© 2020 Arizent. All rights reserved.

Beware of the pitfalls that can lead to 'death by IT contract'

Register now

Due to a core conversion and multiple mergers, we have recently gained more experience than we ever wished dealing with information services vendors and contracts. Our experience indicates a cautionary tale to the movement toward outsourcing or service bureau arrangements.

Last year, there were reports of Google paying millions of dollars for transaction data from Mastercard. This is only one example of many I could cite regarding the value of data – exactly the type of data that credit unions own and have on their core systems.

In the scenario of a credit union with this data on its in-house system, access is pretty straightforward as the credit union physically has the data on its own server on its own premises. To access the data, it has a programmer or other qualified person run a query. If the CU does not have such capability in house, it can contract with numerous third-party providers. If it doesn’t like the price quoted from one vendor, it can keep shopping as there are likely numerous vendors – from large businesses to sole proprietors – providing the needed expertise.

Contrast that with a service bureau platform. The vendor likely provides a limited-report writer program to gather some of the data, but it is likely limited in scope and depth. If you want more information or a more complicated report, you have only one choice of vendor: The service bureau. If you do not like their price … well, too bad. The bureau has your data and can name their price. You will become all too familiar with this version of the Golden Rule – whomever who has the gold makes the rules.

However, where they really have you cornered is at termination. The termination from our in-house system went very smoothly. We had options for getting the data out of the old system. We could write our own queries, we could request the data from the vendor or we could engage a third party.

At the end of the term of our software maintenance contract, we sent proper notice of nonrenewal. And, that was it. No issues of hostage data, no long drawn out termination negotiations, no “tail” to the contract. The contract did specify return of all copies of the software. I’m not sure of the usefulness of that clause, and indeed our vendor did not make such a request. We took our data when we wanted, shut down the server and stopped all use of the software.

Contrast that with our attempts to terminate and deconvert from a service bureau.

What if you want to leave a little early? Careful – our contract contained a clause of default – if client “deconverts any data or information from the vendor’s system without vendor’s prior consent.”

And you thought it was your data. The contract even had a clause stating that the data belongs to us, the credit union, but not if we wanted to move it.

What if you want to gather the deconversion data yourself? Careful again – our contract required us to obtain the deconversion data from the service bureau and pay the “then current deconversion charges.”

If you are wondering what those are, refer back to the Golden Rule. They are probably nowhere near what you thought they would be when you signed the contract. We told our vendor we didn’t need their help and were able to gather the data ourselves. Their response was that the deconversion charges apply regardless of who does the work.

Say you get past the first two issues. But, like us, you likely have an “exclusivity clause.” That clause states, “Client agrees that the vendor shall be the sole and exclusive provider of the services ...” In the famous words of Admiral Ackbar in “Star Wars: Return of the Jedi,” “It’s a trap!”

In our service bureau experience, the vendor is charging deconversion charges in an amount equal to 36 months of regular billings. This is on a 60-month contract.

Many small credit unions may be thinking they don’t have any plans to deconvert, except in the case of a merger and then the bigger credit union can deal with it. Unfortunately, that thought process means the smaller credit union will never be able to deconvert without a merger partner. Smaller credit unions cannot afford a 36-month charge to terminate a 60-month contract. The options become stick with an outdated vendor because you can’t afford to leave or merge. It becomes a death by IT contract.

Some of you are likely thinking you will just make sure these issues are addressed in your contract. You do have a good attorney reviewing your contracts, right? I wouldn’t be so sure. Some of these vendors are big, sophisticated, well-monied operators. They write computer services contracts every single day. Credit unions see computer contracts every few years.

Can you predict what will change and what your needs will be over the life of the contract, as well as they can? I would not count on it.

By now you are wondering what is a small- or even medium-sized credit union to do? I agree it is difficult for smaller credit unions to operate an in-house system. Even if you have the staff expertise, smaller CUs often become overly reliant on a single staff person, which represents its own set of issues and dangers.

My recommendation? First, there are good trustworthy vendors. Do your due diligence and make sure you do business with one of them. A good relationship is worth much more than a good contract. (Although a good contract is also important as you never know when another vendor will buy your favorite vendor, and then the contract becomes critical.)

Second, there are multiple credit-union owned vendors and multiple credit-union owned service bureaus. Negotiate a direct contract with the software provider, then a separate service bureau contract. Then you have options: You can process in-house or you can process with the service bureau, and you can move your data as needed.

Look around and you will find many options besides the deathtrap-type service bureau. Mostly, keep control of your data, and remember the Golden Rule.

For reprint and licensing requests for this article, click here.