Request my free demo

Being In Compliance with Vendor Contracts  - Why is this so important?

There is a heavy price to pay for financial institutions that consume market data and other information sources but fail to comply with supplier contracts.

But often it can be difficult to comply or even know whether you’re in compliance, and such a lack of control can lead to substantial penalties for improper data usage from information suppliers.

According to a A-Team Group survey of market data practitioners at Tier 1 and Tier 2 financial institutions, two-thirds of respondents said their firm lacks sufficient transparency into the actual usage of the information services they pay for (see graph, below).

transparency-actual-usage-information-services

The difficulties in ensuring compliance with vendor policies can be due to the sheer volume of clauses across hundreds of suppliers, which can be challenging to stay on top of. But there is also a real lack of transparency into actual data usage across a firm.

Technology has enabled individuals to access and redistribute data with relatively few controls, leaving firms exposed to liabilities. And the ongoing march of regulations – such as the EU Benchmark Regulation and the research unbundling requirements of Markets in Financial Instruments Directive II (MiFID II) – shine a spotlight on data consumption and distribution.

But technology has also moved on and is now enabling us to put in place better controls and usage tracking so that financial institutions can grasp control of their data usage and limit their liability to vendor fines.

This page explains why being in compliance with vendor contracts is important, and examines the main challenges involved and possible approaches to overcoming them.

Use the table of contents below to navigate through the page:

  1. The Issue of Vendor Contract Compliance
  2. Vendor Contract Compliance: Why It’s Important
  3. The Challenges of Robust Vendor Contract Compliance
  4. Best Practice Approaches for Information Services Compliance

                                                                      Or

                          Download complete whitepaper

The Issue of Vendor Contract Compliance

(back to top)

Vendor contract compliance has long been a major issue for financial services firms, particularly with respect to their relationships with market data suppliers.

For decades, most firms were happy to manage their information services agreements – covering access and usage of trader terminals, data feeds, research and other subscription-based materials – on a simple Excel spreadsheet, or perhaps several sheets, often dispersed across different lines of business.

The precise level of usage of data services – often known only by the vendor in question – became a key part of the haggling at contract renewal time. The result was perhaps a sly game of poker between vendor and client around usage figures and their impact on contract renewal terms.

In recent years, however, things have become more scientific, with the availability of sophisticated contract management and inventory expense management systems. Today, firms are expected to know if they are using these services in a manner that is compliant with their vendor contracts. They are also expected to be able to demonstrate this compliance, providing evidence to a range of stakeholders, including internal users, external auditors and, increasingly, regulators.

Two regulations in particular are forcing financial institutions to examine how they are consuming market data and other financial information services. The Benchmark Regulation – which aims to clean up contributed data practices in the wake of the Libor and other daily fixings scandals – will require firms to implement new governance policies with respect to quote, valuations and other pricing data they contribute to market benchmarks and indices. Meanwhile, MiFID II will require buy-side firms to monitor how much their firms pay sell-side organizations and other (in this context) information services providers for the research they use.

Combined, these and other new and emerging rules are pushing financial institutions to examine more closely how they track internal data, and more generally how they can leverage new technologies to get a firmer grasp on consumption of third-party data services. As they delve more deeply into how they consume premium (and expensive) data sets, they are realising that there are significant benefits to be had from improved vendor contract compliance.

Vendor Contract Compliance: Why It’s Important

(back to top)

It's often said that data is the lifeblood of financial markets. It's a widely held belief - if not, a fact - that after human resources, data - and specifically premium-priced market data - is the largest single cost item for financial institutions.

Which is why it’s hard to understand why trading and investment firms have historically had such a weak understanding of their organizations’ consumption of highly priced financial information services. Getting a firm understanding of data usage is a key step in achieving compliance with vendor licensing contracts. Increasingly, contracts require firms to be able to demonstrate compliance with information services license provisions and proof of the numbers, categories and locations of consumers actively engaging with a service.

Investment-management-agreement-vendor-contract-compliancemanage-research-usage-vendor-contract-complianceclient-reporting-vendor-contract-compliance

"A large global investment bank was fined $10 million by an exchange for non- compliant data usage"

Vendor contract compliance is important for a number of reasons, particularly when it comes to contract renewal time. Without a clear view of how a given service is consumed, firms may find themselves disadvantaged during contract negotiations.

Many firms are unable to say for sure which or how many of their staff are consuming the service. This can leave them at the mercy of the vendor’s own assertions as to the number of users and their usage patterns. In extreme cases, the threat of a vendor audit may even be used as a tool during contract renewal negotiations.

Notwithstanding the issues around contract negotiations, some firms have been heavily penalised by vendors for noncompliance, incurring major financial penalties as a result. One industry anecdote holds that a major US bank was forced to invest heavily in one market data vendor’s market data and trading room technology stack after an audit found it to be in serious breach of its data licenses. And of course, there is reputational damage associated with being found in default or being shut off by the vendor.

These concerns extend into regulatory compliance. MiFID II, in particular, is highly prescriptive on how firms need to account for their spending on third-party information services. Under the new regulation, financial institutions must adhere to new governance requirements on research spending, the management of client research charges, and the determination of payments. The goal of the new rules is to ensure that research costs are incurred in the best interests of the client, and that research costs are transparently allocated to prevent conflicts of interest.

"A large fund manager deployed TRG Screen’s FITS and was able to identify $2 million of out-of- compliance usage, which was quickly resolved"

Where firms choose to operate research payment accounts – that is, allocating research costs back directly to client accounts rather than absorbing them – regulators and clients have the right to require investment firms to make an array of disclosures. These include listing the information services providers paid from the account, the total amount they were paid over a defined period, the services the investment firm received in return, and how the amount spent compares with the firm’s overall budget.

Given the importance of data to the firm and the high cost of getting data usage wrong, why haven’t firms rectified the situation in order to get a clear view? The answer is: it’s not that easy.

The Challenges of Robust Vendor Contract Compliance

(back to top)

Getting to grips with data usage is challenging because so little existing infrastructure to track use of information services is in place.

how-many-web-based-subscriptions-do-you-have

In fact, in a recent survey conducted by TRG Screen and A-Team Group, two-thirds of respondents indicated that their firms do not have enough transparency around the access to, and usage of, information services in their organization. These compliance challenges fall into three main areas:

1: Managing a diversity of services

Often the organization will not know what services it subscribes to across the whole entity, and who is using the various services. The explosion in the need for information services – everything from data feeds to subscription services for Know Your Customer (KYC) activities – means that for most firms, the complexity of the suppliers and services is outgrowing the ability of the firm to track the activity via spreadsheets. According to the survey, some 47% of respondents manage relationships for more than 100 products.

Additionally, firms are using information services via a number of different platforms – including both traditional feeds and newer web-based services. In the survey, the majority of respondents – 60% – have up to 100 web-based subscriptions at the moment. A significant minority – nearly 7% – said they had more than 500 such subscriptions. It’s clear that the way organizations source information is changing today – multiple sources across different platforms are being used – and so the way these service relationships are managed needs to evolve too.

There is a growing appetite among financial institutions for the ability to categorize the data they consume more easily. For many, it’s no longer sufficient to know that 100 users accessed a ratings or news website; firms need to know what modules are being accessed, whether it’s equities, tax, news or some other topic. This becomes more challenging and important as users consume data from aggregators and as established suppliers consolidate their offerings following corporate acquisitions.

The research unbundling provisions of MiFID II are also adding to the audit burden. For financial services firms of even a modest scale, tracking research source, use, cost and applicable client using spreadsheets is unsustainable. Most organizations are seeking technology solutions to make this information service compliance process robust, less time and cost intensive, and easier to evidence to the relevant stakeholders.

2: Making sense of contract complexity

With larger numbers of suppliers come more contracts. As well, with the increasingly complex legal and regulatory environment, these contracts are now much more detailed and specific than they perhaps were in the past. It can be very difficult to stay on top of the hundreds of clauses across hundreds of information service suppliers. It’s even more difficult to ensure that all of the legalese is being complied with.

There are additional challenges with contracts, too. The contract renewal process can become fraught – contracts need to be checked against invoices, for example. Or the organization may have a series of regional contracts with a single supplier, with different terms and conditions to reflect local legal and regulatory issues.

3: Understanding organizational culture
around use of information services

Often the organization’s own culture around the use of information services can create challenges. For example, sometimes there can be a culture that makes it difficult for information services managers to obtain the resources they need – the organization would prefer to take the risk of a poor contract negotiation, bad audit outcome or regulatory issue than invest in the infrastructure that could prevent either of these things from happening.

There can be a range of other, hygiene-related cultural problems too. For example, how many organizations actively manage the process of removing departing employees from all the information services they had access to?

Sometimes, an employee will even have subscribed to an information service, on behalf of the company, using a corporate credit card – and then take that access with him or her on their departure. Other organizations turn a blind eye to employees sharing credentials, particularly around web access – and have no way to track this when it occurs. The cost in terms of compliance and reputational risk associated with failures caused by cultural issues can be significant.

Best Practice Approaches for Information Services
Compliance

(back to top)

Many firms admit that if they could understand access and usage, the benefits could be significant.

Traditionally, cost reduction has been a considerable perceived benefit. According to the survey, more than 57% ranked the ability to identify total cost savings as their top positive outcome. More than one-quarter of respondents said total cost savings from better transparency could be 30% or more of their annual spend on these products.

However, firms need to understand there are other benefits too, to taking a more structured approach to managing information services relationships. Increasingly, there will be a compliance element to these relationships – compliance with the vendor contracts as well as with the regulatory rules that are beginning to surround these relationships.

Firms need to be able to assert control over these relationships. They need to be able to monitor and manage vendor license rights – whether they be by number of users, number of concurrent users, or by location. Firms need to be able to detect and prevent the sharing of credentials, as well as end users bypassing official procurement controls and buying information services directly. Firms need a way to actively anticipate and prevent reputational risk, as well as be proactive in anticipating vendor audits. They also need to understand and properly allocate the costs of these services.

potential-benefits-of-being-able-to-track-usage-of-information-services

How would you prioritise the potential benefits of being able to track the usage of the information services you are paying for? (In order of 1-5 where 1 is the biggest benefit)

five-step-program-to-improve-managing-information-services-program

There is a five-step program that can help firms improve the way they manage their information services program.

Evaluate the current approach
Develop an understanding of the number of services the firm currently has, how many it has signed up to over the past year or two, and what the organization’s cancel rates are for these subscriptions.

Understand the obligations
Discuss with compliance and procurement the potential impact of new rules around third-party risk, MiFID II and General Data Protection Regulation (GDPR), or any others that may apply in the jurisdictions in which the firm operates.

Engage the business
Understand how these information services support the business, and how the new rules could impact existing client and back-office processes. Discuss the changes and how to support them.

Develop reporting
Explore the new kinds of reporting these new rules will require – to the business, vendors, the board, auditors, and regulators. Talk with stakeholders about how to make this reporting auditable and less burdensome for the organization.

Apply the right tools
Evaluate usage-tracking software that automates the process of understanding exactly what information services are being used, by whom, and how frequently. Such software can help the organization to manage vendor and regulatory relationships more proactively, as well as provide assurance of compliance. Further, usage can then be attributed to the contract and spend, providing end-to-end control and visibility, not to mention actionable savings opportunities.

In all cases, it’s important to understand that the data resources consumed by staff are extremely valuable, and it’s crucial that consumers are able to access what they need and to extract maximum value from it.

More info?

Talk to an expert       Request my free demo