Case Study

Capital Markets Third Party Risk Management Function Stand-up



Fortune 50 Financial Services Institution


ERM & Operational Risk

Project Overview

The Client’s Capital Markets division encountered significant third-party risk exposure due to an increasing number of relationships with counterparty suppliers and vendors. The Client lacked a comprehensive third-party risk management function to support key activities across the third-party lifecycle phases, and stakeholder support was only provided through decentralized, ad hoc activities. Additionally, to reduce third-party risk exposure, remediate outstanding findings, and ensure compliance with new enterprise standards, the Client required efficient and effective measurement and monitoring of third-party risk factors, aligned with industry standards and best practices. Client sought expertise and support from Reference Point (RP) to establish and implement a comprehensive third-party risk management function and strategy to mitigate key risks to the business and technology, by ensuring supplier alignment to existing third-party risk policies and standards. Reference Point facilitated the development of a new divisional third-party process and procedure and an implementation roadmap to achieve division-wide adoption.


  • Reference Point deployed a team of risk experts and consultants, including the former Third-Party Risk Inter-affiliate Lead at Citigroup, to facilitate the development and adoption of a comprehensive third-party risk management function and strategy.

  • The team collaborated with key stakeholders across the division, technology, enterprise supply chain, and enterprise risk management to assess the Client’s current divisional third-party risk management policies and capabilities against both the enterprise risk standards as well as industry best practices.

  • Reference Point also supported ongoing audit remediation activities and performed regular initiative status reporting and vendor contract inventory maintenance to meet short-term tactical needs.


  • Reference Point delivered a new divisional third-party process and procedure document, aligned to existing enterprise standards as well as a gap analysis and implementation roadmap to achieve division-wide adoption.

  • Additionally, Reference Point trained and educated key divisional stakeholders on the risk assessment process and ongoing monitoring activities to increase organizational understanding and accountability.

  • Based on Reference Point’s recommendations, the Client was able to establish a divisional third-party risk management strategy and function, providing the necessary infrastructure to accurately quantify and analyze third-party risk exposure.

End-to-End Services, Working Together

We approach every engagement with our client in mind—creating solutions that are tailored to fit the task at hand. Our interrelated services offerings address a wide range of client needs. Whether a company is looking to solve a problem or capitalize on an opportunity, we can help them to achieve and exceed their goals—effectively and efficiently.

See Services See More Cases