ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Staving off tech litigation with smarter contracts

January 26, 2023
Reading Time: 4 mins read
Staving off tech litigation with smarter contracts

Contracts are risk-management tools, especially as millions of dollars in liability—and the bank’s reputation and customer relationships—can be at stake.

By Charles J. Nerko

Banks are often hit with a wide range of tech legal claims, by customers, credit card companies and even other financial institutions, over everything from privacy and website accessibility to overdraft fee calculations.

Many of those claims result from a third-party vendor’s technology, even though banks are the targets of the litigation. Banks are often stuck with the tab unless the contract places the liability elsewhere.

Banks can protect themselves by crafting a tech contract that is as airtight and comprehensive as possible. It’s not just an agreement. It’s a risk-management tool, especially as millions of dollars in liability—and the bank’s reputation and customer relationships—can be at stake.

The checklist below can guide banks large and small through the negotiation and contract process to make sure the tech vendor is the responsible party when something goes wrong:

Create a realistic indemnity framework. This goes to the heart of the reason a robust contract is necessary. Banks need to ask at every juncture of the contract process whether they will be encumbered with responsibilities that are in the tech vendor’s jurisdiction. Data breaches, code issues and intellectual property infringement, for example, clearly should be under the vendor’s umbrella. The vendor’s insurance policies must be analyzed to ensure the indemnity has meaningful financial backing.

Banks need to be aware of other provisions that may render an indemnity illusory. Some vendors will provide an indemnity for inaccurate records, yet 20 pages down in the contract, require a bank to review all its records and report discrepancies in 48 hours. This unreasonable requirement makes the indemnity meaningless.

Specify performance standards and remedies. The best contracts leave no doubt as to the vendor’s responsibilities, deadlines and expected level of performance. And remedies for noncompliance should be clear. Banks won’t get a second chance to recut the deal once it’s been signed.

Performance pledges made in marketing materials, an RFP response or even during negotiations can be legally worthless if not backed up in the contract. The bank’s attorney needs to be tech-savvy and up to date about these types of agreements so they are tight enough to hold the parties accountable but flexible enough to anticipate changes.

Be aware of contract end dates. With all the attention on the start of the contract, many banks fail to take note of the end date or the automatic renewal clause and get buried by these provisions. A contract should set a specific end date rather than have one measured from when the services begin. When a contract feature is added later, it sometimes starts the contract’s clock anew. Keeping track of end dates and non-renewal notice deadlines is crucial.

Banks learn to come up with their own approaches. For instance, David Chinnery, EVP, COO and vice chairman of the Bank of Prairie Village in Kansas, has a strict policy about auto-renewals. Every time he signs a contract, he submits a non-renewal notice. As a result, he never faces an automatic renewal.

The bank also should outline details of how to proceed when its relationship with the vendor breaks up.

Seek strong security measures. Because they are heavily regulated, banks face security requirements not imposed on other industries. The contract should spell out the vendor’s security obligations, such as use of firewalls and authentication. It also should delineate each party’s responsibility in the event of a security incident, including for remediation and notification.

The role of an independent third party with the authority to randomly check on the vendor’s security needs to be specified in the contract. All this is assuming the bank has thoroughly researched the vendor—including its financial statements, cybersecurity measures and litigation history, among other factors—before signing the contract.

Own your data. The contract should make clear that even though the vendor can access bank data in the course of its work, the bank owns the data. A provision requiring return of the data in a usable form after the relationship concludes is paramount. Otherwise, the vendor has little reason to protect, return or make the data usable by a successor vendor without an exorbitant additional fee.

Be detailed with fees. Key fees should be clearly enumerated in the contract. Avoid wording such as “standard” or “customary” rates. Such terms create a breeding ground for confusion and differing expectations by both sides. A disagreement over something that should be straightforward from the start can lead to unanticipated excess costs.

Carefully consider subcontracts. Subcontracts may be used if it is clear that the vendor is responsible for the subcontractor’s work and if the subcontractor’s identity is made known to and approved by the bank. It’s also important to know of other countries where the subcontractor stores and processes data. Those locations might make the bank subject to foreign privacy laws, or not offer the bank sufficient legal protections.

Evaluate non-contractual remedies. If a bank is saddled with liability based on a vendor’s services, it should consider pursuing non-contract claims, particularly if the contract remedies are limited. Asserting claims based on property damage, negligence, fraud, trade secret misappropriation or other non-contract theories may provide grounds for recovery even when a contract is disadvantageous.

The only universal component throughout the entire contract process is the importance of having an experienced attorney vigilantly craft and review each agreement based on the needs of the particular bank. Then evaluate potential claims against a vendor when issues arise. As Sultan Meghji, my friend and former chief innovation officer at the FDIC, advises: “I would always suggest bringing in outside partners to help.”

ADVERTISEMENT

Charles J. Nerko is co-leader of the cybersecurity team and a partner in the commercial litigation and financial institutions and lending practice areas at the law firm of Barclay Damon.

Tags: Risk managementThird-party risk
ShareTweetPin

Related Posts

Is deepfake technology shifting the gold standard of authentication?

Will fraud prevention ever be autonomous?

Technology
June 17, 2025

Anti-fraud systems are learning to anticipate fraud rather than merely react to it. Better anticipatory abilities inch systems closer to full automation.

New infographics provide advice for identifying money mules, check fraud

Banking agencies seek public comment on strategies to combat payments fraud

Compliance and Risk
June 16, 2025

The FDIC, Federal Reserve and OCC issued a request for comment on potential actions to help consumers, businesses and financial institutions mitigate risks related to payments fraud, particularly check fraud.

CFPB claims ‘complex’ pricing drives up cost of financial products

ABA, associations reiterate concerns about CFPB nonbank registry

Compliance and Risk
June 16, 2025

ABA joined two associations in reiterating their concerns about the CFPB’s nonbank registry, which the current bureau leadership has proposed to eliminate.

Republican AGs criticize hiring of OCC climate risk officer

Basel Committee issues voluntary climate disclosure framework

Compliance and Risk
June 16, 2025

Reflecting significant pushback from both ABA and U.S. banking agencies, the Basel Committee last week issued a framework for voluntary disclosure of climate-related financial risks for large international banks.

A Risk Manager’s Guide to the Reference Rate Transition

Credit-sensitive Libor replacements still seek traction

Commercial Lending
June 16, 2025

Looming volatility and recent developments may give AXI and Ameribor a boost

CFPB launches ‘tip line’ to report on bureau employees

ABA, associations urge CFPB to rescind changes to adjudication process

Legal
June 13, 2025

ABA joined three associations in voicing support for a CFPB proposal to rescind a set of changes to the bureau’s rules that, among other things, gave its director authority to resolve adjudication hearings overseen by the agency.

NEWSBYTES

Banking agencies seek public comment on strategies to combat payments fraud

June 16, 2025

ABA urges CFPB to preserve streamlined mortgage relief option

June 16, 2025

Illinois pushes back implementation date for state interchange fee law

June 16, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.