For most technologies, a supplier or vendor will likely be used to provide some part of the system. For example infrastructure, application code, support, and so on. This means it is important that care and attention are taken when selecting a supplier.
The entire process can be defined as follows:
Figure A.1 Supplier selection, implementation, and off-boarding lifecycle
Confirm the Business Need
The first stage is to confirm the business need for the supplier selection. For example, a Cloud computing provider is required because the firm wants to reduce day to day technology costs by XYZ percent or a Machine Learning platform is required to reduce the number of trading errors.
Also at this stage, it is advisable to confirm which staff are needed (a) to be involved in the supplier selection process and (b) to be involved as some sort of senior management forum to oversee and eventually approve the supplier selection.
Confirm the Requirements That Need to Be Assessed as Part of the Selection
This stage involves creating a list of requirements that need to be assessed during the supplier selection. This can cover a wide range of areas but the following groups tend to cover what is needed:
1. Functional fit.
It needs to be clear what functionality the platform is offering and does this functionality meet the firm’s needs. However, it is important to remember that some platforms may have too much functionality for some of the smaller or less complex firms. Therefore do not be afraid of choosing a platform that does not have the range of features as other larger platforms (as long as it meets the firm’s needs).
2. Integration with the firm’s current systems.
Firms need to ensure that the selected platform can easily integrate with their current systems. For example, the platform integrates with older green screen technology, can it link with the e-mail systems, can it link with old versions of MS-Windows, can it link to FTP sites, and so on.
3. Confirmation of the support model.
In the event of problems then what help desk or support model is in place? What are its service levels? What hours does it operate? And so on. Does this level of service meet the firm’s needs and requirements?
4. Hosting of the platform.
The technology platform will need to be hosted on some type of servers. Asking the supplier to host the platform often sounds easier but this does cause an issue, namely:
• What is their support model?
• In what location will the data be stored?
• What are the supplier’s information security policies?
• Is the data encrypted?
• Does the supplier charge an extra fee for this?
However, if the platform has to be hosted internally then
• What hardware and skills are needed?
• How easy it is to obtain these skills?
• How expensive will this be?
5. Ensure that all costs are clearly understood.
Most suppliers will charge some sort of upfront fee plus an annual license fee. Therefore, it is important to understand how much these fees are and what is covered (or not covered by them).
If there are any “extras” then what are they and how much do they cost? However, the supplier must be making a reasonable profit from the contract. A firm cannot afford for a supplier to go out of business because it will impact the firm’s operating model, product offering, and so on.
6. Ensure everything is covered in the contract.
Everything agreed upon in the vendor selection process must be included in the contract. In other words, firms need to be sure that all the functionality demonstrated and promises made during the sales process have been included in the contract and no key features are “extras” that will need to be paid for at a later date.
While this may seem cumbersome it is important because if there are legal disputes then the content of the contract becomes key.
The following specific legal points should also be covered:
• Direct or indirect (or consequential) loss—in effect if there are monetary, regulatory, legal, or reputational errors caused then who pays for them. For example the firm, the provider, or a combination of both.
• Termination clauses—a suitable timeline needs to be included which ensures (a) the firm can leave relatively quickly if they want to migrate a way and (b) the vendor cannot terminate without giving the firm sufficient time to find and move to a new platform.
• Confidentiality agreement—this is normally two-way and ensures both sides do not share confidential information with other parties.
• Protection of Intellectual Property—this clause will ensure that if any ideas, bots, and so on are developed then they are not sold or reused by other firms who use the platform.
7. Ensure any critical dates or full timeline is agreed upon.
If the platform provider is helping with the implementation (such as providing consultancy, developing / test software, implementing hosting, and project management) then all key dates with clear roles and responsibilities for delivery should be included in the contract.
8. Cultural fit with the supplier.
Finally, there needs to be a good cultural fit between the firm and the selected platform provider. Because the roll-out of the technology is important then the selected provider will be a key strategic supplier and will work with the firm closely for many years. This means there needs to be good culture and working fit between the two. Otherwise, there will be problems and tension.
Trying to assess a cultural fit can be challenging but the following may help:
• Who are the supplier’s other customers (especially the financial services ones)? Are they similar to your firm? Can you arrange to speak to them to understand how the supplier operates and so on? If they note any issues then these need to be investigated before anything is signed.
• Try and arrange to meet supplier staff who the firm will work with on a day-to-day basis? After meeting these people then do you feel a good cultural fit? If not then is the supplier willing the change the staff members?
9. Prepare for Exit Planning
The supplier arrangement could terminate in one of three ways namely (a) the firm terminates the agreement (b) the supplier terminates the agreement or (c) the supplier stops offering the service abruptly, say due to bankruptcy, and firms need to have plans to find an instant replacement.
For the first two items (namely (a) and (b)) the contract needs to include a comprehensive Exit Plan that provides sufficient time for both parties to exit the arrangement and, if necessary, find alternative arrangements. This Exit Plan will need to contain details on roles, responsibilities, return of data, and timelines, and ensure that there are no interruptions in service.
For the final item (namely (c)) the firm needs to have pre-made plans that can be immediately executed if the supplier fails. This could be having an alternative supplier in place which could be used immediately, having a supplier ready to go but will need time to be ready or even looking at closing down a part of the business.
10. Does the firm have audit rights?
The contract should have wording to allow the firm to audit the supplier regularly. The frequency of the audit will depend on the importance or risk of the arrangement. High risk or more important suppliers will be audited more regularly than others.
The audit will allow firms to ensure that the supplier is still able to meet their obligations in the contract. For example, the audit could cover reviewing performance, technology, processes, people, management, governance, risk management, finances, cyber-securities, the supplier’s suppliers plus any other relevant areas.
11. How reliant is the supplier on using other suppliers (or 4th parties) Nearly all suppliers are reliant on other providers and vendors to provide the service being offered. This could cover anything from using external software packages, using outsourced administrators, employing agency staff, and so on.
However, it is important when selecting a supplier that a firm fully understands what parts of the service being provided are dependent on the supplier’s suppliers. If these elements are critical then the firm should ensure they investigate and oversee these parts regularly. Also, the firm may insist the supplier agrees to any changes to these 4th parties before any changes are made.
12. What regulatory notification and approvals are needed?
Depending on the suppliers being procured then it may be necessary to inform the relevant regulators about a change of supplier. This notification could range from asking permission or confirming a change has been made once it has gone live. Therefore firms and suppliers need to ensure that they factor in regulatory approvals or notifications.
Create a List of Suppliers to Be Assessed
A list of suppliers to be assessed needs to be created. This list can be created from speaking to existing staff, speaking with trade bodies or specialist consultancies who know this area. However, there is a possibility that only one supplier is available.
Perform an Assessment of the Suppliers’ Capabilities Against the List of Requirements
This step involves the firm speaking to the suppliers (or single supplier) listed (see “Create a list of suppliers to be assessed” directly above) and assessing them against the list of requirements created (in “Confirm the requirements that need to be assessed as part of the selection” on page 210). The assessment is typically done by the firm asking each supplier to complete a questionnaire (or request for proposal) in a formal manner which is then followed by several meetings and workshops to address and drill into any specific points.
At the end of this process then a recommended supplier or suppliers can be selected to move into the contract and detailed due diligence phase. While it is not uncommon for more than one supplier to move into the next stage, firms need to be mindful that having more than one firm will create a large amount of work which may not be that beneficial.
Detailed Contract Negotiation, Due Diligence, and Reverse Due Diligence
Once the preferred supplier (or suppliers) is selected then the firm will need to perform detailed contract negations to ensure all the requirements, legal clauses, and so on are included in the contract.
This work may require the firm to perform detailed due diligence on the supplier to ensure everything that has been suggested earlier can be performed. This could cover performance, technology, processes, people, management, governance, risk management, finances, cyber-securities, the supplier’s suppliers plus any other relevant areas.
Likewise, for certain contracts, the supplier may want to perform (reverse) due diligence on the firm to ensure everything the firm has stated is fully correct and valid.
Beware of losing all goodwill during the contract negotiations. While it is very prudent for the firm and the supplier to ensure they have negotiated the best deal for themselves, it is also important to ensure they both sides do not negotiate so aggressively that they have lost all “good will” (and effectively “hate”’ each other) before the contract is signed. Remember signing the contract is the first stage and both parties will need to work with each other for many years going forward.
Finally (as mentioned above) you must ensure the suppliers is making a reasonable profit from the contract. A firm cannot afford for a supplier to go out of business because it will impact the firm’s operating model, product offering and so on. This means the supplier must make some profit from the arrangement.
Onboard the Supplier
This step involves onboarding the new supplier arrangement. This could range from a simple process of “flicking on the switch” (say for using a new trading partner) to a complex lengthy implementations spanning several years (such as a migration of data centers to the Cloud). Also as part of this stage, it may be necessary to off-board existing suppliers.
Day-to-Day Running
Once the supplier is onboarded then the arrangement can go live.
This will involve using the supplier on the required regular basis. For example using their Cloud platform, using their NLP technology or trading with them.
As part of this, there will need to be some sort of regular oversight and tracking of the supplier. The scope, depth, and frequency of this will depend on the criticality of the supplier but typically it will cover reviewing performance, technology, processes, people, management, governance, risk management, finances, cyber-securities, the supplier’s suppliers plus any other relevant areas.
Exiting the Supplier Arrangement
As mentioned earlier the supplier arrangement could terminate in one of three ways namely (a) the firm terminates the agreement (b) the supplier terminates the agreement or (c) the supplier stops offering the service immediately, say due to bankruptcy, and the firm needs to find an instant replacement.
For the first two items (namely (a) and (b)) the contract should include a comprehensive Exit Plan that provides sufficient time for both parties to exit the arrangement and, if necessary, find alternative arrangements. Therefore in this situation then is the plan should be followed.
For the final item (name (c)) the firm needs to have pre-made plans that can be immediately executed if the supplier fails. This could be having an alternative supplier in place which could be used immediately, having a supplier ready to go but will need time to be ready or even looking at closing down a part of the business.