This message was posted by a user wishing to remain anonymous
Because there is pending litigation, I am posting this anonymously. Our scary story and big lesson learned, ironically, is when we were building out our Third Party Risk Management function. We thought that a vendor hosted Vendor Management system was our panacea (vs our home grown in-house developed process). The vendor is known in the industry and was trying to get into the vendor management space. Knowing that we will be the first of a handful of banks, we jumped right in and not only licensed the platform, but all of the bells-and-whistle add-on modules (due diligence, risk assessment, contracting).
Unfortunately, needless to say, the software took longer to develop than anticipated, there were turnover in the vendor's development team, we asked for some customizations...long story short, it took a year and still no working application. By now all of our licenses were up for renewal. Vendor would not waive fees despite not having a working product.
Our lessons learned was to always perform due diligence regardless of how well known the vendor is AND only have licensing fees start upon a functioning product. We now require this in every contract where there is software development or if implementation is required. If we purchase separate add-on modules, all modules may have licensing fees starting at different times, depending on when they go live.
Original Message:
Sent: 10-16-2019 08:41 AM
From: Brittany Padgett
Subject: Do you have any third party risk horror stories?
Hi Everyone,
In light of Halloween upcoming, I'd love to kick off a thread and ask you if you have any scary stories or lessons learned that you could share with the group?
While we don't want to name names, we all would love to hear your third party risk stories that keep you up late at night or if you've run across any vendors out there that gave you some scary nightmares!
(feel free to share anonymously by hitting the anonymous checkbox before you post!)
- Brittany