We normally go through some sort of vetting process to get our information. It might be by issuing a Request for Proposal (RFP which asks for descriptions of products and services), comparing catalogs, using Angie's List, issuing an Invitation to Bid (ITB which only asks about price), some other methodology. Occasionally, you don't have a choice, such as in a monopolistic market. Consider your water, sewer, electricity and other utility products. Your choice is simple: you either buy from them or you don't buy at all. But we are discussing purchases where you have a choice.

If you focus only on price, you are probably short-shrifting yourself. You have to consider things such as after-sales support, implementation costs, converting existing functions to use a new product. If your purchase is service, how can you determine the quality of that service before you sign the contract? What is the vendor's reputation? Do they disappear while the ink is still wet?

How do you determine longevity? Will they be here tomorrow? You can look at financials, although most privately held suppliers won't release that information. You can ask for references, but how many salespeople will give you a reference from someone who didn't like their product? You can ask to see their business continuity plan, but that won't tell you how really effective it is. So you could ask for audit reports, but most companies won't release that information. You could ask to see reports about or observe exercises, but most companies won't comply with that until you are actually a client (if then.)

But let's say you are somewhat satisfied with the answers they provide. What does that say about their suppliers? Absolutely nothing. For example, how many of you, while conducting your due diligence with your corporates, credit card, clearing or core processors found out anything about the vendors they depend on? My guess? None. Yet here we are today, with ACH providers morphing, with item processing changing, with core processors outsourcing data center capability, with credit card and ATM processors being absorbed by others, with ATM networks dependent on still other networks … you get the idea.

With the changing corporate environment, a lot of credit unions are making contract commitments to changes that will be difficult, if not impossible, to un-do if they don't work out. Due diligence isn't just a catch phrase. The decisions made today will affect them for years. A wrong decision can be catastrophic.

All vendor relationships are rife with single points of failure, any one of which can bring your business to its knees. Consider several years ago when a bank purchased a company providing support to credit unions. Who would have thought that the bank might decide that supporting a credit union was an anathema? They unilaterally cancelled contracts, leaving the credit unions in the lurch. Was that a surprise? Proper due diligence and risk assessment should have indicated otherwise, and yet, a lot of credit unions are moving into this territory of relying on services from big banks again.

How can you evaluate the goodwill of a vendor—the intangible, personal service you've come to expect at the end of the telephone when you need help, or the perseverance of a service representative who sticks with you until your problem is resolved? How do you feel when you change suppliers, and their support staff only passes you by phone to Vendor X (their supplier) to solve your problem when you have no relationship with that third party? It would be really nice to know about the intangibles before you ink the contract.

Yes, there are a lot of vendors out their, with the support of leagues, CUNA, and many others trying to sell you software to “fix your vendor management problem”. Guess what? “Vendor management” is really a “vendor relationship” between the business owner in the credit union and that vendor. You can pay a lot of money for software to help you manage expiration dates of contracts and alert you in time to review, but that review belongs to the business owner. There is no software that is a panacea. It involves hard work by the business owner to ensure the vendor, and that vendor's suppliers, will be there to support you.

Regardless of what you are purchasing, you have to consider the security of your entire supply chain. There are a lot of pieces, some of which you can quantify, some of which you can't. No amount of buyer's remorse will fix bad service because you didn't do the homework before inking the contract.

Don't fall into the trap of saying, “We have insurance to cover those losses!” Think about it! No amount of insurance will bring back the members who leave because you couldn't provide access to his or her funds when it was needed.

We live in a complex web of vendors with ever changing relationships. Yet despite its complexity and the sense of security a web provides, if you really look closely and are able to identify the hidden single points of failure and mitigate them, you will be able to demand redundancy and security.

Your product, the security and access to funds you provide your members, is only as resilient as the weakest link in your supply chain.

Ken Schroeder is vice president of business continuity at Southeast Corporate FCU in Tallahassee, Fla.