Adding or upgrading mobile banking is a major project, as is simply changing a bank’s vendor or service provider for mobile banking. This article summarizes the steps involved in doing so.
The banking regulators have all issued guidance on outsourcing activities to third parties. By any measure, a mobile banking service provider is a significant or critical relationship for a bank. The data security demands are significant and the bank is subject to significant strategic, reputation, operational, transaction, and compliance risks, among other risks.
Time may be the single most important consideration. To get the best deal for your bank, start the process of evaluating potential providers, selecting a vendor and negotiation a services agreement 12-18 months before an existing contract is due to renew or before your bank needs to launch a new service.
Due to the significant and high risk nature of mobile banking services, a bank should engage in comprehensive due diligence of its proposed service providers. (And yes, it is recommended that the bank engage in due diligence with more than one service provider, both to ensure it understands the marketplace and also to ensure that it gets a “market” level of service and healthy competition for its business.) Comprehensive due diligence means reviewing financial statements, verifying the vendor’s relevant experience (success in implementing mobile banking for comparable banks) and reputation with comparable banks, the vendor’s regulatory relationships, results of past exams and audits, litigation history, performance issues, data security issues, and consumer complaint history. If the vendor will subcontract or outsource any part of the services, the bank should perform comprehensive due diligence on those subcontractors as well.