Project Description

FiRisk Consulting aided in the development and delivery of an entity-wide vendor risk management solution. This new strategy focused on performing risk-based assessments which linked and monitored compliance and operational requirements.

Business Case

Our client, a major US bank, was challenged with ensuring both regulatory and operational compliance for its various vendors. This was particularly challenging in situations where the vendor was acting in an ‘agent’ capacity for the bank. Our client needed a process to effectively manage the risk created by vendors engaged in these services.

Project Objectives

The strategy and activities helped the bank actively assess, monitor and manage risks generated by vendor activities, including compliance, operational performance, reputational, and foreign risks. The client realized a significant reduction in vendor regulatory and operational compliance costs.

Services Provided

FiRisk Consulting developed and managed the execution of a ‘top-down’ vendor risk management solution, which utilized a balanced scorecard method:

  • Phase I of the engagement focused on vendor risk management strategy development (e.g. – category levels), vendor segmentation, vendor segment risk identification, and segment Key Performance Indicator (KPI) development (objective and subjective metrics). Risks identified included, but were not limited to, the following: 1) Regulatory risk and compliance; 2) Operational risk, performance and compliance; 3) Reputational risk, 4) Foreign country risk.
  • Phase II focused on the identification, accumulation, and validation of underlying data.
  • The client also adopted FiRisk Consulting’s recommendations which required vendor written assertions of vendor compliance program & effectiveness disclosure and affirmation.
  • Phase III primarily comprised of strategy feedback and modification (e.g. – refinement, expansion, etc.).