In late June, Forbes published an article on FIS’ recent attempt to unilaterally implement a new security surcharge on a “select few” of their clients without their permission (FIS has not stated publicly how many were targeted but GCC estimates there were 250-300 guinea pigs). These fees, costing several tens of thousands of dollars per client, were imposed because FIS stated it had recently improved its security infrastructure to address new threats and that they wanted to “partner” with their clients in sharing this expense. No explanation was provided as to exactly what these threats were or why they decided to deploy this tariff [now] and without the consent of their clients, even though each FIS client had already agreed to a security SLA guarantee in their existing agreements.
According to FIS, this security surcharge was justified, and in exchange they would extend indemnification to include the Banks’ client behavior subject to exclusions and Limits of Liability (LOL) already stated within their agreement. LOL is traditionally woefully inadequate in most standard FIS agreements as it is and so this "benefit" really has no tangible value to a banking franchise. FIS stated that these kinds of security measures are becoming increasingly necessary, as cyber-attacks are growing in popularity and evolving in complexity.
What This Means for FIS Customers
So, what makes these arbitrary security surcharges unacceptable? If FIS is providing a new or upgraded service level to their customers, wouldn't it make sense to charge them for that service if they agreed to it first?
Small banks simply don't have the power or weight to stand up against these providers, and so end up stuck accepting their predatory practices.
How The Golden Contract Coalition Fought Back
As soon as the GCC was made aware of FIS' security surcharges, we immediately started taking steps to protect and prepare our members for the pending dispute vs. FIS on their behalf.
The first thing we did was make sure that all of our members were aware of the incoming fees, what they were for, what they meant for FIS customers, and how we felt about them. This not only kept all of our members in the loop but also gave small banks a voice as members of the GCC began reaching out to their own FIS representatives simultaneously.
Then, we researched into the subject as thoroughly as possible, collected data from dozens of FIS-processed members and carefully read through all affected FIS' SLAs and contracts, communicated with our legal counsel, and figured out as much as we possibly could about the situation and bankers’ rights. With results in hand, we put the pressure on FIS.
You would think that there would be some kind of protection against these kinds of practices for banks built right into their contracts with these core providers.
In fact, nowhere in FIS' contract is the Client protected from FIS levying these sorts of fees specifically in the middle of a contract term. When asked about this explicitly, a representative for FIS stated, “It [the contract] doesn't say FIS can impose these terms unilaterally in the middle of a contract, but it also doesn't say that FIS can't, either.” How convenient.
This one loophole could have given FIS the ability to pocket tens of millions from their customers for a service those banks already believed they were getting. And this is just one of many loopholes in contracts issued by the Big Three Oligopoly, which they may continue to exploit in years to come.
This Isn’t The Only Way The Big Three Oligopoly Takes Advantage Of Small Banks
This is just one example of a way that the Big Three Oligopoly - or BTO - uses their anti-competitive bargaining position to rook their community banking and credit union customers
The BTO are not innovating in any significant way, and when they do, the features they offer are already years behind the rest of the fintech industry. They punish banks for growing assets, penalize them when they save the BTO money in a merger, and lock them into long term contracts that limit their access to better services by monetizing bank-owned data hosted on their systems.
Enter The Golden Contract Coalition
The Golden Contract Coalition, was created with the sole purpose of giving the community banking and credit union industry a fighting chance against the methods of these core providers. The GCC is a group made up of financial institutions from around the country who are working together to stop traditional contractual BTO practices, including:
- Eliminating Silent Shareholders - During M&A, the BTO does everything they can to capitalize on the growth of small banks through outrageous termination fees and backwards integration charges.
- Exclusivity Barriers - The BTO prevents their customers from switching to more advanced competitors by charging their customers 50%, 80%, or even 100% of their remaining contract value as a termination fee when an institution wants to leave their sub-par services for a more competitive digital solution.
- Service Level Objectives (SLOs) Disguised As Service Level Agreements (SLAs) - As seen in the case of FIS's security surcharges, the SLAs that banks agree to with the BTO simply don't work. Instead, these agreements are vague and littered with loopholes so that the BTO can capitalize on their customers at every opportunity.
The goal of the GCC is to make small banks aware of these practices, to bring heat onto these companies for implementing these practices, and to ultimately reshape the contractual relationship between banks and core providers by utilizing a Golden Contract standard. While we can't change the core provider oligopoly, we can change how it’s used against small banks.
Thanks to the efforts of the GCC and its members, FIS processed institutions, and various bank associations, as well as attention brought to the situation from media outlets like Forbes, FIS announced on June 5th that they would be suspending the security surcharge program.
In a comment made to Forbes by Texas Bankers Association said, "FIS showed just how tone-deaf they are to the banking industry " as a whole by defending the charges and the service they offer:
“FIS has invested hundreds of millions of dollars on people, processes and technology to provide our clients with one of the most advanced cybersecurity environments in the industry. The indemnity-focused security surcharge pilot program was a test program directed at a small number of our U.S. core banking clients, designed to provide them with an additional indemnification benefit and help offset the significant investments FIS continues to make to protect our clients in the face of rapidly evolving cyber threats.
Based on feedback from our valued clients, we have decided to end the pilot program, which had not been fully rolled out.”
They failed to recognize (or, more likely, admit) that the security service that they were surcharging for was something their customers expected as part of the service that they're already paying for.
Apparently, if you're a customer of FIS, you're only going to get vital security features at a premium any longer.
The Fight Isn't Over
While the pilot program FIS launched has been stopped, the surcharges themselves are only being suspended. It's unlikely that FIS will completely about-face and offer the new security features as a part of the fees that their customers already pay.
Instead, it's more likely that FIS was overconfident and is now backpedaling to avoid negative press and will come up with some way to reimpose these charges later on.
As a result, we urge any banks and bank associations to join in the Golden Contract Coalition's mission changing the way the game is played with the Big Three Oligopoly. By working together to negotiate better contracts for banks and bring attention to these predatory industry practices, core providers will hopefully begin to work in favor of small banks - something they should be doing to begin with.