White Paper


  • In an environment of increasing competition, financial services companies can reduce costs and develop a competitive advantage by outsourcing certain components of their operations to third-parties. However, when leveraging third-parties, it is critical that financial services firms negotiate terms that mitigate risks and are aligned with the company’s overall corporate strategy. In Valorant’s experience, some of the key clauses that financial services must include in their contracts with third-party vendors are discussed in this paper.


Data Ownership

  • Financial Services companies typically have access to vast amounts of confidential data. This could include sensitive Personally Identifiable Information (PII), such as biometric information and medical information as well as unique identifiers such as passport or social security numbers. When financial services companies on-board third parties to outsource certain operations, such as claims processing, these partners typically gain access to this confidential data as well. Due to this, it is critical that financial services companies establish the following guidelines around data ownership when negotiating contracts with third-party vendors:
  • 1. Data Return After Engagement Completion

  • Third-party vendors must return all client data within a certain timeframe after an engagement is terminated or comes to completion. Our experience has shown that the timeframe could range from anywhere between 10 – 45 days, with 30 days being commonplace in the insurance industry.
  • 2. Clear Ownership if Fourth Parties Are Involved

  • In certain instances, third-party vendors may in turn leverage an external vendor to perform services for a client. These fourth parties also gain access to confidential data. Hence, it is critical that the third-party takes complete ownership in such situations, in terms of how the data is stored, accessed and analyzed by fourth parties. Additionally, in cases of noncompliance or cyber security breaches faced by the fourth party, the vendor must take complete ownership and have a clear risk-mitigation strategy.
  • 3. Data Audit

  • Upon providing an advance notice, the client must be able to perform an audit of how the third-party stores and analyzes data. This should also include an ability to review key security certifications and ensure they are up-to-date. For example, if the third-party leverages the cloud to store data, this could include validating that SOC2 certification is valid.

Renewal Pricing

  • In Valorant’s experience, we have noticed that most vendors tend to include an annual price increase percentage that’s applied during each year of the contract. This could range from anywhere between 1 – 5%. However, to drive a best-in-class contract management strategy, year over year pricing must remain flat or tied to inflation at the worst for multi-year contracts.
  • Financial services companies can expect to face a substantial amount of resistance from vendors to agree to this term. However, it is critical to request pricing under different contract term scenarios from vendors, right at the start of negotiations and contract renewal discussions. Additionally, offering vendors a longer-term deal, applying competitive pressure and providing visibility into additional business opportunities is effective in convincing vendors to include this clause in their contracts.

Download PDF to Read More

  • Download full PDF report to know more about contracting strategies that can help your organization minimize risk and drive incremental value

Related Articles


Interested in learning more about how Valorant can help your organization strategically reduce your 3rd party spend, as well as manage vendor-related risk? Reach out to us now