Federally Chartered Bank Streamlines Vendor Risk Processes, Reduces Vendor Onboarding and Assessment Cycle Time

For many years, FHLBank Topeka had a formal vendor risk management program in place to provide end-to-end oversight and governance of third-party relationships from initial identification of a new product or service through contract termination. However, as the number of vendors continued to grow, it became increasingly inefficient and time consuming to manage this complex process using a combination of Excel spreadsheets, Word documents, and email communications. “It was difficult to track and manage third-party relationships using manual processes,” explained Autumn Franks, Officer, Vendor Risk Program Manager at FHLBank Topeka. “As we looked to implement a risk-based approach and expand the program scope to include all our vendors, we knew it was time to think about automation.”

That’s why, in 2017, FHLBank Topeka set out to find a centralized, automated third-party risk management platform. The bank formed a selection committee to research and purchase a best-fit software solution to streamline end-to-end vendor risk activities and capture key documentation to fulfill regulatory requirements and ensure compliance.

During the evaluation process, the selection committee focused on finding a solution that could support the bank’s vendor risk management program without requiring changes to agreed-upon processes. For example, it was critical that the system be able to support the inherent risk assessment—a questionnaire used to evaluate a vendor’s susceptibility to risk across defined risk domains—which serves as the foundation for vendor classifications, risk ratings, and required due diligence.

“We took a close look at each application’s functionality including workflow, notifications, questionnaires, reporting, and all that the system could do,” said Franks. “We wanted a system that could support our new process from end-to-end while offering the flexibility and configurability to make changes ourselves—without relying on the vendor—as we adapt to evolving requirements and expectations. And, of course, we wanted a cost-effective solution that we could implement quickly.”

After an extensive review of available options, FHLBank Topeka selected ProcessUnity Vendor Vendor Risk Management (VRM), a software-as-a-service (SaaS) application that identifies and remediates risks posed by third-party product and service providers. Combining a powerful vendor services catalog with risk process automation and dynamic reporting, ProcessUnity VRM streamlines all phases of the vendor risk management lifecycle— from onboarding, due diligence and self-assessments to contracts, performance reviews, SLA monitoring, and issue management.

FHLBank Topeka purchased ProcessUnity Vendor Risk Management (VRM) in April 2017 and went live with the software less than three months later. “The implementation went very smoothly for us,” commented Franks. “Because the solution is so easy to use and configure, we were able to do a lot of the set up ourselves. We’ve also been able to maintain the system and leverage new functionality with little support from ProcessUnity.”

During implementation, the project team was able to import the vendor inventory, user accounts and questionnaires—along with calculations— into the Vendor Risk Management platform with minimal effort. Working with ProcessUnity, the risk team quickly configured the vendor risk process workflows and notifications to align with the bank’s program.

The bank started realizing efficiency gains almost immediately. “The ProcessUnity VRM portal makes it easy for our business units to request a new vendor relationship,” stated Franks. “Plus, the automated workflows direct the right people to the right actions via communication tools integrated into the platform. We now have complete visibility into our vendors and their potential risks, so we can minimize operational exposure and manage our vendors.”

According to Franks, ProcessUnit VRM’s dynamic scoping and bulk automation features have been the biggest time savers for her team. The inherent risk assessment is set up as a questionnaire that vendor risk owners complete to determine the risk rating calculation. The system uses those responses to automatically scope assessments to include only those questions or sections that make sense for each vendor’s risk profile. Using the bulk automation feature, the risk team can initiate ongoing monitoring for a set of vendors with a few simple clicks, triggering automatic distribution of tailored questionnaires based on the dynamic scoping set up in the system.

“Thanks to dynamic scoping, a process that used to take most of a day can now be completed in less than an hour,” noted Franks. In addition, ProcessUnity VRM has simplified reporting by eliminating the need for tedious, time-intensive copying and pasting. All monthly and quarterly reports are set up in the system to show exactly how the bank’s vendor risk management program is performing—highlighting problem areas and prioritizing where the team needs to spend its time. These reports provide the details Franks needs to evaluate the program, demonstrate success to management, and prepare documentation for regulators.

“It’s not only faster and easier to do standard and ad-hoc reporting, but we’re able to report on more items and topics as well,” she added.

FHLBank Topeka continuously monitors its vendor risk management program to identify opportunities for reducing costs and increasing quality and efficiencies. Franks and her team leverage feedback from the bank’s vendors and business units to make ongoing improvements, helping to ensure they maintain the most effective program while still following best practices and fulfilling regulatory requirements.

Return to Customer Stories