About Us

PnL Explained Professionals FAQ

Site Map



Contact Us


Main Page by Topic

A. PnL Explained

B. CTRM Software

C. Statistics



Vendor Risk Management (VRM)


See Also:  Vendor Risk Audit Checklist

See Also:  Vendor Risk Mitigation



Provides an introduction to Vendor Risk Management in the context of CTRM Software, including observations and considerations on how the rise of Big CTRM impacted the Vendor Risk profile of impacted firms. 


Figure Thumbnails

Figure 1

Figure 2

Figure 3


1) Different Kinds of Risk Firms Face

2) What Is Vendor Risk And Why Has It Become Important Again?

3) Vendor Risk: Perceived versus Actual

4) Vendor Risk Mitigation – What Can Be Done To Reduce Vendor Risk?



1) Different Kinds of Risk Firms Face

Firms that trade in commodities, hedgers, market makers, speculators are very well aware of the following three main types of Risk:


Market Risk – the risk that market prices move against, i.e., that you lose money due to price changes

Credit Risk – the risk that your counterparty does not pay you back in full for money they owe you

Operational Risk – the risk that one of a myriad of operational items is not done as it should.  For example, an invoice does not get send out that should, or a payment due is overpaid, or an option that should have been exercised was not. 


For those risks, they are given a lot of visibility within a firm, with daily reporting, and often a person or team in a role, e.g., ‘Credit Risk Department’.


Vendor risk is another category of risk that should also be of concern for commodities firms that use a vendor, especially a Big CTRM vendor, for their CTRM solution.  See Figure #1.


Figure #1



2) What Is Vendor Risk And Why Has It Become Important Again?


2.1) Vendor Risk encompasses all of these items:

1) The risk that your CTRM Vendor goes out of business.  Leaving you with a ‘stranded’ system, i.e., one that won’t be getting future upgrades.


2) The risk that your CTRM vendor stops supporting your particular Software Package.  For example, if a Big CTRM vendor buys up several software companies, each with similar offerings, and then decides that it will maintain just one of them.  If your firm is on the wrong one, you might have the unexpected costs of needing to switch systems, even if it they are both from the same vendor.


3) There is also the risk that your CTRM vendor materially reduced their annual investment into the software.  For example, what if they used to have 100+ developers and then reduce down to just 10.  


4) As a variation… it is not just the number of developers that counts… it is also how much of a working knowledge they have.  There could be a ‘brain drain’.  For example, if 40 people with a vast working knowledge of the software leave and are replaced with new people.  E.g., the original creators are gone and the new people can’t develop nearly as quickly.  The effective number of people has been reduced, to your detriment.


5) The risk that the level of service drops in other areas, such as the support desk.  i..e, the technical help desk.  Perhaps you have

5.1) Longer waits

5.2) Lower qualified people.  E.g., maybe you used to be able to get an actual product manager or developer on the phone.  And maybe that changes to where you are just getting a generic call center.

5.3) Nickle and diming.  Perhaps you used to get a certain number of system-training questions answered for free, as a courtesy given that your firm pays a lot in maintenance.  The vendor may require that ever minute be billable work to their services group.


6) Increased costs for add on and additional licenses.  E.g., adding new ‘engines’ maybe used to cost $10k and now cost $25k. 


7) Switching from the customer-friendly perpetual licensing approach to the restrictive approach of forcing users to pay each year to use the software.  With a perpetual license, if a firm decides to stop paying the vendor maintenance, they are still legally able to use the software forever, i.e., in perpetuity.  Not so with the more restrictive license. 


8) Less frequent user conferences and/or, in the case of Big CTRM, combining many software packages into one User Conference instead of having a higher value-add dedicated user conference for each.



2.2) And why it is important again…


This section specifically describes the relationship of firms to Big CTRM.


As recently as a few years ago, firms that used a Big all-in-one CTRM system had a somewhat equal relationship with their vendor.  There was stability over time. 


More recently, industry consolidation and the rise of Big CTRM has undermined that stability. 


Figure #2


3) Vendor Risk: Perceived versus Actual


The important thing to remember is that in an industry as diverse and widespread as the CTRM industry, the perceived Vendor Risk, i.e., the perception of trouble, can lag well behind the actual risk.


For example, many commodity trading firms are several versions back with regard to the version of the software that they use.  E.g., the most recent big upgrade may be 3 to 5 years prior.   How would they know if a Big CTRM firm dramatically scaled back on their enhancements to the software.


Or perhaps a firm only asks for additional licenses every 18 months or so as they slowly grow.  They won’t necessarily be aware of a dramatic price change or a detrimental switch away from Perpetual Licensing until the next time they ask for some additional licensing, which may be not for a year.


Figure #3


4) Vendor Risk Mitigation – What Can Be Done To Reduce Vendor Risk?

The good news is… there is plenty that a firm can to do mitigate, to reduce their Vendor Risk.  Click on the link for the details:

Link: Vendor Risk Mitigation Opportunities


5) Vendor Risk Audit and Audit-assist Checklist

Click on the link below for recommended practices for a firm using a Big CTRM system around the concept of a ‘Vendor Risk Audit’ and provides a useful checklist to help with the process.

Link: Vendor Risk Audit and Checklist



Introduction to CTRM

Click on this link for a great introduction to CTRM software: Introduction to CTRM Software




Site Map

Contact Us