Vendor Oversight
Home > Expertise > Compliance

Vendor Oversight

Representative Engagements

The financial crisis raised regulatory concerns about institutions' management of vendors.


Prudential regulators have traditionally viewed banks’ vendor oversight through the prism of reputational risk. But companies offering financial products and services to consumers now face regulation by the Consumer Financial Protection Bureau, which approaches vendor oversight as a consumer-protection issue rather than as a potential institutional threat. The bureau’s standards in assessing, monitoring, and controlling consumer risks are intense and specific.

The combined expectations of prudential regulators and the CFPB obligate financial institutions to maintain comprehensive vendor programs that manage strategic planning, risk assessments, and due diligence at selection, and can continually monitor performance, compliance, financial condition, and operational risk.

Promontory developed VendorCompass™ to give financial institutions a powerful platform for coordinating vendor oversight. This proprietary platform provides a reliable and efficient one-stop solution to vendor oversight. Our experts are attuned to changing regulatory expectations and understand the challenges that financial institutions face.


Vendor oversight is often fragmented across different departments and divisions, resulting in lack of consistency and the failure to perceive potential compliance gaps. VendorCompass™ inventories all vendor relationships in an organization and assesses each one based on the vendor’s service.

Enterprisewide View

Business units may remain responsible for individual relationships, but visibility should be available from a top-level perspective. VendorCompass™ offers enterprisewide dashboard functionalities for executives and vendor-management committees.


Many corporate functions compete for compliance and IT resources. Promontory can relieve the strain by performing ongoing vendor oversight, with a focus on:

  • Performance
  • Compliance
  • Financial condition
  • IT security
  • Operational-risk management
  • Model validation


Some financial institutions understandably struggle to assess compliance obligations of vendors due to resource constraints and uncertainty with respect to regulatory expectations. Promontory’s professionals include former corporate executives and senior-level regulators who have designed and operated compliance systems, and have written and implemented regulations. VendorCompass™ incorporates the collective knowledge of Promontory’s team.


Financial institutions often lack standardized scoring and risk assessments for diverse vendor populations. VendorCompass™ provides a consistent platform for conducting risk assessments and scoring.

Issue Tracking

A comprehensive and ongoing plan for remediation of identified vendor issues is a critical need that is too often neglected. Promontory’s VendorCompass™ provides automated issue tracking, from identification through resolution.

Contact Us

For more information about VendorCompass™ and Promontory's vendor oversight capabilities, please email our product team or one of the key contacts listed on the right.

Representative Engagements

  • Reviewed the vendor-management program for a major retailer in the wake of a cybersecurity incident and developed a plan to enhance the program
  • For a large complex banking organization based in the U.S., implemented its vendor-management program with respect to consumer compliance for critical customer-facing vendors
  • Conducted a review of the information-security and data-protection program of a financial-industry vendor amid significant concerns about the confidentiality of data obtained by the vendor
  • For a large complex banking organization based in the U.S., helped revamp the vendor-management program in light of heightened regulatory expectations.
  • Launched a Web-based vendor-management platform, VendorCompass®, that is currently used by banks in the U.S.

Enter Below Code :