- Corporate Security
- Governance, Risk and Compliance
- Information Security
As a global financial institution, the Bank is required to consistently meet increasingly stringent risk assessment requirements for its own internal policies and procedures, as well as to apply the same high standards to a rapidly growing number of third party vendors’ services.
Before becoming a customer of Resolver – previously RiskVision – the Bank was using a home-grown supplier risk management system that involved a lot of manual processes, making it difficult to keep up with increased needs for more complexity and automation.
The vendor assessment process had many challenges, such as a lack of workflow automation, resulting in major operational inefficiencies for the Bank. The assessments were performed using Microsoft® Excel®, allowing only one person at a time to work on each spreadsheet. There was no process transparency – the assessment notifications were sent and received via emails, and the vendor risk management team members needed to periodically check with the responsible parties if the assessments were completed. Not only was the process extremely inefficient – it was also error-prone, frustrating, and created unnecessary “serialization of effort” and bottlenecks.
Additionally, the old approach lacked a concept of vendor services’ impact on the business, making prioritization nearly impossible. The “cookie-cutter” method of assessments didn’t allow for adjustments or fine-tuning – all vendor services assessments, regardless of the services’ impact on the business, had to go through the same exhaustive cycle. Tremendous amounts of time and resources were wasted, and the assessment cycle was unjustifiably long and expensive. It was not unusual for a new vendor onboarding process to take 9-15 months – without any consideration of the vendor services’ criticality.
When it came to assembling the final documentation required for vendor approval, it would take as long as a week to prepare. The data needed to be pulled out of spreadsheets and email communications and translated to a PowerPoint deck for review by leadership, adding to the operational inefficiency.
As governments and financial institutions were continuing to tighten regulations around risk and compliance, the Bank started facing an increased pressure to broaden coverage of vendor risk and to extend the internal governance, compliance, and risk procedures to more than 250,000 of its external vendor services. The manual process was no longer an option – a more effective, risk-aware, and data-driven approach was needed.
The entire vendor assessment process is now fully automated and facilitated by Resolver’s high configurable workflow. It ensures that only the relevant people are being contacted for input, thus eliminating all the unnecessary “busy work”.
Rather than following the inefficient, time- and labor-consuming, “one-size-fits-all” process for all assessments, the Resolver workflow automatically determines how deep the assessment process needs to be, who should be contacted, and what questionnaires should be used – all based on the supplier services’ business criticality and the risk level it represents.
The uniqueness of the approach offered by Resolver is that it makes it possible to fine-tune the vendor service assessments to a very high degree without any customization or coding, by simply configuring standard features of the platform.
Everyone involved in the TPRM assessments at the bank agrees that Resolver has truly transformed the organization’s operational efficiency. Resolver’s TPRM solution is deployed on a global scale and provides highly configurable surveys for simultaneous processing more than 20,000 risk assessments across approximately 250,000 vendor services. The deployment of Resolver’s TPRM solution can support up to 10,000 practitioners in multiple locations worldwide. The added bonus is centralization of all data that allows the Bank to have a 360-degree view of its TPRM operations.
From a reporting perspective, all relevant data, including Risk Findings, Mitigation Status and all Review and Approval actions can now be generated with a single mouse click. It can be viewed online by reviewers and instantly exported to PowerPoint so that it is available for auditors and regulators to view when needed.
Now thousands of process participants across the entire organization can use Resolver to make fast and competent business decisions – without expensive product training. The Bank also has been able to offer convenient self-service capabilities to all external vendors, who now can submit their questionnaires using a DMZ-deployed Web portal.
Resolver fully automated the labor- and time-intensive tasks, such as data collection, aggregation, workflow, and reporting, removed bottlenecks, and shortened the new vendor approval time from up to 15 months to just a few weeks. Its highly-configurable, automated workflow saved time and enabled scalability, coordination, and visibility for the TPRM business operations. Everyone who works on third party service assessments and reviews can now simultaneously complete their assessment portions without any artificial bottlenecks and unnecessary process delays.