More than 59,000 vendors rely on Vendorly’s software-as-a-service oversight platform to assure financial services industry clients that they are meeting their continually evolving risk and oversight obligations. An Altisource Portfolio Solutions S.A. business, Vendorly licenses the Shared Assessment standards within a platform that helps clients streamline contract management, vendor due diligence, document collection and ongoing maintenance, monitoring and audits. Having access to the Third-Party Risk Management Toolkit and the Standardized Information Gathering (SIG) Questionnaire Tools in particular, “is major value-add for us as a licensee,” notes Vendorly Director of Operations Steven Greenfield. “Some of our vendors have 100 or more clients that perform oversight on them. In the past, most of those clients had their own unique vendor management due diligence questionnaires, which is why there’s so much talk about vendor fatigue in our industry. By using the SIG, we’ve created a standard industry package for vendor oversight. And that’s essentially solved the vendor fatigue problem.” Greenfield, a 20-year financial services industry veteran, discusses the benefits of this third-party risk management “network effect” and explains why he keeps his Certified Third-Party Risk Management Professional (CTPRP) workbook close at hand.
How has obtaining the CTPRP designation helped you in your roles at Vendorly?
Steven Greenfield: As a TPRM practitioner and evangelist, the designation provided me with a level of authority among my peers. I find that pursuing a professionally recognized standard helps elevate the conversation. As TPRM becomes ever more complex, it’s important to be able to demonstrate that you’re a lifelong student of continuous education in terms of keeping up with the ever-changing threat risk landscape. As many of my colleagues at Vendorly will attest, having this extra insight into TPRM standards helps us raise the bar and demonstrates our commitment to excellence – both in terms of how we manage risk internally and how we can best serve our clients.
How has the designation helped you as a TPRM professional?
Steven Greenfield: It has enhanced my understanding of TPRM while validating my practical knowledge of managing third-party vendors. The CTPRP takes the many different disciplines associated with vendor management and formalizes the process into a natural progression of assessment, understanding and remediation. It has proved to be a great foundation of best practices to strengthen my approach to TPRM.
What should TPRM professionals who are considering earning their CTPRP certification know about the experience?
Steven Greenfield: First of all, the CTPRP in-person workshop was a lot of fun. It is a great environment for learning, sharing and collaboration and the instructors are well-versed in current risk management topics. Second, the CTPRP workbook is a constant presence in my day-to-day duties because it is such a great reference guide. I have it in front of me right now because I referred to the contract management section on my last call. Third, retaining the designation keeps you honest in your TPRM knowledge. As we have seen in the past several years, risks constantly change as companies adopt more technology and allow greater access to their core systems. It’s important to maintain your knowledge base and continually reflect on how you can best apply the knowledge from the CTPRP workshops to every-day best practices. Fourth, the CTPRP networking with professional peers, clients and even competitors is valuable. We have access to a network devoted to mitigating risk. In that way, we’re all playing for the same team, and we’re motivated to share best practices in a collaborative, open network. We’re much stronger together.
Connect with Steven.