Vendor Risk Management
Vendor Risk Management

Moving Center Stage – Vendor Risk Management & COVID-19

Vendor Risk Management (VRM) featured heavily at the recent Mitratech Interact 2020 online conference.  That’s not surprising, considering the rising concerns about the risks posed by vendor and supplier networks – and how COVID-19 might have impacted those risks.

Jay Fitzhugh, Chief Regulatory Officer at Mitratech, hosted a panel discussion with Rodney Campbell, Director, Vendor Management, Valley National Bank, Adrian Rodriguez, VP Internal Controls Manager, Amerant and Hector Jimenez, Director, Operational & Vendor Risk Management at Sterling National Bank. Together they explored how VRM had changed and stepped up to the plate during the COIVD-19 pandemic.

A representative panel

The panel members themselves and their respective roles reflected how institutions manage VRM. Their reporting lines fell into the finance function or the risk management stream. They all managed a breadth of commercial relationships across the business, including hardware vendors, software suppliers, SaaS-based vendors, and FinTech partners. Facilities management and even catering fell within their remit too.

As Mitratech VendorInsight users, they had spent the last year or so ramping up the use of the platform, working with colleagues in legal, finance, procurement, and business operations. They had reviewed and reduced contract costs, aligned contract terms and payment profiles, as well as ensured that contract SLAs fully met the needs of the business.

Infographic: Guidelines for Effective Vendor Onboarding

Mitigate risk while building strong vendor relationships.

A common theme expressed by Rodney, Adrian, and Hector was the ability of the VendorInsight solution to automate much of the day-to-day effort needed to run an effective VRM program. All of them used this to release staff to more value-added activities, while also providing an education platform for the rest of the business to highlight best-practice vendor management.

VRM enters the corporate limelight

While all three panelists had made great strides in enhancing their business’ VRM, they all felt that the outbreak of the COVID-19 pandemic had catapulted them into the corporate limelight. Almost overnight, senior directors and their regulators demanded much more visibility about potential and actual exposures to operational, regulatory, and commercial risks in their supply chain.

Hector, Rodney, and Adrian each swiftly developed vendor resilience dashboards to provide at-a-glance visibility of the risks and issues that could have a business impact. These were populated by information gathered from meetings they organized with suppliers about potential interruptions that could affect their institutions. They also used the news alerts, provided by the VendorInsight solution, to provide more discussion points with partners.

They used the feedback and insights to provide reports into their risk and finance functions, and ultimately their Boards, often every week.

VRM allowed quick response to federal initiatives

This high-speed, deep-dive activity also helped identify duplication of services, or redundancies in contracts, that could provide swift cost savings. Their previous efforts with procurement, legal and operations teams offered each of the panelists a deep understanding of their business’ contractual and operational relationships. It helped them provide advice and guidance to senior management about efficiency savings that would free up much-needed investment elsewhere in the business, without impacting the core service delivery.

Adrian, Hector, and Rodney were also crucial to supporting their banks’ involvement in the US Small Business Administration’s Paycheck Protection Program (PPP), aimed at helping support jobs and businesses in the pandemic. The policies and processes they had developed using VendorInsight allowed their institutions to respond very swiftly to the new initiative to support their customers. New suppliers onboarded very swiftly, utilizing best practices to ensure they maintained the standards demanded by management, regulators, and stakeholders.

The consensus was that this was probably the first time that senior management, and the Board, had fully grasped the strategic value and significance of VRM.  Interestingly, Rodney, Adrian, and Hector anticipated greater visibility and expectations from the business, as the impact of COVID-19 looks to be more long-lasting than most had envisaged at the beginning.

Go here to watch the panel discussion on VRM, and other content from Interact 2020.

Defend yourself against vendor and enterprise risk

Learn about our best-in-class VRM/ERM solutions.