Trust Exchange welcomes Frankenmuth Credit Union as a customer for our vendor compliance monitoring application.
Risk managers everywhere cite lack of vendor engagement as the #1 challenge in 3rd party compliance. Just as customer success begins with the sales process, so does the compliance success of your vendors begin with their introduction to your program.
At a certain point in my military career, I was made to sit through an extremely dry and soul-sucking class on the process of classifying information. Without going deep into that torture, I’ll sum it up with a statement that may seem counterintuitive.
“When possible, produce information that is usable by the largest possible audience.” In other words, “don’t produce classified information that nobody will be able to use.”
Trust me. This is the hardest lesson to teach. Top Secret information is sexy. It feels powerful to produce it and to control it. But, producing information that is classified (at any level) often makes it useless. Why? It’s quite simple. Information, data, intelligence, whatever you want to call it, has no value without application. Information only has value when it can be consumed. It’s like growing a garden of fresh vegetables, then never harvesting and eating them.
Businesses of all sizes, throughout all industries, make the same errors every day. I understand, the competition is ruthless and is always looking to take some market share. Even non-profit organizations are in competition. Why would you ever want to share information with a rival? I’m going to begin my answer with an example. When casinos catch a cheater, what do they do? They quickly notify all their competition throughout the region. Why would they do this? The cheater won’t do any more damage to their business. Why not let the cheater go wreak some havoc at the competition’s Blackjack table? You know the answer, because passing that information quickly and efficiently helps to keep the industry healthy. When it comes to reporting cheaters, there is a high level of trust between competitors.
“Information only has value when it can be consumed.”
The business world needs to change its perspective. Nobody is telling you to give up a competitive advantage – that’s what the government does when you don’t properly nurture your industry. Ask yourself what information your organization collects, that when freely shared, will not put your company at a disadvantage to the competition, but protect the health of your industry. You could start with your vendors. In certain industries, especially pharma, credit unions and community banking, the vendor overlap between two randomly selected organizations is surprising. Reduce that list to critical vendors or high-risk vendors and the overlap becomes worrisome. We have the data, and we’re watching entire industries are put many of their high-risk eggs in the same baskets – a trend that does not statistically bode well over time, yet it exists. There’s an opportunity here though.
“Business information has NO value without application.”
If the organizations in an industry contract with many of the same critical vendors or high-risk vendors, does it make sense to share certain information with the industry? We think it does. It's not a complete list of possibilities, but consider the following possible events and conditions:
· An investigation for fraud or bribery
· The sudden departure of a CFO
· Continuous failures to meet compliance requirements
· A lawsuit
· The unexpected loss of a critical client
· A failure to maintain an overall industry reputation (falling out of favor) *
· A failure to keep up with industry innovation *
I put an asterisk next to the last two examples because they fall more to the subjective side of the business information spectrum – extremely important data that needs to be included in any system of business information. Look at the list again. Concerning a common vendor, is there any item on the list that would compromise your competitive advantage? I’ll argue with you later, but the answer is no.
What happens when you do share this information with your industry peers? What are the positive outcomes for client and vendors?
Positive Outcomes of Sharing Selected Information with Other Industry Participants
· The company’s reputation is improved in the peer-group.
· Disruption of business due to vendor failure is less likely.
· The industry’s reputation, in the eyes of the public and regulators, is improved.
· The quality of the vendor pool is improved.
· Vendor compliance costs are distributed throughout the industry.
· Vendor responsiveness to checklist requirements is increased.
· Reliance on 3rd-party information brokers is reduced, resulting in saved expense.
Positive Outcomes for Vendors when Performance Information is Shared
· Top performing vendors are rewarded with improved reputation, resulting in increased business.
· The vendor pool is compelled to maintain a high level of quality.
· A vendor’s awareness of reputation in increased, allowing them to better manage the market’s perception of their product or service.
· The vendor’s ability to observe and respond to market needs is increased, allowing them to remain competitive.
The biggest problem with most of the vendor management platforms is that they do NOT allow the sharing of important business information between industry peers. At the same time, they also do not allow the vendor to actively maintain their profile within the platform. They all essentially do the same thing, display the data that you already have. Trust Exchange made the decision to break this trend by applying social technologies to your business information/compliance program. Now, you have a choice. You have the choice to share business information or not. You are also now able to discover what everyone else is reporting about your critical vendors and high-risk vendors.
It’s time to adjust your perspective. Ask us how we’re different.
What is the difference between vendor management and vendor monitoring? Is vendor management a subset of vendor monitoring? Or is vendor monitoring a subset of vendor management?
The viability of any given company, varies over time and can be impacted by many things including their performance, business cycles and the political environment. Understanding the ebb and flow of a company’s business is key to understanding their viability.
Operational excellence builds Trust. Trust powers your supply chain.
Monitor Trust vs. Credit to ensure the integrity of your supply chain.
The state of B2B credit today can be compared to the cargo cults of the post World War II pacific islanders. Like these cults, the large credit bureaus and financial institutions are trying to predict the future by recreating the circumstances of the past and forcing modern businesses to perform their sad obsolete rituals.
The John Frum Cult, located on the South Pacific island of Vanuatu, is a modern remnant of the “Cargo Cult” phenomenon. These cults sprung up when technologically advanced western cultures exposed themselves to the native islanders. The natives, upon seeing the inexplicable technology and vast amounts of supplies brought in by the militaries of the United States and Japan, attributed these achievements to magic or divine origin.
Once the war ended and the militaries withdrew, the natives began creating rituals that mimicked the behavior of the occupying militaries. They would stage parades, build runways, coconut radios and even airplanes made from palm trees in an attempt to conjure up the fantastic amounts of men, supplies and the miracle of flight. Sadly for them, short of another war, nothing they do will replicate the unique set of circumstances they witnessed in the 1940’s. Even today, the John Frum Cult (“Hello, I’m John from America”) has a ceremony every year on February 15th to celebrate their new god in the hope of his return.
Unfortunately, the business credit industry is enacting similarly obsolete rituals. Here are a few examples.
Check Credit. It costs a lot to check a company’s credit and in most cases the data isn’t accurate, timely or correlated with any company’s long term viability or ability to pay. This is especially true for small and medium businesses. Furthermore, business failure is a process and not an event. In order to understand the true risk of entering into a business relationship you need to monitor viability vs. check credit.
Reporting Credit. It costs a lot of money to report on a company, good or bad. The quality of a report is dependent on collecting ALL of the data on a particular company. These fees are a negative incentive to participation and reduce the quality of the overall data.
Data Integration. It costs a FORTUNE to integrate real time with the large business credit bureaus. This is an additional blockage to free data and skews the existing data toward the outcomes of the larger integrations: telecom, utilities, etc.
Trust. The large credit bureaus don't trust you to update your own information. They also don't track key information beyond the payment information such as certifications. (SOC1, SOC3, ISO, etc.)
At Trust Exchange, we are trying to stamp out the cult by making the data open, free and peer generated. With our service, you can create your own standards, rate companies and monitor all of your key business relationships.
Learn more by contacting us HERE
Don’t be a Compliance Sheep.
Being a Sheep Sucks.
Be a Compliance Engineer.
As you traverse the compliance countryside you quickly notice that there are a lot of sheep out there. Bad things happen to sheep. Sheep get herded, penned, sheared and occasionally eaten. They also have the world-wide reputation for being terribly susceptible to groupthink. Being a sheep sucks. Regrettably, nobody intends to be a sheep.
“No compliance officer basks in the adoring glow of C-suite gratitude.”
In many organizations (should I say most?) the compliance manager/department catches all the blame for failures and little reward for success. It one of those duties where success is inherently unremarkable to the rest of the organization. A client recently told me that “no compliance officer basks in the adoring glow of C-suite gratitude. It just doesn’t happen.” Encouraging vendor compliance can be especially challenging because now you’re also dealing with the loss of the positional authority that you have with internal mandates. It’s an environment that blindly compels the standard “police officer” approach – doing what everyone else is doing. Sheep.
What are the sheep doing these days? They are slowly upgrading from spreadsheets, phone and file cabinets to cloud-based systems. It’s a step in the right direction, but it’s only a small beginning to a solution. You need to understand that your challenges with vendor compliance are not where you store your data, or how you access it, or even how you perform due diligence. Your biggest problem is that you have not changed your perspective. Your approach is wrong. The information that you are collecting and analyzing with your new web-based platform is the same stale data that you dumped into your spreadsheets – only now, you get to see it through a colorful graphic. Additionally, you’re still thinking like a police officer – waiting for a failure to happen and then reacting, after the fact. How can you get an edge working like this? You Can’t.
The current hot trend is the outsourcing of risk analysis; and there are some good services available. This seemingly attractive option is problematic for an inescapable reason, a system of rankings or scores usually defers to an “ideal case” that doesn’t actually exist. An ideal case that is often based on the same rear-view data that you’ve always used. The dirty little secret of prediction is hard to swallow – the stronger the confidence in success, the more catastrophic the failure when it eventually comes around. More importantly, predictive analytics tend to systematically remove subjective data. If you’re scratching your head, subjective data includes indicators such as reputation, relationship, news and certain business indicators – oh, and your gut feeling. Four equally-weighted ideas should stick here: real-time information, relationships, reputation and continuous monitoring of it all.
Change your perspective.
The most effective vendor compliance teammate thinks like an engineer, not like a police officer. Failure is never an event that just happened. An engineer sees failure as one possible result in a process (that presents recognizable indicators) over a period of time. An engineer looks at the process (from design to implementation to end-state) and all the key factors that affect that process. Then, they actively monitor the process for variation in those indicators, rather than waiting with the sheep for a failure to happen. Therefore, compliance engineers actively communicate with and monitor their vendors in real-time, rather than audit them after-the-fact. They make it easy for their vendors to actively manage and share the required information. Finally, they utilize a system that reports on that vendor’s reputation in the marketplace – the subjective data. There is a way to easily capture all of this information and put it to good operational use. This is the difference between Trust Exchange and everyone else.
Ask us how you can take control today.