NCUA’s increased scrutiny over vendor management is costing credit unions money and leading to the wrong outcomes.

The money going out the door, says Cornerstone Advisors, is due to CUs not managing vendors well in other areas outside of risk and security as they try to keep regulators happy.

Brad Smith, managing director at Cornerstone, said that vendor management today must be much more than evaluating the partner’s risk, which includes their ability to protect sensitive member data.

“But, unfortunately, that is what is happening at credit unions now as NCUA is asking CUs to carefully evaluate their vendors’ risk,” said Smith. “Credit unions are only focusing on the risk side, and not on vendor performance in their evaluations, and that is costing them money. NCUA does not care how much Fiserv is charging you or if Symitar is performing. They want you to assess their security and risk.”

 

continue reading »