Vendor* relationships are like a marriage, in which both parties should have a vested interest and a desire to make the relationship work.

We will explore how lessons from a good marriage can be used to maintain an effective vendor relationship as the digital landscape moves into agentive AI territory, with focus on the financial services industry. In a previous article on vendor management I established that the vendor relationship needs a psychological bond like a marriage and that premise still exists, albeit flavoured with a greater digital overtone. The speed of AI development across all industries is rapid and behoves senior executives to be ever conscious of emerging risks. As Sam Altman, CEO of OpenAI says: “Generative AI is one of the most exciting and powerful technologies of our time, but it also presents new challenges and risks that we need to address thoughtfully and proactively.”

Much attention is being given to cybercrime, budgetary pressures to keep up with AI innovation, getting value out of AI solutions, workforce adoption of new AI solutions, geopolitical risks increasing operational costs and displacing sections of the workforce, and environmental disasters affecting technology and operating infrastructure, to name a few. Managing the inherent risks associated with a vendor relationship coupled with these additional considerations can be overwhelming.

Regulators like the FCA are very concerned that firms implement and deploy AI solutions in a responsible manner. As Jessica Rusu, FCA Chief Data, Information and Intelligence Officer says: “As a regulator, we must play a critical role in ensuring AI is deployed in a way that is safe, fair and in the best interests of consumers and the market as a whole. Even some of the world’s most profusive backers of AI recognise the importance of ensuring the risks of AI are mitigated, as we all work to realise the undoubtedly enormous benefits the technology has to offer. That’s why AI is a priority for us. We are committed to enabling a safe and responsible environment for the beneficial use of AI in UK financial markets, in a way that supports the growth and competitiveness of the sector.” Irrespective of the industry, vendor relationships work on a two-way basis, so understanding each party’s technology capabilities and risk profile, future growth plans and desired client outcomes remain centre stage to maintaining an effective vendor relationship.

AI is a priority for the FCA. They are committed to enabling a safe and responsible environment for the beneficial use of AI in UK financial markets.

Like a married couple who introduces new assets into the home, so too vendors are responding to the rapid growth in AI solutions and incorporating these into their platforms and services. To maintain their competitive advantage, vendors have to improve accuracy, speed and efficiency of their solutions. This in turn delivers better client outcomes to firms. At times though the new gadget that a husband or wife plans to buy may end up being a challenge to integrate into the home. For example, the husband may see a new AVR music system at an exhibition being touted as a simple WiFi plug and play, only to realise it requires more resources than previously planned to integrate effectively into the home – hardwiring into the Wi-Fi router, new speakers, electronics technician to set up the system/music zones, new music Apps, and bigger storage space. It quickly becomes an irritant for the wife who probably was not expecting any additional installation costs. In a similar way, firms must understand the capabilities and risk profile of AI solutions touted by vendors and how efficient interoperability can be achieved without breaking the bank or consuming exorbitant amount of the firm’s IT resources. Otherwise process efficiency will be compromised and employees will become exasperated at the amount of effort needed from them to maintain their processes in a timely and seamless manner.

In the AVR example above, the husband quickly shifts attention from the additional costs to how his wife will benefit from the new AVR. “Just think how relaxed you’ll feel when you get home from a hard day in the office and open the front door to the sounds of Ed Sheeran, your favourite artist” he tells his wife. Notice he emphasises the benefits, not the superb technical features of the product. A good vendor will collaborate with their client based on this approach and deliver comprehensive training to educate employees about the benefits of the new AI solutions being integrated into their workflow. The starting point is not the technical features – engage with the firm’s employees and ask what benefits they want to enjoy, or what workflow irritants they want to eliminate. Get their creative juices flowing to develop solutions that are practical and long-lasting. Vendors need to help firms eliminate fear about the impact of AI from the workforce. As Jensen Huang, CEO of Nvidia says: “AI won’t take your job, the person who uses AI will take your job.”

As vendors incorporate AI solutions into their platform and services, firms must understand the capabilities and risk profiles of these solutions and establish how efficient interoperability can be achieved without breaking the bank or consuming exorbitant amounts of IT resources.

That means vendor needs to help employees improve their prompt engineering skills to achieve better results from their new AI solutions. While this is an iterative process demanding much practice, vendors need to offer training sessions not only on technical features, but more importantly, on how to interrogate in an efficient way. And as a bonus, the better an employee’s prompt engineering skills become, the better they will communicate more generally in meetings or on emails. This can be a mindset shift for teams, so Managers need to be conscious of how different employees will respond to this change. Be patient and not quickly write-off Joe or Mary as lazy or not a great team player. A good vendor will want to help their clients with this new challenge by coaching employees during training.

We often hear the adage ‘garbage in, garbage out.’ This is most relevant to AI solutions. Checking the accuracy of data can now be completed in a shorter timeframe using AI solutions. As a COO of an Investment Bank notes: “Smart data validation enabled AI tools can be deployed as part of an internal vendor management program to speed up the discovery of exceptions in real time, highlight contractual anomalies or create more intelligent management information.”

Ahead of proof of concept, it is wise for a firm to undertake an internal audit of both systems and data flows to determine any gaps in connectivity with the proposed AI solutions. Assuming that vendor software will connect seamlessly to inhouse IT architecture because an API currently exists on an old system, is a common mistake that firms make. Particular attention should be given to the type and content of data the firm’s clients expect to receive whether on scheduled delivery or from ad hoc requests. The ability to customise this data from vendor solutions will enrich the client experience, increase opportunities to glean data insights and improve management information and strategic decision making. One size does not fit all types of firms, even when firms are in the same sector. Data governance and data management teams must be included in discussions with vendors on new AI solutions from the start of those conversations. Christopher Rigg, Principal at Global Economics Group, helps financial services clients leverage technology and data to manage risks, improve compliance, and create better client experiences. He advises: “Manage the data before sharing it with key vendors.” He adds: “Leverage the tools available from your strategic vendor to ensure simplification of your data environment. This facilitates easier interoperability, creates space for building customised software and encourages better vendor relationships.” The importance of clean data and data architecture should not be underestimated when starting any transformation project.

It is good business practice for a firm to review their Supply Chain Risk Management and Vendor Risk Management Policies to ensure these policies are adequate for the emerging AI landscape. Vendors need to be fully transparent about the capabilities of their AI solutions, share any significant red-teaming results and provide firms with assurance on questions like:

• How long have you been developing and deploying this AI solution?
• What has been the major issues with other clients in using this AI solution?
• What is the source of your data and do you maintain your own LLM database?
• How many members of the team working on this AI solution have working experience in the firm’s specific sector of the financial services industry?
• How do you validate the AI results?
• What is your Policy for maintaining accuracy of your data?
• What happens to the firm’s data when the vendor contract comes to an end?
• Who can access your data? Is access role based?
• What is your Data Privacy Policy and does it comply with GDPR (or other applicable regional data regulation)?
• How will the firm’s proprietary data be protected and when/how commingled with other clients?
• Where (country) is development of the AI done and does that jurisdiction implement best practice or comply with our regional regulations e.g. The EU AI Act or US Executive Order, 2023?

Firms usually acquire data from multi sources and distribute across different teams in the firm and outward to clients, regulators and other market participants. Just as couples verify new information about their spouse and dependants, a firm has the responsibility to ensure that data generated by vendor AI solutions is accurate. That obligation cannot be outsourced to a vendor. Any disclosures a firm makes in its marketing material or portfolio reports about the use of AI solutions to underlying clients must be accurate. Firms need to inform investors of the specific features of any AI solutions being used in making investment decisions that impact the client’s portfolio and more generally their mandate.

Manage the data before sharing it with key vendors.

Therefore, firms must perform ongoing due diligence on disclosures and confirm they remain compliant with applicable regulations. As the U.S. Securities and Exchange Commission’s sanctions in March 2024 against the investment advisers Delphia and Global Predictions show, misrepresenting the use of AI solutions can lead to significant regulatory consequences. Well-structured legal documents like Non-Disclosure Agreement or a Service Level Agreement provide firms with the opportunity to outline their expectations on AI solutions and boundaries for usage of AI solutions.

The heavily regulated financial services industry is a diverse interconnected ecosystem. Firms could be challenged when multiple vendors are making changes to their systems and services to comply with emerging regulation. Bearing in mind that regulators are also deploying new AI solutions to manage systemic risk, a firm’s operational and technology teams are being stretched to their limits. Firms need to remain innovative in growing their product portfolios and markets. Invariably this requires resources from Operations and Technology to deliver the new investment capabilities, while also responding to the external landscape which is changing with regulation. As a husband and wife work together to agree priorities on how to spend the finite household income, so too Technology and Operation Heads must collaborate with Investment Heads to set priorities that deliver value for money without stifling the investment process.

Vendor relationships should be managed on a holistic basis. As budgetary pressure continues to impact allocation of a firm’s finite resources, the Board expects the C-Suite and senior management to ensure that AI solutions are justified and value for money. The choice of vendor needs to reflect the firm’s risk appetite and strategic imperatives, so that AI solutions are appropriate for the firm’s client needs and any external or cross-functional delivery requirements. COO of a leading Asset Manager notes: “The relationship is effective when there is active two-way engagement at both a strategic and a tactical level, enabling the firm to leverage the impact of the global spend across our asset management division.” Contract negotiations emphasising support and benefits will yield better long-term outcomes for a firm.

It is important to understand how a vendor’s AI solutions are maintained and where their maintenance teams are located. In recent years geopolitical incidents have displaced whole teams who are integral to the maintenance of platforms.

The vendor relationship is effective when there is active two-way engagement at both a strategic and a tactical level, enabling the firm to leverage the impact of the global spend across all business units.

Firms must have open dialogue with vendors on business continuity plan, especially if the vendors themselves outsource some of their workflows. The ever-present cybersecurity threat needs to be at the top of the risk agenda. Christopher Rigg says: “Firms and vendors need to have a consistent view on cybersecurity since it’s an interlocking relationship with risk points on both side of the relationship.” Financial services firms are not only highly regulated, but they owe a duty of care to their clients and have fiduciary responsibility in many cases for assets entrusted to them. This responsibility cannot be outsourced as a COO of a leading Asset Manager observes: “While an activity can be outsourced, the responsibility for delivery to our stakeholders in addition to other statutory and regulatory obligations, cannot be outsourced. A structured review program is needed to allow the firm to highlight any operational issues early, while having the opportunity to contribute to the vendor’s development pipeline.” As a result, firms must maintain an ongoing due diligence program using various tools like KPIs as outlined in Service Level Agreements. Employees must be alert to any bias in the AI outputs and ensure these are reported to the vendor for immediate investigation. Firms should avoid being accused of discrimination by their clients due to biased AI data.

While there is no one rulebook to guarantee the success of a business, a key factor contributing to success is the effective management of business-critical vendor relationships. Like a successful marriage that nurtures openness and trust, so too a vendor relationship should be built on openness, honesty and trust. As vendors introduce new AI solutions into their platforms, they must be candid about the capability of their new solutions. Firms must understand and articulate their desired outcomes to ensure the AI solutions are compliant with applicable regulations, meet their fiduciary obligations, are appropriate for their client needs and manage the inherent risks. Cybersecurity concerns must not be taken lightly and vendors should be vigilant in managing this threat.

The goal must be to engage with vendors who understand the firm’s strategic objectives and desired client outcomes, so that AI solutions can be adapted to changing business requirements without major replumbing. They need to be forward-looking and focused on ensuring that their AI solutions are reliable, secure and have minimal to no bias. The growth and complexity of AI solutions will continue at an aggressive pace, become more integrated into solutions offered by vendors and subsequently a firm’s investment decision-making processes and business critical infrastructure. Transparency and explainability are key considerations during contract negotiations. The risk of cyber-attacks, erroneous data and unintended bias increases, making it an imperative for firms to maintain a robust due diligence framework to minimise these risks. A structured review program allows a firm to highlight any operational issues early, while having the opportunity to contribute to the vendor’s development pipeline.

*The term Vendor refers to a supplier of strategic products or services, including outsource agreements. While this article is aimed at firms in the financial services industry, the principles outlined here can be applied to any industry or sector.