Centralizing Third-Party
Risk Management Capabilities

A leading insurance company did not have a formalized third-party risk management (TPRM) centralized program with defined roles and responsibilities, vendor onboarding, offboarding and escalation processes, defined key performance indicators and risk metrics, and training, creating inefficiencies and operational and regulatory risks.
Call Outs
  • Improved efficient and consistent oversight over all third parties relationships
  • Enhanced enterprise-wide view of third-party risks and the basis for more valuable data insights
  • Increased efficiency and improved compliance
Solution

We implemented a formal, centralized, and comprehensive enterprise third-party risk management program.

  • Established an overarching TPRM program and framework with clear definition for third parties and fourth parties (subcontractors), including defined risk appetite, policies and procedures, escalation processes, key functional roles and responsibilities, and overall lifecycle and process controls.
  • Defined management structure, roles and responsibilities, and the resources dedicated to the oversight of the TPRM program.
  • Established formal, centralized, and comprehensive risk assessment and due diligence processes for all third parties to create a risk profile that encompasses risk ratings for all third parties in all lines of business.
  • Leveraged the client’s system of record already in place to establish a master third-party inventory inclusive of all types of the client’s third parties.
  • Established and defined responsibilities for training on the TPRM program and regulatory requirements across all TPRM stakeholders and developed and deployed training to relevant stakeholders.
  • Worked with the client’s Legal and Procurement teams to create a library of required contract clauses for all third-party types.
  • Defined and implemented key performance indicators and risk metrics and established data aggregation and reporting protocols to access the client’s third-party risk profile across various classifications and created an executive dashboard of all third parties within each third-party category and risk tier.
  • Built and implemented a monitoring program that looks at third parties in a holistic manner, including increased integration between different functions to align on scope and timing at the third-party level.
  • Worked with all third-party contract template owners and Legal to develop a consistent annual contract review process.
  • Developed detailed enterprise termination and offboarding expectations and requirements, including exit strategy checklists with consideration for a third party’s risk tier, type of third-party, and types of data access.
Impact
  • Increased efficient and consistent oversight over all third parties doing business with the client.
  • Provided increased awareness and understanding of TPRM responsibilities across all lines of business.
  • Enhanced enterprise-wide view of the risks that third parties pose to the client as well as the basis for more valuable data insights.
  • Increased efficiency, improved compliance, and assisted in better contract management.

Case Studies

Data Integration for Increased Operational Efficiency

A leading regional financial institution lacked a sustainable and validated system of record for customer information, which resulted in increased regulatory scrutiny and operational risk across the institution for areas that utilized the data, such as client profitability, management reporting, and regulatory reporting.
Learn more

Reliability of Performance and Risk Metrics

Executive leadership at a national financial institution lacked confidence in the reliability of performance and risk metrics reported to regulators and the board of directors as a way to demonstrate compliance with regulatory mandates and drive strategic decisions.
Learn more

Investing in End-to-End Regulatory Intelligence

A regional financial institution had a highly decentralized, manual, and slow-to-implement regulatory change management process, creating regulatory compliance risks and operational inefficiencies.
Learn more

Optimizing Incentive Compensation Plans and Processes

Given the variety of activities as well as the number and range of employees in a position to assume significant risk, a national financial institution needed to review its incentive compensation program and processes against interagency regulatory guidance.
Learn more

Implementation of the Dodd-Frank Act Volcker Rule in Record Time

A new Chief Compliance Officer at a leading regional financial institution had less than one year to implement the Dodd-Frank Act Volcker Rule compliance program. Failure would have negative consequences for the institution and could result in regulatory enforcement action.
Learn more

Centralizing Third-Party
Risk Management
Capabilities

A leading insurance company did not have a formalized third-party risk management (TPRM) centralized program with defined roles and responsibilities, vendor onboarding, offboarding and escalation processes, defined key performance indicators and risk metrics, and training, creating inefficiencies and operational and regulatory risks.
Learn more
Compliance Core

Partner with Compliance Core

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Call us at: 1.404.618.1112
Your benefits:
  • Client-oriented
  • Independent
  • Competent
  • Results-driven
  • Problem-solving
  • Transparent
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Request More Information