The Biggest Misconception About Vendor Compliance
The Biggest Misconception About Vendor Compliance
Over the years, the role of Vendor Compliance has evolved primarily into a manager reviewing insurance certificates and filing them away for another day, in order to fulfill their compliance management function.
There have now been significant changes in case laws that put community management firms in primary positions of liability. Additionally, all community management E&O insurance policies excluded this type of work to be done by company employees. Unfortunately, it is still common for community management executives to be uninformed of all the exposures of risks affecting their enterprise, as well as how these risks may impede business objectives or even survival.
The increasing tide of threats, lawsuit cases, and regulatory requirements is rightfully closing this uniformed exposure gap, which has led to changes in executive expectations for vendor compliance programs. These expectations have resulted in change from the same old programs of verifying vendor’s insurance certificates, contractor licenses, and responsible parties. The understanding is that information has been ignored, due to everyday busy schedules and pressing tasks to complete.
This vendor compliance myth isn’t new or applicable in every situation. For the foreseeable future, technology will remain essential for security teams to understand from a combined capabilities, management, and limitation perspective. The reality is that the expectations of a security team should be the orchestration of security across people, processes, and technologies to protect information in support of the organization’s business objectives.
While the tides are changing, much work remains to be done. Recent surveys indicate that only 8% of organizations are part of a vendor compliance program that is auditable and constant throughout the organization, protecting the business and the associations from vendor risk.
Your People
It’s imperative that the people tasked with a vendor compliance program in your firm understand the fundamentals and have experience and tools in doing so, whether they are an accounting department staff or community managers. Historically, vendor compliance was viewed as strictly a community manager responsibility. Now, community management executives are beginning to realize that compliance goes beyond the borders of the community manager’s expertise. Therefore, it’s important to provide your management teams with the reliable and easy to use system they need to stay on top of emerging threats and keep non-compliant vendors from doing work at your associations.
With a professional compliance company such as Association Services Network (ASN) and the CertTrak vendor compliance program, you can now have the proper tools and knowledge of vendor compliance to improve your organization’s security posture through better execution and decision-making. The online Vendor Directory will now be communicating to the managers which vendors are compliant and non-compliant. Along with integration to your management software system. Everyone now has the knowledge needed to efficiently complete his or her daily responsibilities to the associations.
Processing the information is the key. To maintain a secure vendor compliance environment, a variety of skill sets and functions are needed, including system administration and networking, but also legal, insurance compliance, human resources, and data security.
All this complexity requires a great deal of coordination to be effective. The roles and responsibilities of these managers and accounting and customer service departments should be clearly delineated to avoid confusion and compliance lapses. When roles and responsibilities are clearly understood, managers, as well as supporting teams, avoid non-compliant vendors from working. Your company’s teams can refocus their efforts on those things that truly advance the organization's goals: help build better communities!
Since vendor compliance time is in competition with other business objectives, it is essential for executives to define who is involved in vendor compliance processes so that these individuals are empowered to make business-based risk management decisions. That occasional unpopular position can be made with a clearly documented mandate.
Your Processes
An effective vendor compliance program is one that recognizes that vendor compliance programs are a continuing and ongoing business process requiring the support of professional compliance auditors, easily used by individuals throughout the organization. It is the discipline of designing, implementing, and implementing vendor compliance program practices and requirements to protect associations and company assets. The cliché that vendor compliance is a process and not a product still applies.
Vendor compliance is more than just an activity of creating requirements to ensure the vendors insurance, license, and availability of information. Developing and maintaining compliant vendors, and relevant policies and procedures, is a key focus area as well. The need to continuously review and modify policies and procedures has gained even more significance due to the ever changing legal and regulatory environments.
To effectively manage and promote vendor compliance, a formal approach should be in place for the lifecycle processes of vendor compliance activities. It is necessary for community management organizations to identify those business processes and activities that have an impact on vendor compliance, and create a framework to identify and assign roles at various stages of the process. By applying the lifecycle approach, organizations can establish who is responsible for doing what, and who will review and confirm that the processes and activities have been appropriately managed or completed.
A Professional Compliance company like ASN can assist you in applying these lifestyles approach in your organization, with the assistance of proven technology and processes.
Your technology
Technologies are used to protect information and ensure its confidentiality, integrity, and availability. However, technology is only as good as the data going into the system. According to a recent survey by ASN on “Vendor Compliance in today’s HOA management,” 90% of vendors in their organization are “Non-Compliant” before or soon after deployment of ASN compliance program. In other words, the current vendor compliance programs of the past are what ASN calls “Shelfies” meaning they sit on the shelf instead of being properly implemented or utilized.
There are a variety of reasons to explain this “Shelfies” phenomenon, but they predominantly boil down to managers not having the time, tools, or the expertise to manage such a program. Some organizations lack the resources to properly staff and support their vendor compliance programs, a problem that many are able to solve through the use of Association Services Network. Sometimes, a lack of Compliance knowledge and supporting processes prevent full deployment of anything close to an auditable compliance program. In most cases, the community managers are too busy or did not have enough time to review the vendors’ insurance, or did not understand the insurance terminology well enough to verify their compliance worthiness.
Conclusion
Community management executives should ensure that the Vendor Compliance and actions address managers and the ease of processes, recognizing that only a portion of their time should be spent on vendor compliance and the follow up solutions. By moving beyond their traditional pile it on the managers’ mentality, organizations need to come to grips with what their vendor compliance really need to focus on: protecting their business and associations from vendors without proper license and insurance. The manager’s job is to understand vendor risks and to communicate that risk in a way that helps the association boards make informed decisions about whether that risk is acceptable.
More and more, managers will be expected to not just being informed, but have an easy system to use as well. Those who embrace this outsourcing of vendor compliance to professional compliance companies will have no need to worry about meeting further expectations. Business and communication skills will be the greatest differentiators between those who succeed in the community management and those who do not. Taking an approach to vendor compliance that aligns with business goals is now equally important as a good foundation in technology.
Vendor Compliance is an asset which adds value to any Community Management Organization, and consequently needs to be protected from a wide range of threats to minimize litigation impacts and maximize return on investments and business opportunities. Effective vendor compliance program management is not achievable through technology alone. It can only be achieved when a professional compliance outsource approach is adopted. This methodology requires the integration of a team of people who understand association business, the proper process, and insurance dimensions of vendor compliance while adopting a risk-balanced, business-based approach.