Home > News & Events > Financial Institution Letters
Financial Institution Letters
|Techniques for Managing Multiple Service Providers|
|IntroductionMultiple Service Provider Relationships Using a Lead Contractor Using Inter-Provider Operating Agreements Considerations for Financial Institutions Summary||This document is intended to serve as a resource for banks in addressing specific challenges relating to technology outsourcing. The content was prepared not as examination procedures or official guidance but as an informational tool for community bankers.|
|Financial institutions increasingly rely on a wide variety
of service providers1 to support an array of
technology-related functions. Outsourcing information technology to multiple service
providers may provide banks with a variety of benefits including access to expert
technology skills, lower costs, and increased productivity. However, these arrangements
also may alter the risk profile of the institution. Specifically, risk management
processes involving outsourced activities are often distributed among several companies
and may necessitate a coordinated contract oversight approach by bank management.
This brochure discusses two techniques to manage risks inherent in multiple service provider relationships. The first technique involves the use of a lead contractor to manage the banks various technology providers. The second technique, which may present its own set of implementation challenges, involves the use of operational agreements between each of the service providers.
|Multiple Service Provider Relationships|
|A multiple service provider relationship
typically involves an environment where two or more service providers collaborate to
deliver an end-to-end solution to the financial institution. Each one of the service
providers has their own core competence and focus area. Together, these providers strive
to deliver an integrated service and solutions package to the bank. The nature of the
contractual relationship between the service providers and the bank often varies from
institution to institution. In many cases, institutions use a lead provider who, in turn,
subcontracts with other service providers. Direct "stand-alone" contracts
between the bank and each of its service providers represent another common approach.
Multiple service provider arrangements are often used in the deployment of an electronic commerce solution. For example, a web-hosting firm may work with a communications carrier and one or more application service providers.2 The financial institution may have separate contracts with each provider (carrier, web host, application service provider) or may have one lead entity (such as the application service provider) that then subcontracts with the carrier, web host, and other providers.
Stand-alone contracts with each service provider usually call for increased day-to-day management of each provider. Additionally, if coordination among each provider is not a requirement of the individual agreements, the opportunities for schedule and performance problems and complexities are likely to arise. Contracting for a technology solution by utilizing one lead provider may diminish the need for the bank to become directly involved if subcontractors fail to perform and/or miss their agreed-to schedule. The lead provider will be solely responsible for meeting the contractual obligations of the subcontractors to other service providers and the bank.
Each financial institution will want to consider the most appropriate risk management strategy when contracting for technology services. Assigning a lead contractor and utilizing inter-provider service level agreements are two techniques that, if deployed correctly, can assist the institution in managing risks related to complex technology outsourcing arrangements.
|Using a Lead Contractor|
|Bank management may select to structure a
multiple provider outsourcing arrangement by designating a lead contractor who is
responsible for establishing subcontracts with the other providers and managing their
performance. This structure may result from a banks existing relationship with a
service provider who subsequently subcontracts with other firms to provide additional
applications and features. A lead contractor structure can also result when a group of
providers bid on a contract as a team with pre-established roles and relationships.
Regardless of whether the relationship between the lead contractor and the subcontractors was pre-existing, there are techniques that bank management can employ to manage risks associated with dependence on the lead provider. These techniques, which include provisions in the Statement of Work for defining roles and responsibilities of the contracting parties, are detailed further in the Appendix.
An effectively implemented lead contractor relationship ultimately increases the performance risk for the lead provider, even though it simplifies the boundaries of the relationship. This is due to the fact that the lead provider assumes responsibility for all aspects of the contract, and therefore for the performance of all subcontractors. This structure allows the bank to establish a single point of responsibility for the entire relationship. A contract that clearly defines the roles of the lead provider and subcontractors may streamline the negotiations of legal issues such as the limitations of liability, indemnity, and warranty since responsibility need not be divided among multiple parties. It may also enhance the efficiency of the general contracting process.
Many lead contractors may already have existing arrangements with potential subcontractors for the provision of various ancillary services. As a result, there may be a preference for selecting one of the subcontractors with which the contractor already does business. Financial institutions may wish to carefully examine all contractual provisions in their agreements with the lead contractor to determine the level of responsibility the lead contractor is willing to accept for the actions of the subs that the lead contractor selects.
In some cases, the lead contractor may include contract language that attempts to eliminate all responsibility for losses caused by the subcontractors or sets a fixed dollar limit on the lead contractors maximum liability for any claims regarding the work of the subcontractors. Financial institutions may wish to consult their legal counsel in order to determine potential exposure to losses for which there may be no ready recovery. It is also important to note that, when using a lead contractor, the financial institution lacks direct privity3 of contract with the subcontractors and will have less influence over the specific activities of each subcontractor.
|Using Inter-Provider Operating Agreements|
|Financial institutions that prefer to
maintain a direct contractual relationship with a variety of technology service providers
can choose to integrate their efforts by negotiating for operational agreements directly
with each of their service providers. This operational agreement can take the form of
inter-provider Service Level Agreements (SLAs). This type of SLA is a separate contract
requiring each of the providers to meet the other providers service or performance
requirements. Examples of such requirements include on-time delivery of a critical
application or platform, network or platform availability specifications, and security
requirements. This type of agreement requires the individual providers to communicate and
Implementing operating agreements between various service providers can be challenging because the bank may lack significant negotiating leverage. Although some additional leverage may be gained by negotiating through user groups, challenges remain in attempting to deviate from the standard forms, contract structure, and delivery approach of established providers. Notwithstanding this, it is important to stress that the intent of the inter-provider agreements is to encourage co-operation and communication between technology providers implementing integrated systems and services.
Communication and co-operation begin with the financial institution developing well thought-out contract goals and objectives that have been agreed to by the senior executives, business managers, and information technology managers and clearly articulating these to the service providers. Contract terms and conditions can be established based on these goals. When determining how goals and objectives will be met, it is helpful to clearly define handoff points between the various service providers.
In addition, bank management and legal counsel may consider establishing the minimum acceptable levels of service that are expected of participating providers as their respective contribution to the team. The minimum service levels provide the performance floor for the inter-provider agreements. Any provider that does not meet these minimum performance standards should be held responsible. Therefore, it may be useful to ask that all service providers participate in developing the inter-provider agreements and accept and agree to the specific terms, minimum performance standards, and the corresponding metrics that will be used to measure their individual and collective performance.
|Considerations for Financial Institutions|
|The following points represent suggested
practices that can be helpful to banks in administering outsourced arrangements involving
multiple service providers.
|To manage multiple service provider
outsourcing relationships successfully, institutions may find it helpful to focus on three
Ultimately, the key to successful management of a multiple service provider environment is contract oversight. Regularly scheduled reviews can help point out problems early enough to effect resolution before matters get out of control. Institutions may wish to develop guidelines in the contract that define regular interaction between the service provider(s) and bank managers.
|1 Technology service providers encompass a broad range of entities including but not limited to affiliated entities, nonaffiliated entities, and alliances of companies providing products and services. This may include but is not limited to: core processing; information and transaction processing and settlement activities that support banking functions such as lending, deposit-taking, funds transfer, fiduciary, or trading activities; Internet-related services; security monitoring; systems development and maintenance; aggregation services; digital certification services, and call centers. Other terms used to describe Service Providers include vendors, subcontractors, external service provider (ESPs) and outsourcers.|
|Last Updated firstname.lastname@example.org|