3 Questions To Ask A Vendor Before Signing Anything
3 Questions To Ask A Vendor Before Signing Anything

Kasasa logo

Log in Contact us
Contact us

3 Questions To Ask A Vendor Before Signing Anything

Posted By Zac Garver | July 29, 2019

Topics: BLOG , TRAINING AND CULTURE

Here’s a scenario that should haunt the dreams of every community financial institution executive: someone has breached your security system and leaked the information for hundreds, or even thousands of account holders.

If Facebook is any measure, a breach can happen to any company, regardless of size, or technological prowess. When news broke that Cambridge Analytica had accessed the information for millions of Facebook users without their consent, the public and Congress took notice.

Facebook should have asked these 3 vendor questions

The whole fiasco begs the question: if Facebook had performed thorough due diligence on Cambridge Analytica before it gave them access to their platform, would they have averted the entire scandal? Hard to say for sure. However, it’s definitely made everyone here at Kasasa thankful for the rigorous due diligence process that our third-party vendors must undergo.

In fact, we spoke with Diane Christensen, AAP, our Senior Finance Project Manager and point person for all things “due diligence,” to learn what questions she asks vendors before any paperwork is signed.

 

  • Will the vendor have access to ANY non-public information — either Kasasa’s, our clients’, or consumers’? Under current regulations, even a personal email address classifies as “non-public information” that must be protected (business emails are exempt from this designation).
  • Will the vendor have access to any of our code, or our system?
    If they have access to the code, can they write a backdoor? Does that system give them access to our databases?
  • If the company suddenly went out of business, could it cause us to suffer a reputational or financial loss?

 

If the answer to any of these three questions is “yes” then your next step should be to perform a thorough due diligence process. And eventually, the answer to one, or all, of these questions will be “yes.”

Some institutions have outsourced the due diligence process to yet another vendor, which can be a wise move considering the amount of time and expertise required to investigate multiple vendors successfully.

And according to Diane, smaller institutions rely on a dynamic that counter-intuitively puts them at higher risk: trusting to relationships at the cost of due diligence. For instance, the CEO may have a long-time working relationship with somebody at a local IT consulting firm, and he may approve a contract on the strength of that connection, without requiring due diligence.

The issue with this scenario isn’t a “lack of paranoia,” but a failure to adhere to the Russian proverb (popularized by Ronald Reagan): “Trust, but verify.”

By performing due diligence on a vendor you are not only seeking to eliminate unqualified partners but to give yourself the information and resources to plan contingencies and measure risk. Asking the right questions at the outset can save you a lot of headache on the backend. Just ask Mark Zuckerberg.

BLOG

3 strategies to help your frontline team change for the better

Learn three strategies to foster healthy change and keep pace with changes in tech and consumer behavior.

Learn more

BLOG

Here’s what consumers expect to see from a financial institution

Community financial institutions can win new account holders and create brand loyalists, (even during a difficult time) by focusing on these four things.

Learn more

BLOG

The Kasasa Support Center is here!

The Kasasa Support Center is a portal for clients to interact with their Kasasa team. It’s a centralized place to get the help you need when you need it.

Learn more

What’s Kasasa?

Kasasa® is an award-winning financial technology and marketing services company dedicated to helping both community financial institutions and consumers experience what it means to "Be Proud of Your Money." We're known for providing reward checking accounts consumers love, the first-ever loan with Take-Backs, relationship-powered referral programs, and ongoing expert consulting services to community financial institutions.

By working exclusively with community banks and credit unions, Kasasa is helping to strengthen local economies across the nation, building a virtuous cycle of keeping consumers' dollars where they can do the most good. Our mission is to power a network of financial institutions in all 50 states offering products and services that are clearly beneficial for the consumer and the institutions offering them.