"There are many demands on our suppliers."

Home / Case Studies / FMO

FMO is a bank-licensed financial institution. This means they are regulated by De Nederlandsche Bank (DNB) and the European Banking Authority (EBA). So they must operate according to the guidelines of these authorities.

In addition, of course, they have to comply with the law. From general laws that apply to any business, such as the General Data Protection Regulation (AVG), to specialized laws for financial institutions, such as the Money Laundering and Terrorist Financing Act (Wwft).

Central and compliant procurement process

Annemarie started as Procurement Officer at FMO in 2020. Her task? Setting up a professional, centralized and compliant procurement process. "Procurement was scattered throughout the organization at that time. There were different procedures," she outlines.

Since Annemarie's arrival, this has changed. This shift is largely driven by the strict guidelines from DNB and the EBA. For example, the outsourcing guidelines published by the EBA in 2019 prescribe in detail how companies like FMO should deal with critical suppliers, of which ICreative is one.

Know your customer (KYC) ánd supplier

Ronald explains, "ICreative handles all of our automated invoice processing. If that were to come to a halt, we would have a big problem." That's why the contract between the two parties includes an EBA addendum; it includes the additional requirements that are not standard in the contract.

"It's not a matter of 'I need something and this party provides it, so we enter into a contract.' No, there are ground rules for that."

These guidelines play a big role in Annemarie's work. After all, without suppliers, no procurement. There are requirements at every stage of the relationship between FMO and supplier. This starts with the first meeting; even before the signature is made, many things need to be thought about.

Annemarie: "In addition to know your customer, know your supplier is a crucial part of compliance. It's not a matter of 'I need something and this party supplies it, so we'll enter into a contract.' No, there are ground rules for that. You have to think carefully in advance about who you're going into business with."

Importance of ISO certification

For example, they examine whether the supplier is financially sound. Can they absorb blows and are they not on the verge of collapse? Of course, this is monitored closely later, throughout the collaboration; after all, things can always change. So there is a commitment to proactive credit management.

FMO also looks at what the supplier's organizational structure looks like and whether the company is ISO-certified just like ICreative. This provides additional assurance that they have guaranteed issues such as quality and safety.

FMO works a lot in high-risk areas. For suppliers in these types of locations, some additional checks apply. For example, FMO must check whether the party in question has ever been convicted of financial crimes and whether there are any politically exposed persons. "After all, that increases the risk of bribery," Annemarie explains.

It also looks at whether the party is sanctioned. "What about now with the war in Ukraine? Can we still cooperate with certain parties or should we look for an alternative?"

Service Level Agreement secures quality

If a supplier passes all the checks, then cooperation is possible. But the EBA's requirements don't stop there. Annemarie: "Supplier management is important. It is important to continuously keep track of the possible risks and to cover these together as much as possible. The supplier, so a party like ICreative, has a great responsibility in this. It is up to them, for example, to remain certified, to regularly test their own systems and backups and to keep reporting on their status. We have also included these things in a Service Level Agreement (SLA). With this we guarantee the quality and reliability of their services."

"The key is to keep a constant eye on the potential risks and collectively cover them as much as possible."

A SaaS Service Level Agreement contains agreements between customer and supplier that deal with such things as the quality, availability and security of the service. ICreative offers SLAs with different service levels. FMO has chosen the most extensive Service Level Agreement, because it offers the most certainty and guarantees.

For example, there are agreements about the promised uptime of Basware and the additional ICreative solutions. There are agreements on the response time in case of issues, how long the data is stored and how it is protected. But for example, also part of the Service Level Agreement is that ICreative provides access to the full audit reports of the ISO certifications and that there will be extensive monthly reports on how the service is running.

Annemarie says, "You can never have a hundred percent guarantee, but you can prevent as much as possible." That is exactly what this Service Level Agreement is for: it not only guarantees the highest possible quality of the solution, but also complete transparency. As a result, both parties always know where they stand and nothing is left to chance.

Supplier relationship is like a marriage

We return for a moment to the requirements of EBA. After all, these are not just about prior to and during the relationship with the supplier; their end must also be considered. "For each supplier we have to have a detailed exit plan ready," Annemarie says.

"For example, we can't switch automatic invoice processing solution overnight. That doesn't happen overnight; it requires a plan. That's why we already discussed with ICreative when we started working together what that plan would look like, should it ever come to that. In fact, it's like a marriage or cohabitation contract; then you also lay down in advance who gets what if you ever break up."

Compliance is an ongoing quest

Summing up, Annemarie says, "A lot is expected of us and our suppliers. We can't cut any corners; we have to be on top of it."

Ronald adds, "That also pays for itself in the end. If at the front end of the purchase-to-pay process you have as many things as possible already in order, then at the back end you really only need to check. This is why compliance plays only a minor role in the day-to-day operations of Accounts Payable and Receivable compared to Purchasing. Of course, while processing invoices, employees have to watch for suspicious items, but then we are talking about exceptions."

"For us, compliance mainly means meeting all the requirements," concludes Annemarie. "That is a continuous quest, because those requirements change regularly and generally only get stricter. The concrete interpretation is always risk-based. What do we need anyway to run as little risk as possible?"

or