Most fishermen brag about how many fish they've caught. But if you go fishing with a real pro, you'll notice that he throws back more fish than he keeps.
Like fishing, electronic banking is not about landing every prospect; it is about attracting, keeping, and preserving only the most profitable business relationships.
Poor product performance and other pitfalls that reflect negatively on your company can be avoided if proper due diligence is conducted before a deal is closed.
A typical bank/vendor scenario runs like this: You have been researching for months about a new product you want to offer your customers. After learning about how the product works and assessing the options available, you zero in on a company that appears to have the best fit all around.
Naturally, you have developed a relationship with the other side, and your gut feeling is that they will be able to perform. Pricing is negotiated, an agreement is drawn up, and the deal is closed.
Or so you think. Three months after implementation begins, your vendor indicates that it does not have the cash to continue with required software development. Or the vendor is unable to live up to the standards of performance in your agreement. The whole project must be redesigned and is delayed. How could this have been avoided?
By developing and implementing an effective due-diligence policy.
Why should you bother? First, a good policy carried out every time you are thinking of doing business with someone else will avoid headaches, lost opportunities, costly mistakes, and degradation of your good name later on.
Second, the regulators require it. If your business is in any way connected to an institution subject to regulation by a federal agency - such as the Federal Reserve Board or the Federal Deposit Insurance Corp. - you will be touched by the Federal Financial Institutions Examination Council's statement addressing risks from switches and network services in retail electronic funds transfer systems.
The statement, issued in April 1993, states that bank directors and senior managers are responsible for ensuring that electronic funds transfer systems, including those for ATM and point of sale terminals, feature adequate controls.
The statement requires that institutions examine the EFT switches and network servicers with which they do business to ensure: that sufficient controls cover switch processing, that contracts define participants' liabilities and responsibilities, and that settlement procedures do not expose an institution to undue risk.
One thing examiners will look for is whether an institution has investigated switch and settlement processors to be sure the processor has adequate controls. The trickle-down effect of the statement means that businesses connected with electronic banking should be making similar inquiries.
Below are the basics to get you started:
The policy. Your due-diligence policy should require that a checklist be filled out on each company with which you are considering doing business. Some may feel more comfortable disclosing sensitive information after both sides sign a confidentiality agreement.
Further, the policy should require that certain information be updated at least annually on companies with which you will have a continuing relationship. The vendor agreement should also allow you to inspect the company's records if necessary.
The inquiry. Of course, every situation is unique, but at a minimum the following should be examined:
*The company's most recent financial statement, audited if available.
*Business references. Obtain the names and telephone numbers from the company, and inquire about the type of business the company has done with the reference. You should get at least one reference from a business that has a contractual relationship similar to the one you are contemplating.
*Professional biographies on those people in the company with significant management responsibility.
*A schedule of all material insurance policies currently in effect.
*Disaster contingency plans.
*Outstanding, anticipated, and recently concluded legal action by or against third parties and all government investigations.
*A certificate of good standing from the jurisdictions in which the company is organized and qualified to do business.
*An organizational chart of the company, including a description of the business of each of the company's subsidiaries and holding company.
*Policies and procedures covering security controls.
Generally, you want your investigation to be thorough enough to uncover information that will reveal whether or not the company can perform the best job for you. A good due-diligence policy that has the support of senior management can be your best defense against problems later on. And if your investigation reveals something fishy, throw him back!
Ms. Hart Targan is a Farmington Hills, Mich., lawyer specializing in electronic banking, merchant acquiring, and retail banking.
