🔹 Situation
A U.S. commercial bank’s third-party risk program was falling short of OCC expectations.
Tiering logic was inconsistent, documentation practices varied across teams, and vendor onboarding time exceeded 90 days.
Stakeholders struggled to balance risk, speed, and compliance — all while navigating increasing audit pressure.
🔹 Our Role
PGMP deployed a cross-functional team of experts to lead a multi-phase uplift of the third-party risk operating model.
We delivered:
- A revised tiering and segmentation model
- Clear accountability between lines of defense
- A vendor lifecycle framework with entry/exit checkpoints
- SLA and KPI definitions tied to business value
- A governance structure including steering forums
- Reporting dashboard suite for business, risk, and audit audiences
🔹 Results
✅ Reduced onboarding time from 92 to 28 days
✅ 100% of vendor profiles now tiered using a consistent rubric
✅ Achieved full alignment with OCC’s third-party risk expectations
✅ Dashboard reports now drive executive oversight