Stories of surprising supply-chain vulnerabilities exposed by the COVID-19 pandemic are becoming all too familiar. First it was medical supplies – equipment, PPE and swabs. Then it was pharmaceuticals.
Less well known are supply-chain vulnerabilities that are hidden from view. Unseen suppliers behind a visible firm are a critical link that can break the chain.
Exposure to supply-chain disruptions for financial institutions is different, but very real. For FI leaders, it’s their services supply chain that demands attention.
Banks’ IT services – from servers, firewalls and cloud storage to network security, user support and remote-working capabilities – often are the product of decades of evolving technologies, regulatory requirements and vendor relationships.
The challenges of the COVID-19 pandemic shine a light on potential IT services supply chain risks. Here are seven keys for financial-institution leaders to consider:
- Keep the number of IT services vendors to a minimum.
- Just as in physical supply-chain management, higher numbers mean more complexity, more gaps, more risk and more management time spent managing those risks.
- Know how many vendors it takes today. Half a dozen? Double-digits? Is that in your comfort zone?
- Ensure you have the systems and processes in place to manage your IT services vendors.
- Consider their support of your banks’ ability to conduct business and meet regulators’ expectations.
- Understand what it means if you have vendors that are supported by other vendors.
- Are these second-tier vendors located offshore?
- Do the second-tier vendors also rely on other vendors – and do they provide services from offshore?
- Have you performed your due-diligence on those hidden providers through the lens of offshore vs. U.S. location?
- Ensure your IT services providers have secure, remote-working capabilities, too.
- How are your vendors supporting WFH in their operations and how are they ensuring security?
- Are some of your IT services provided from offshore locations where remote-working may be limited by the lack of high-speed-internet away from the office?
- Manage the full spectrum of your IT service and spend.
- Is your vendor’s service level meeting your institution’s needs?
- Does your vendor bill for lots of add-on features that your institution needs but are outside your service agreement?
- How much of the institution’s management and staff time is required to get the results you want?
- What are your all-in costs for everything IT?
- If that’s a hard question to answer, consider how under-managed IT costs create undesirable business-performance risk that you can address.
- Could you get better results and gain efficiencies elsewhere by spending more or spending your IT dollars differently?
- Scalable IT resources can help de-risk crises.
- Were you able to scale up work from home (WFH) capabilities for your employees effectively?
- Was cybersecurity also able to scale to meet changing risks associated with WFH?
- Can you downscale your IT resources – while maintaining operational and cybersecurity capabilities – if business needs dictate?
- Regulatory agencies will focus on business continuity and pandemic-related issues.
- Were your plans effective? What changes did you need to make that were beyond your business-continuity and pandemic plans?
- What plans are you making now to prepare for another round of COVID into the fall of 2020?
- Do you have the resources you need to continue meeting the needs of your customers?
- Is your board of directors involved in these discussions and decisions?
De-risking your services supply chain is always a smart move; today it’s a business imperative. Email BankOnIT to inquire about a complimentary risk-assessment tool your bank can use. Understanding your organization’s current level of risk and biggest areas of opportunity is the right way to start.
BankOnIT provides comprehensive information technology services for financial institutions across the USA. www.BankOnITUSA.com
Submit your comment
Upon completion you will be automatically redirected to the electronic Authorized Resellers Agreement.