We helped our client assemble a complete picture of all of its service providers, improving its ability to analyze risk and monitor information security.
A leading global investment bank was looking to improve its vendor risk review approach. Because of intensifying scrutiny around regulatory, privacy, and data breach issues in the financial services industry, performing meaningful analyses on service provider risk data had become more important than ever. However, the tools and procedures used by the bank’s service provider risk group to create, track, and maintain vendor risk profiles had developed organically over time. As a result, they made little use of standardized platforms, consistent data models, or effective procedures.
We worked with our client to rationalize the various legacy data sources, assess data quality, and coordinate the migration of the restructured data into a new service provider risk data repository. We also designed customized service provider risk reports for key audiences, and created a prioritized review schedule. This approach helped the bank identify key vendors and risk items, track risk mitigations, and review progress toward a global risk picture on a regular basis. By the time the process was firmly established, the new inventory system was tracking over 1,500 service providers and nearly 5,000 corresponding risk items.
Our data rationalization and reporting helped our client analyze vendor risk more effectively. The bank has gone on to replicate our approach in similar situations.