to begin itemizing all the services being provided on behalf of your institution. Typically, that includes core processing; item processing; ATM and debit card processing; internet banking; mobile banking; and bill payment. Those are basic, technology-related services at most banks. Your bank may also outsource statement and notice printing; mail; email; network management; server hosting; and information security services, plus other services. The list gets longer every year.
Next, check your outsourced services contracts. Each service should be defined in the agreement with minimal accepted service levels and remedies for non-attainment. Ideally, if non-attainment becomes too frequent then that service could be terminated at your bank’s discretion without being subjected to contract termination fees.
I have found that vendors are not forthcoming regarding performance standards and remedies. This part of your contract generally has to be requested. If you find that these standards and remedies are missing in your current contracts, you will need to pursue these items at the time of your next contract renewal.
Unfortunately, most remedies are not that impactful. It is usually a small percentage of the monthly cost of that service. However, standards and remedies are absolutely required today and must be defined for every service provided.
Furthermore, the bank must monitor performance and alert the vendor whenever there is a failure to ensure prompt, corrective action. For more information, go to the FFIEC IT Examination Handbook on Outsourcing Technology Services (link below).