Sign in Subscribe
Risk Management

Managing Vendors in the Age of AI

Belinda Mumma

5 min read
Managing Vendors in the Age of AI

Artificial intelligence is no longer just a buzzword…it’s a revolutionary advancement that’s hard to ignore. It’s a varied and intuitive technology that promises progress, analytics and efficiencies that organizations – credit unions included – can utilize to stay competitive in the fast-paced modern world while also streamlining risk operations.

According to a recent study from National University, approximately 77 percent of businesses are currently using or are exploring the idea of incorporating AI into their organizations, whether that be to streamline operations or offer AI-driven solutions.

But, as with all things, it comes with risks that many of us are just beginning to understand. We’re talking about a technology that doesn’t just do – it learns and adapts, many times for the good, sometimes for the bad. From the lens of enterprise risk management, managing vendors that utilize AI is a critical piece of implementing this revolutionary technology – and here’s how you can do it.

Step 1: Understand the Risks of AI Vendors

Before your credit union gives the green light to the latest and greatest AI tool through a third-party, it’s imperative to understand the very real risks involved so you can address them in your vendor and overall risk management policies. Those risks include, but are not limited to:

  • Data privacy and security. AI depends on data input to learn, as well as provide insights that will benefit your institution. Because of the sensitive personal and financial information that credit unions handle on a daily basis, ensuring data privacy is especially important in our industry.
  • Compliance. As employees, we know that credit unions are subject to many compliance and regulatory requirements – but do vendors? You can’t count on all of your vendors to understand the nuances of credit union compliance, which means you need to ensure that your third-party vendors work within those regulations in their services, but also behind the scenes.
  • Vendor breaches. Even if your credit union isn’t the target for an AI-related breach or security scam, your vendor could be. That not only puts your reputation at risk, but if we’re talking about a critical service vendor, it could also impact your operations.
  • Information origins. AI requires information but the source of that information isn’t always discernable. Be sure to choose vendors that collect and utilize data from ethical and reputable sources and are willing to be transparent with where the data is coming from.

Step 2: Upgrade Your Vendor Management Process for AI

In the age of AI, evolving your vendor management program is a necessity. It requires a smarter management process that integrates both innovation and oversight.

Policy

Vendor policies vary, but they likely cover cybersecurity, data access, service level agreements, performance reviews, etc. With the addition of AI in the workplace, however, there are some additional pieces you should consider including:

  • AI Model Risk – This will gauge information accuracy and training capabilities through the vendor’s AI model.
  • AI Bias – Fairness is a cornerstone of credit union services (think fairness in lending, DEI, etc.), so identifying potential bias in an AI vendor is imperative.
  • AI Transparency – Data integrity is important to your organization’s reputation. Include specifics about transparency of sources – and don’t settle for a black box solution.
  • AI Governance – To determine compatibility with an AI vendor, it’s best to know their governance practices to ensure effective oversight, ethical standards, security measures and more.

As a requirement of your AI vendor policy, make sure that vendors provide this information right up front. The earlier you have all the details, the easier it will be to find an AI partner that is compatible with your organization and your mission.

Vendor Selection Framework

Speaking of compatibility, you need to develop a way to determine which vendors are more than just providers, but partners. With so many AI tools available, it can be hard to narrow down the options – and not get distracted by the flashy, complex tech that drives them. Go beyond the pitch and ask in-depth questions. Then, you can build your vendor selection framework to ensure:

  • Alignment of Goals – What are the use cases for the vendor and their AI solution? Are they capable of solving a problem for your credit union or supporting you in future business goals? Furthermore, do they also adhere to values similar to your institution in order to provide their services?
  • Credibility – How long has the vendor been around? Do they have a solid customer base? Is their solution one that has delivered proven results or is it newer?
  • Data Handling – As partners, there will be a lot of data transferred between your organization and your vendor. What do they need from your credit union and how do they intend to ensure the security of that data?
  • Compliance Readiness – Both the vendor and their AI solution must be compliant under regulatory guidelines – will they pass the compliance test when regulators are involved?

Vendor Evaluation Checklist

After your policies and framework are established, but before any contracts are drawn up and signatures adorn the pages, put together an evaluation checklist from all demos, discussions and consultations you’ve had with your potential AI vendors. This will provide a clear picture as to which ones suit your business needs and which ones pose red flags. After thorough review, ask yourself these questions as part of the checklist:

  • Can the vendor clearly communicate the origin and usage of the AI model?
  • Is there a chance for bias? Moreover, does the vendor have plans to mitigate bias if it’s demonstrated?
  • Is there a clear path of data sharing? How will data be protected?
  • Can the vendor and their solution be easily monitored and audited over time?
  • What is the contingency plan for AI failure or inaccuracy?
  • What are the vendor’s plans for future development, training, updates, etc.?

Balancing Act: Reward Over Risk

Without question, AI is a simultaneously exciting and risky prospect for any business. In today’s world, it’s not a matter of “if” AI is relevant to your credit union but, rather, “how” it is relevant, so it’s best to start preparing for this technology sooner rather than later. Doing so requires a balancing act to make certain that you reap more of the rewards and less of the risk. After all, your duty to your members is embracing innovation while maintaining security.

By implementing the policy updates, framework and evaluation checklist detailed above, you can begin (or enhance) your AI journey with clear guidelines of what is required, as well as desired, from a third-party vendor. And with a comprehensive vendor management strategy that is as robust and flexible as this ever-changing technology, you can be ready for the next big thing in the age of AI.

Belinda Mumma is Vizo Financial's enterprise risk management director. She has many years of experience implementing and maintaining vendor management and vendor due diligence software. During her career, she also has been responsible for policy and legal review processes; implementing, directing and maintaining enterprise risk management software; and implementing and maintaining audit and exam findings software.

Sign up for more like this.

Enter your email
Subscribe