Our client is a London based asset management firm, authorised and regulated by the Financial Conduct Authority (“FCA”). They were concerned with ensuring that they were adequately addressing key areas of operational risk both internally and externally with their key third party service providers. Their key areas of concern included, Cyber Security, Data Protection and Business Disruption risks.
When they first engaged with CalQRisk they were relying on representations and industry standard due diligence questionnaires but were not satisfied that they were addressing these risk areas in sufficient detail and nor did they know all the questions they should be asking of themselves and their service providers to provide them with adequate assurance.
Our client wanted to source a cost effective solution that would provide them with a tool to automate their risk assessment process and, importantly, provide them with a knowledgebase of relevant risks and controls around Cyber Security, Data Protection and Business Disruption as well as related People risks.
Following market analysis, they made the decision to licence CalQRisk and to conduct their internal and service provider risk assessments. We worked with the client to develop a risk framework and a detailed set of risks and control assessments leveraging the extensive repository of relevant risks and controls that resides in CalQRisk.
Our client now has a cost effective and easily operated risk assessment process and has conducted detailed online assessments of multiple third party service providers. Our solution enables our client to benchmark their key service providers against industry best practice within key areas of operational risk and to seek changes where improvement is needed. They are also able to satisfy themselves and key stakeholders, including investors and regulators, that they are operationally resilient, particularly in the areas of data security and outsourcing.