Centralizing Third-Party
Risk Management Capabilities

A leading insurance company did not have a formalized third-party risk management (TPRM) centralized program with defined roles and responsibilities, vendor onboarding, offboarding and escalation processes, defined key performance indicators and risk metrics, and training, creating inefficiencies and operational and regulatory risks.
Call Outs
  • Improved efficient and consistent oversight over all third parties relationships
  • Enhanced enterprise-wide view of third-party risks and the basis for more valuable data insights
  • Increased efficiency and improved compliance

We implemented a formal, centralized, and comprehensive enterprise third-party risk management program.

  • Established an overarching TPRM program and framework with clear definition for third parties and fourth parties (subcontractors), including defined risk appetite, policies and procedures, escalation processes, key functional roles and responsibilities, and overall lifecycle and process controls.
  • Defined management structure, roles and responsibilities, and the resources dedicated to the oversight of the TPRM program.
  • Established formal, centralized, and comprehensive risk assessment and due diligence processes for all third parties to create a risk profile that encompasses risk ratings for all third parties in all lines of business.
  • Leveraged the client’s system of record already in place to establish a master third-party inventory inclusive of all types of the client’s third parties.
  • Established and defined responsibilities for training on the TPRM program and regulatory requirements across all TPRM stakeholders and developed and deployed training to relevant stakeholders.
  • Worked with the client’s Legal and Procurement teams to create a library of required contract clauses for all third-party types.
  • Defined and implemented key performance indicators and risk metrics and established data aggregation and reporting protocols to access the client’s third-party risk profile across various classifications and created an executive dashboard of all third parties within each third-party category and risk tier.
  • Built and implemented a monitoring program that looks at third parties in a holistic manner, including increased integration between different functions to align on scope and timing at the third-party level.
  • Worked with all third-party contract template owners and Legal to develop a consistent annual contract review process.
  • Developed detailed enterprise termination and offboarding expectations and requirements, including exit strategy checklists with consideration for a third party’s risk tier, type of third-party, and types of data access.
  • Increased efficient and consistent oversight over all third parties doing business with the client.
  • Provided increased awareness and understanding of TPRM responsibilities across all lines of business.
  • Enhanced enterprise-wide view of the risks that third parties pose to the client as well as the basis for more valuable data insights.
  • Increased efficiency, improved compliance, and assisted in better contract management.

Case Studies

Compliance Core

Partner with Compliance Core

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?

We Schedule a call at your convenience 


We do a discovery and consulting meting 


We prepare a proposal 

Request More Information