The Challenges of Robust Vendor Contract Compliance 😖
(back to top)
Getting to grips with data usage is challenging because so little existing infrastructure to track use of information services is in place.
In fact, in a recent survey conducted by TRG Screen and A-Team Group, two-thirds of respondents indicated that their firms do not have enough transparency around the access to, and usage of, information services in their organization.
These compliance challenges fall into three main areas:
1️⃣ Managing a diversity of services
Often the organization will not know what services it subscribes to across the whole entity, and who is using the various services.
The explosion in the need for information services – everything from data feeds to subscription services for Know Your Customer (KYC) activities – means that for most firms, the complexity of the suppliers and services is outgrowing the ability of the firm to track the activity via spreadsheets.
According to the survey, some 47% of respondents manage relationships for more than 100 products. Additionally, firms are using information services via a number of different platforms – including both traditional feeds and newer web-based services.
In the survey, the majority of respondents – 60% – have up to 100 web-based subscriptions at the moment. A significant minority – nearly 7% – said they had more than 500 such subscriptions.
It’s clear that the way organizations source information is changing today – multiple sources across different platforms are being used – and so the way these service relationships are managed needs to evolve too.
There is a growing appetite among financial institutions for the ability to categorize the data they consume more easily.
For many, it’s no longer sufficient to know that 100 users accessed a ratings or news website; firms need to know what modules are being accessed, whether it’s equities, tax, news or some other topic.
This becomes more challenging and important as users consume data from aggregators and as established suppliers consolidate their offerings following corporate acquisitions.
"The research unbundling provisions of MiFID II are also adding to the audit burden. For financial services firms of even a modest scale, tracking research source, use, cost and applicable client using spreadsheets is unsustainable. Most organizations are seeking technology solutions to make this information service compliance process robust, less time and cost intensive, and easier to evidence to the relevant stakeholders."
2️⃣ Making sense of contract complexity
With larger numbers of suppliers come more contracts. As well, with the increasingly complex legal and regulatory environment, these contracts are now much more detailed and specific than they perhaps were in the past.
It can be very difficult to stay on top of the hundreds of clauses across hundreds of information service suppliers. It’s even more difficult to ensure that all of the legalese is being complied with.
There are additional challenges with contracts, too. The contract renewal process can become fraught – contracts need to be checked against invoices, for example.
Or the organization may have a series of regional contracts with a single supplier, with different terms and conditions to reflect local legal and regulatory issues.
3️⃣ Understanding organizational culture
around use of information services
Often the organization’s own culture around the use of information services can create challenges.
For example, sometimes there can be a culture that makes it difficult for information services managers to obtain the resources they need – the organization would prefer to take the risk of a poor contract negotiation, bad audit outcome or regulatory issue than invest in the infrastructure that could prevent either of these things from happening.
There can be a range of other, hygiene-related cultural problems too. For example, how many organizations actively manage the process of removing departing employees from all the information services they had access to?
Sometimes, an employee will even have subscribed to an information service, on behalf of the company, using a corporate credit card – and then take that access with him or her on their departure.
Other organizations turn a blind eye to employees sharing credentials, particularly around web access – and have no way to track this when it occurs.
The cost in terms of compliance and reputational risk associated with failures caused by cultural issues can be significant.