Client: A leading financial services company
Industry: Capital Markets
Business need addressed:
Reduce operational risks from third parties and improve regulatory compliance by administering an efficient global third-party information security risk program.
End-to-end risk management solution designed for optimal resource utilization which helped in reducing total assessment time
- Risk mitigation and governance
- Effective vendor management
- Standardization and simplification
- Shorter process cycle time
Genpact helps a global financial company effectively and efficiently administer a third-party information security risk program, reducing operational risk and improving regulatory compliance.
A leading global financial firm with a large geographically and functionally diversified vendor base, serving multiple lines of businesses, required support with its third-party information security risk management in order to efficiently conduct high volumes of vendor risk assessments and remediation planning consistent with the company’s information security policies, standards, and regulatory requirements.
The organization needed to reduce operational risks from third parties and improve regulatory compliance by administering an efficient, effective global third-party information security risk program.
Genpact was engaged to provide a global service delivery model, program management, and subject matter expertise to ensure optimal resource allocation and adherence to critical program performance metrics
Over a 22-month engagement, Genpact performed a thorough root cause analysis, using Lean and Six Sigma principles to accomplish the following:
- Review of suppliers' IT risk, compliance, and security posture
- Identification of suppliers’ impact individually and collectively to define the risk landscape
- Globally locate vendors on multiple continents, e.g., USA, EMEA, and APAC
- Conduct assessments including technology, process, compliance, data privacy, and governance
Genpact implemented end-to-end risk management offerings designed for optimal resource utilization and shorter process cycle times, while remaining consistent with the organization’s information security policies, standards, and regulatory requirements.
- Developed five independent consulting units for effective end-to-end delivery with dedicated subject matter experts (program management office (PMO), program design, assessment, quality assurance, and risk analytics)
- Created a PMO responsible for operational metrics to ensure optimal resource allocation and utilization, bringing greater transparency to the costs of risk management
- Co-sourced the program, including assessment planning, execution, and reporting
- Executed the program based on each vendor’s inherent risk profile, including stratification, calibration of assessment scope, documentation of findings, and remediation plans
To date, the company has realized the following impact:
- Regionally located assessment experts ensured cost-effectiveness via optimal shoring of risk assessment and remediation planning, resulting in shorter process cycle times
- Risk mitigation through risk analytics, dashboards, and management reports to track supplier risk profiles and drive collaboration during supplier audits/communications. This helped vendors (especially smaller vendors such as law firms) to improve the information security landscape and set up their policies
- Genpact delivered a structured vendor management framework that is expected to reduce the cost of remediation substantially
- Metrics-based remediation control ensured tracking and timely completion of remediation activities in a manner consistent with the company’s information security policies, standards and regulatory requirements
- Working closely with client leadership Genpact developed a due diligence operating model which will enable effective vendor management and risk governance
- The total assessment time (TAT) was reduced from 6 weeks to 4 weeks by standardization of processes such as vendor orientation, templates, and creation of a risk database
- Proactive engagement with the client and vendors to identify the gaps and arrive at a mutually agreed-upon remediation plan improved the QA process, which has decreased errors in documentation
- Client has recommended Genpact for membership in the Shared Assessment Forum, a consortium of major financial service providers responsible for thought leadership in the industry. This will enable Genpact to further innovate and meet industry needs in the vendor risk management space