Article

On Compliance: Lessons for Credit Unions From the USAA-Wells Fargo RDC Case

businessman analyzing through magnifying glass
By Christopher J. Pippett

5 minutes

One is that best way to approach the review and negotiation a vendor agreement is to insist that it be provided at the outset.

Does $300 million in damages get your attention?

That’s the total damages assessed against Wells Fargo by two separate Texas juries in two separate actions brought by USAA. These two actions alleged that Wells Fargo had willfully infringed on USAA’s remote deposit capture technology patents.

Since early 2018, many credit unions started receiving demand letters from USAA, claiming that these credit unions’ RDC technology infringed on patents owned by USAA. Sent by a law firm representing USAA, the letters sought fees and licensing agreements for the continued use of the RDC technology by the credit union.

The RDC technology most, if not all, of the credit unions were using was being provided through various vendors. Most credit unions immediately reached out to their respective vendors to attempt to resolve the claim. While this is the right approach for a credit union that finds itself in such a predicament, it can also be a time for angst if the credit union has not taken proper care in negotiating the vendor agreement at the inception of the relationship.

As a result of the increase in the use of technology by credit unions in providing products and services as well as in their operations, vendor due diligence has been a key focus of the NCUA in recent years.  

Vendor due diligence has many aspects. It includes, among other things, ensuring that:

  1. the vendor is vetted to make sure it can actually provide the product or service it offers;
  2. the vendor is financially stable so it can continue to do so;
  3. the vendor is able to comply with any regulations that may be applicable to its product or service; and
  4. there is an agreement in place which adequately protects the credit union in its relationship with the vendor.

Quite often, after months of product and/or service demonstrations, discussions (internal and with the vendor) and due diligence referenced in a)-c) above, a decision is made to go with the vendor in question. Quite often that is when the topic of the agreement referenced in d) above arises. This is usually when the vendor presents its “standard agreement,” which is often accompanied by a statement such as: “You’ll need to execute this now in order to obtain the discount (or current pricing),” or “This is our form agreement and we really can’t change it.”

Between transaction fatigue and the need to “get it done” and move on to the next project, you may be inclined to just sign it. However, the agreement is your best protection and insurance that all of your due diligence efforts will have their desired effect. You therefore must be very careful in how you approach this part of the process.

The best way to approach the review and negotiation of the agreement is to insist that it be provided at the outset. Good vendors will have no problem doing that. Do not accept excuses or explanations of internal processes that the vendor may have. Tell them that your internal process requires that you get the agreement up front, even if it is incomplete, and you will review it during the process.

This approach provides the credit union with two advantages. First, you will have adequate time to review it without external pressure to just sign it. Second, if there is anything in the agreement that is a deal breaker, you can determine that early in the process and while you still have time to select another vendor. This is not often the case when you receive the agreement after months of discussions, demonstrations and meetings.

While there are many aspects of vendor agreements that can be important in a particular situation, three come to mind in reviewing the USAA versus Wells Fargo case discussed at the outset of this article: 1. Representations and warranties; 2. Indemnification; and 3. Limitation of liability.

The first of these, representations and warranties, is the foundation. Every vendor should represent, at a minimum, that its product or service works or performs as represented in its literature and that its product or service does not infringe on the rights of any third party. This applies to hardware, software, website hosting and a myriad of “applications,” “solutions” and “services” provided by vendors.

The second, indemnification, is equally important. Without an adequate indemnification provision, representations and warranties may be worthless because you will have little or no recourse or protection if they are breached. An indemnification clause must include a “duty to defend.” This is necessary because, even though ultimate liability with respect to a particular claim may be unlikely, your credit union could expend significant costs in defending the claim.

If the only reason you are subject to the claim is a breach of warranty on the part of the vendor, the vendor should bear those costs.

This is also where your due diligence regarding financial stability of a vendor comes into play. If the vendor lacks the resources or proper insurance to fulfill its indemnification obligations, the indemnification provides little or no protection for the credit union.

The third, limitation of liability, can be tricky. Many vendor agreements attempt to limit the liability of the vendor under the agreement to an amount equal to several months’ worth of fees.  Since this limitation can render the indemnification protection outlined above worthless, the vendor’s indemnification obligation should specifically excluded from any limitation set forth in this provision.

Properly addressing these three provisions in a vendor agreement for a credit union’s RDC product would enable the credit union to limit its exposure to liability in a situation such as the one in the USAA versus Wells Fargo case, since the credit union would then be able to tender the defense of any claim asserted by USAA against the credit union to the vendor providing the RDC product.

By requesting and reviewing agreements early in the process, your credit union will be in a better position to effectively negotiate vendor agreements in an effective manner that best protects your credit union from third-party claims. This can include the important agreement provisions discussed above as well as other provisions that can better ensure that the credit union is getting what it bargains for.

Christopher J. Pippett is chair of the financial services industry practice of Fox Rothschild LLP, Exton, Pennsylvania.

Compass Subscription