Increasingly, banks are outsourcing technology applications to third-party vendors. As a result, it is critical to clearly define the roles and responsibilities of those vendors and to manage the on-going relationship between the bank and the vendor. More often than not, however, the bank’s expectations of the relationship are not clearly defined. In fact, in many cases, bank management may not completely understand the obligations and commitments of a vendor. Therefore, bankers can use service level agreements as a tool for managing the risks associated with technology outsourcing and to agree upon practices for managing, measuring, and monitoring vendor performance.
According to the FDIC, “Service Level Agreements (SLAs) are contractually binding clauses documenting the performance standard and service quality agreed to by the bank and service provider.” Ideally, the SLA works in favor of both the bank and the vendor, as it serves to define the relationship and the responsibilities of both parties, thereby eliminating any contractual questions that may arise during the course of the relationship. An effective SLA should be put in place at the beginning of any vendor relationship, and it should be fully discussed by both parties so that clear communication and a definition of responsibilities exist from the outset.
Each bank should develop their own standard service level agreement to implement with all of its vendors. Using a standard of this nature will help the bank standardize and more efficiently manage its multiple vendor relationships.
The key to an effective service level agreement is the objective measurability. Both parties, the bank and the vendor, should be able to independently reach the same measurement of the service category based upon definitions and defined acceptable ranges established in the SLA. The bank will find that clearly established measurements at the beginning of the vendor relationship will prevent vendor management problems down the line.
Keeping the above key components in mind, the FDIC recommends following a four-step process for developing a standard service level agreement.
Determine objectives. In this first step, the bank should take into account its own strategic plan and the benefits it hopes to gain through this specific vendor relationship. In addition, the bank should consider its own internal ability to manage vendor relationships. Are the right personnel available to evaluate vendors at the outset of a relationship and to oversee the ongoing service levels provided by that vendor? Other key factors during this phase include the bank’s position in the marketplace, the economy, and its peer group.
Define requirements. When the bank has determined its objectives for establishing the vendor relationship, it should next define the specific requirements that each particular vendor must meet. Consider why the bank is contracting with this vendor – to increase efficiency, to reduce cost, to improve customer service, or for some other reason. Clearly establishing the purpose of the vendor relationship will make defining the requirements of the vendor a simpler process.
Set measurements. Once the bank has determined how the vendor relationship fits with the bank’s strategic plan and objectives, it is then critical to set objective measurements with which to evaluate the vendor relationship. Without these measurements, the bank will not be able to judge whether the vendor has met its commitments under the service level agreement.
Establish accountability. Although a vendor may take some responsibility for monitoring the ongoing relationships with the bank, it is ultimately the bank’s responsibility – and regulatory requirement – to monitor the relationship with the vendor. Therefore, a senior manager should have the responsibility and should be held accountable for managing vendor relationships. This person should report on a regular basis on the status of the vendor relationship and on whether the vendor is meeting, exceeding, or failing to meet established service level agreement metrics. A bank auditor or legal counsel may assist in this process.
In a word, all of the bank’s vendors should sign a version of the bank’s established standard service level agreement. At a minimum, include those vendors that play a key role in the bank’s mission critical operations, such as the core processing vendor, item processing vendor(s), any third-party lending or deposit-taking partners, funds transfer vendors, and Internet banking vendors. In addition, all technological vendors, including security monitoring, systems development, systems maintenance, aggregation services, and digital certification services should sign service level agreements. After these SLAs are in place, consider implementing them for any and all third-party vendors with whom the bank does business.
For more information regarding Service Level Agreements, including sample SLA clauses, consult the FDIC’s “Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements” at http://www.fdic.gov/regulations/information/btbulletins/brochure2.html.