Financial Services Provider



Vendor Risk Management (VRM) Framework/Third Party Vendor Management Performance Monitoring



A Financial Services Provider was seeking to implement a proactive system for identifying and managing vendor risk and ensuring compliance with OCC Matters Requiring Attention (MRA) as a result of findings from a Vendor Risk Audit. The audit found material weaknesses and the Client sought RGP to help restructure their program.


How We Helped

Working collaboratively with the Client as a cross-functional team, we established and implemented best practices for a Vendor Risk Management Framework for third party vendor management. A performance monitoring function ensured that relevant risks and associated metrics were identified and reported appropriately for each vendor, based upon their level of inherent/residual risk and the results of the relevant risk assessment. The level of intensity for each vendor was determined by how critical they were to the firm. A Governance, Risk and Compliance tool (MetricStream) supported the function.

The RGP Team consisted of a Project Manager, Business Analyst, User Test Script writer, VRM Strategic Advisor, and VRM subject-matter experts. We provided deep supply chain and VRM expertise to drive three key project work streams:‚Äč 

  1. Establishing the Program: recommending innovative solutions for support and maintenance of the Client’s third party vendor management processes, systems, standards, and metrics tracking
  2. Assisting in management of MetricStream implementation: developing user guides and materials and conducting training
  3. Developing and supporting day-to-day operations of the group, including: facilitating processes to ensure compliance with all regulations, guidelines and firm requirements; as subject-matter experts, providing guidance and customer service to stakeholders and third party contacts.  

In support of these work streams, RGP:

  • Developed the framework and vendor scorecards.
  • Conducted Certification and Governance Maturity assessments.
  • Conducted on-site vendor assessments, certification and Governance.
  • Developed program processes, policies and procedures.
  • Assisted in management of MetricStream implementation.


With the operationally embedded controls and efficiencies introduced by the Vendor Risk Management Framework/Third Party Vendor Management Performance Monitoring, our Client is well-positioned to effectively support and proactively identify and address new significant vendor risks to the business.