Case Study

Develop Strategy & Program to Manage Third Party Risk Exposure



Fortune 50 Financial Institution

Project Overview

Client sought to establish and implement a comprehensive third-party risk management function and strategy to mitigate key risks to the business and technology, by ensuring supplier alignment to existing third-party risk policies and standards. Reference Point facilitated the development of a new divisional third-party process and procedure and an implementation roadmap to achieve division-wide adoption.

  • The Client’s Capital Markets division encountered significant third-party risk exposure due to an increasing number of relationships with counterparty suppliers and vendors.  

  • The Client lacked a comprehensive third-party risk management function to support key activities across the third-party lifecycle phases, and stakeholder support was only provided through decentralized, ad hoc activities.

  • To reduce third-party risk exposure, remediate outstanding findings, and ensure compliance with new enterprise standards, the Client required efficient and effective measurement and monitoring of third-party risk factors, aligned with industry standards and best practices. 


  • Reference Point deployed a team of risk experts and consultants, including the former Third-Party Risk Inter-affiliate Lead at Citigroup, to facilitate the development and adoption of a comprehensive third-party risk management function and strategy.  

  • The team collaborated with key stakeholders across the division, technology, enterprise supply chain, and enterprise risk management to assess the Client’s current divisional third-party risk management policies and capabilities against both the enterprise risk standards as well as industry best practices.

  • Reference Point also supported ongoing audit remediation activities and performed regular initiative status reporting and vendor contract inventory maintenance to meet short-term tactical needs.


  • Reference Point delivered a new divisional third-party process and procedure document, aligned to existing enterprise standards as well as a gap analysis and implementation roadmap to achieve division-wide adoption.  

  • Additionally, Reference Point trained and educated key divisional stakeholders on the risk assessment process and ongoing monitoring activities to increase organizational understanding and accountability.

  • Based on Reference Point’s recommendations, the Client was able to establish a divisional third-party risk management strategy and function, providing the necessary infrastructure to accurately quantify and analyze third-party risk exposure. 

  • The initiative was delivered on-time, on-budget, and without significant disturbance to business-as-usual activities.

End-to-End Services, Working Together.

Strategy. Risk. Data. Technology. Reference Point evaluates critical elements all together to build cohesive, lasting value for financial services clients.

See Services See More Cases