SUPPLIER CONTRACTING DONE RIGHT: STRATEGIES THAT MINIMIZE RISK AND DRIVE BUSINESS VALUE
In an environment of increasing competition, financial services companies can reduce costs and develop a competitive advantage by outsourcing certain components of their operations to third-parties. However, when leveraging third-parties, it is critical that financial services firms negotiate terms that mitigate risks and are aligned with the company’s overall corporate strategy. In Valorant’s experience, some of the key clauses that financial services must include in their contracts with third-party vendors are discussed in this paper.
CONTRACTING STRATEGIES THAT DRIVE BUSINESS VALUE
Financial Services companies typically have access to vast amounts of confidential data. This could
include sensitive Personally Identifiable Information (PII), such as biometric information and medical
information as well as unique identifiers such as passport or social security numbers. When financial
services companies on-board third parties to outsource certain operations, such as claims
processing, these partners typically gain access to this confidential data as well. Due to this, it is
critical that financial services companies establish the following guidelines around data ownership
when negotiating contracts with third-party vendors:
1. Data Return After Engagement Completion
Third-party vendors must return all client data within a certain timeframe after an
engagement is terminated or comes to completion. Our experience has shown that the
timeframe could range from anywhere between 10 – 45 days, with 30 days being
commonplace in the insurance industry.
2. Clear Ownership if Fourth Parties Are Involved
In certain instances, third-party vendors may in turn leverage an external vendor to perform
services for a client. These fourth parties also gain access to confidential data. Hence, it is
critical that the third-party takes complete ownership in such situations, in terms of how the
data is stored, accessed and analyzed by fourth parties. Additionally, in cases of
noncompliance or cyber security breaches faced by the fourth party, the vendor must take
complete ownership and have a clear risk-mitigation strategy.
3. Data Audit
Upon providing an advance notice, the client must be able to perform an audit of how the
third-party stores and analyzes data. This should also include an ability to review key security
certifications and ensure they are up-to-date. For example, if the third-party leverages the
cloud to store data, this could include validating that SOC2 certification is valid.
In Valorant’s experience, we have noticed that most vendors tend to include an annual price
increase percentage that’s applied during each year of the contract. This could range from anywhere
between 1 – 5%. However, to drive a best-in-class contract management strategy, year over year
pricing must remain flat or tied to inflation at the worst for multi-year contracts.
Financial services companies can expect to face a substantial amount of resistance from vendors to
agree to this term. However, it is critical to request pricing under different contract term scenarios
from vendors, right at the start of negotiations and contract renewal discussions. Additionally,
offering vendors a longer-term deal, applying competitive pressure and providing visibility into
additional business opportunities is effective in convincing vendors to include this clause in their
Download PDF to Read More
Download full PDF report to know more about contracting strategies that can help your organization minimize risk and drive incremental value