Nationally Ranked Credit Union Simplifies Third-Party Risk Management, Enables Rapid Growth Through Automation

Challenge: Meet Rapid Growth and Regulatory Compliance Demands With A Small Team

VyStar, based in Jacksonville, Florida, has been enjoying the kind of growth other credit unions envy. VyStar supports communities throughout Central to North Florida as well as Southeast Georgia counties. VyStar is the 16th largest credit union, by asset size of $8.5 billion, serving over 650,000 members, and is nationally ranked in the United States. But success has come with growing pains: a team of just three people was already responsible for managing 300 – 400 third-parties, with more growth coming. With the growth of the thirdparty portfolio and the demand to meeting ever-evolving regulatory requirements from its regulatory authority, the National Credit Union Administration, VyStar required an automated solution to manage the program. Franchesca Williams, Vice President of Third-Party Risk Management, VyStar Credit Union began investigating potential platform solutions with a clear vision in mind: “a complete third-party risk management program automated end-to-end, with the flexibility to adapt to VyStar’s program and accommodate our growth.”

Solution: Flexible, Automated Solution for End-To End Third Party Risk Management

Williams and her colleagues examined more than 50 solutions to build a “top-five” list of third parties capable of meeting their stringent requirements including: flexible risk methodologies, multi-tiered risk assessment functionality, the ability to contact and communicate with third parties, and all the tools necessary for conducting due diligence and sustained monitoring. Their RFP documented more than 100 requirements, and demanded sophisticated contract review and management functionality, including a renewal date notification system that could communicate to both internal and external partners. Although VyStar at the time had no integration requirements, they insisted on a platform that could support enterprise-level integrations and electronic signature capabilities in the future.

“ProcessUnity was the only option that met 99% of our requirements,” says Williams. “The next best came in at 90%.” For VyStar, ProcessUnity not only met crucial demands, but offered greater flexibility. “The other software systems we looked at didn’t allow administrators to change settings on their own. You had to go to the provider for an additional work order, as opposed to ProcessUnity, where all you need to do is make a few clicks. We have the ability to configure the system and make it what we want.”

Implementation began in August 2017 with a three-phase rollout that started among the internal team in December, then moved into a test pilot and a full launch. Following recommendations from ProcessUnity, VyStar used the phased approach to gain insights into the platform, and to provide sufficient training to internal teams. By June 2018, the platform was fully operational.

Results: Response Time Drops From Days To Minutes, Comprehensive Monitoring Of All Vendors

One of Williams’ greatest concerns was acceptance: would stakeholders inside and outside the credit union find the platform useful? “Everyone we trained found it easy to use,” she says. “They liked the visuals, the charts, the reports, and we got a great response.” Risk Assessment is now much faster. “We’ve reduced questionnaire responses from our internal stakeholders from a matter of days to just ten or twenty minutes,” Williams says. Despite a “huge uptick in workload” from the credit union’s “growth,” ProcessUnity is “helping us manage and maintain a compliant program with just a few staffers.” Before ProcessUnity’s Third-Party Risk Management platform was in place, VyStar could only actively monitor the most critical subset of its third-party list, about 30 relationships; now it has the power to monitor all 300 – 400 vendors and meet the demand as the credit union continues to grow.

“Through ProcessUnity’s automation of the risk management process,” concludes Williams, “we can manage third parties more responsibly with fewer resources.”