Most core contract provisions are what we would expect to see in a high-risk technology vendor contract. But some of the provisions are downright bad for your financial institution. And a few are even worse.
Provisions You Should Expect
Most technology vendor contracts include common provisions, although they vary in approach, mutuality, and benefit. These common provisions typically include:
- Automatic Renewal. Vendors often include clauses that ensure the contract will auto-renew for very long periods until cancelled by the financial institution. You should never agree to a multi-year auto-renewal unless you have a foolproof vendor management program. Which you probably don’t.
- Indemnification. Each party should indemnify the other against damages they cause, including for infringement by, or misappropriation of, intellectual property.
- Limitation of Liability. Most contracts limit the amount of damages a vendor must pay if they breach the contract. You should insist on the mutual application of such limits, which will cause the technology vendor to be much more reasonable.
- Regulatory Compliance. Contracts should clearly allocate compliance obligations, and the vendor should agree to maintain compliance with constantly changing regulations.
- Privacy and Information Security. Privacy and information security provisions vary, but they should always state how the vendor will secure the nonpublic personal information of your customers, as the Gramm-Leach-Bliley Act requires, and what would happen in the event of a security breach.
- Early Termination. Most technology vendors do not allow financial institutions to terminate before the end of the agreed term. And, if you do terminate early, you will still owe payments for the remainder of the term and perhaps other penalties.
Bad Provisions, and Worse
The above provisions are common in almost every high-risk technology vendor contract, and most are intended to properly allocate risk (i.e., “protect the vendor’s bottom line”). Vendors cannot take unlimited risk and remain in business for long. But some vendor contracts have provisions that are notable for being bad (or worse) for your financial institution. Some commonly used bad provisions concern indemnification, credits, and termination.
Indemnify Me. Some vendors want you to take all of the risk that they will harm your customers. Read that previous sentence again. (I will wait.) It does not make any sense to me either. But this provision is often found in a vendor’s standard contract:
Financial Institution shall indemnify and hold Vendor harmless against any and all claims by Financial Institution’s Customers arising out of Services provided by Vendor.
That’s right, if their services damage your customers, you must hold them harmless. This provision is an unacceptable allocation of risk and must be addressed by your financial institution in every vendor contract.
The Vanishing Credit. Some vendors provide very generous “credits” against their service fees. However, if you terminate early, you must repay those credits:
If Financial Institution terminates the Agreement prior to the expiration of the initial term, Financial Institution shall reimburse Vendor the aggregate amount of the credits provided. Reimbursement of the credits shall be in addition to any early termination fees or liquidated damages owed by Financial Institution for such early termination.
But wait! You also must repay all of the credits even if you simply renegotiate with the vendor:
If Financial Institution renegotiates pricing before expiration of the initial term, Financial Institution shall reimburse Vendor for all credits provided and any such credits will no longer be credited through the remainder of the term.
Credits earned under a contract should never be tied to termination or renegotiation of the contract. These provisions are unacceptable and must be addressed by your financial institution in every vendor contract.
Hotel California. This brings us to the worst vendor contract provision of them all. You can check-in, but you can never check out of this contract:
The initial term of this Agreement shall end August 1, 2025. Notwithstanding the foregoing, in consideration of the discounts set forth in this Agreement, this Agreement will automatically renew for a new five-year term every year on the anniversary of Effective Date unless Financial Institution provides written notification of non-renewal at least 120 days prior to an anniversary of Effective Date. In the event FI provides such non-renewal notice, such discounts will be immediately discontinued as of such anniversary of Effective Date.
So, when you finally decide to terminate this contract, it will still continue for five more years…and you lose all your discounts for those five years!
Which is bad, and worse, for your financial institution.
Provisions similar to those described above limit your financial institution’s ability to manage vendor-related risks and should always be removed from your vendor contract. For more information on your financial institution’s requirements to manage vendor-related risks, see our white paper: Vendor-Related Regulatory Requirements for Financial Institutions.
Contact us for more information.
Baldini Lang LLC has extensive experience drafting and negotiating core contracts and other complex fintech vendor contracts.