Provident Financial Group Banks on OneTrust Vendorpedia for Third-Party Risk Management Operations

Provident Financial Group Banks on OneTrust Vendorpedia for Third-Party Risk Management Operations

Provident Finanial Group is a FTSE 250 company and one of the UK’s leading suppliers of personal credit products, focused on financial inclusion for those who are not well served by mainstream credit offerings or are excluded altogether. The group delivers this non-standard lending though their businesses units – Vanquis Bank, Provident Home Credit, Satsuma Loans and Moneybarn. With 5,700 employees serving 2.4 million customers, Provident understands the strong expectation to work with third-parties who respect their customer and employee information, espcially within the financial sector.

quotes
Financial services is a highly regulated sector and effective third-party risk management not only supports regulatory compliance and reduces operating costs, but it helps lay the groundwork for deeper, more trustworthy relationships with customers, supporting a strong competitive advantage over time.
Kash Darr
Partnerships Commercial Manager

Giving credit to complex third-party risk management challenges

Third-party risk management has been further reinforced since with the UK’s Financial Conduct Authority and the EU’s General Data Protection Regulation (GDPR). These new frameworks, recent data breaches, and increased customer expectations are putting pressure on businesses to better understand the risks their third-party vendors pose and hold them accountable to global privacy laws and security standards.

“Before the GDPR went into effect, the privacy team set up workstreams to ensure we had a baseline level of risk management and compliance in place,” added Mike Dronfield, Chief Information Security Officer at Provident. “We soon realized that our processes were disparate and we needed a technology to automate operations and serve as a central repository for our data.”

Investing in a well-rounded solution to manage third-party risks

Provident wanted to implement an easy-to-use and automated third-party risk management technology that could serve as a singe source of truth for third-party supplier information and drastically decrease the amount of manual effort spent tracking associated risks. After evaluating multiple enterprise technology vendors on the market, Provident selected OneTrust Vendorpedia.

quotes
OneTrust was primarily selected because of how business-friendly the tool is. With OneTrust Vendorpedia we can reduce our manual efforts and automate the entire vendor lifecycle, from onboarding vendors, assessing ongoing risks, linking to vendor contracts, demonstrating recordkeeping compliance, performing audits, and fully offboarding vendors when it’s time for a change.
Mike Dronfield
Chief Information Security Officer

Provident’s procurement team oversees OneTrust Vendorpedia and initially intended to use the product as a repository for everything third-party supplier related. Shortly after implementation, the procurement team realized they could also link supporting documents to their supplier assessments to be able to report on different aspects of how they work together – effectively pulling together vendor processes with the company’s data map.

With the support of OneTrust’s Data Mapping Automation, Provident can now also link their third-party information to their data map to get a holistic view of what information each third-party holds.

quotes
In a nutshell, OneTrust is invaluable. It allows me to perform my job more effectively than before and provides more transparency when working with our third-party partners.
Kash Darr
Partnerships Commercial Manager

Coining third-party risk management as an ongoing commitment

Since implementing OneTrust, Provident can not only identify, track, and mitigate third-party risks, but better demonstrate their ongoing commitment to protecting their customer and employee information.

Provident plans on rolling OneTrust out to more divisions within the business. From there, stakeholders will mature their understanding of the platform and utilize OneTrust Vendorpedia’s reporting capabilities to get more visibility into the business’s third-party risk management posture.

quotes
Our obligations to our customers are our main priority and with OneTrust we not only demonstrate our commitment to their data protection and privacy, but confidently improve our business operations
Mike Dronfield
Chief Information Security Officer

Recommended Resources