Identified and conducted the risk assessment of over 15,000 third party elements and reduced staffing costs by £1.5 million
Reorganised and centralised internal control functions and the identification and recommendation of a new technology solution
Established a new governance and oversight model that provided full accountability and a continuous monitoring capability
When an internal high-level review identified multiple issues with our client’s Third-Party Risk Management programme, which fell well short of industry best practice and international regulations, they knew they needed to act fast. With increased regulatory scrutiny looming and an absence of a central third-party register, they knew that they were exposing themselves and their shareholders unnecessarily. They had to turn the programme around quickly or risk possible regulatory sanctions, costing time and money.
Following an initial introduction, we were asked to partner with them to identify immediate efficiency gains and mitigate the risks posed by their critical third parties. In parallel, we agreed to design and implement a new, forward-looking, TPRM programme. To deliver this we set about benchmarking their existing programme against their industry peers focusing on their existing TPRM process, their organisational structure and their current technology solution.
Partnering with the bank, we quickly developed and agreed upon a detailed implementation plan that would allow the organisation to execute the remediation activity required and, in parallel, began the redesign and subsequent implementation of a new, industry leading, TPRM programme, in a timely and cost-effective manner.
Immediately, we set about establishing multi-skilled teams across New York and London, giving the client the right mix of project management skills, data migration and technical TPRM knowledge to ensure the programme would be successful.
Also, we set about establishing a new programme governance structure that would allow the Board and senior stakeholders the correct level of oversight and enable them to steer the activity of the programme and make quick and timely decisions.
After 18 months on-site with the client, we successfully delivered the project that redesigned and implemented the group’s TPRM target operating ecosystem on time and in a way that was regulatory compliant. The project included:
• Establishment of a new governance and oversight model that provided full accountability and a continuous monitoring capability
• The reorganisation and centralisation of internal control functions
• A fully redesigned and implemented risk assessment methodology
• The identification and recommendation of a new technology solution that would provide the continuous monitoring of all third parties and identify areas of concentration
Throughout this transformation process, we were able reduce the staffing costs by £1.5mn and identify over 15,000 third parties that they had been unaware of prior to the programme starting. Ongoing, we have identified a range of resources to help with the running of the new TPRM target operating model, supporting the bank both now and into the future.