WolfPAC Integrated Risk Management Blog

Third-Party Risk Management: Key Shifts for COVID-19

| Author
Wolf & Company, P.C.

Many financial institutions allocate significant time and resources to their third-party risk management programs—but the COVID-19 pandemic has altered many institutions’ responses to the challenges faced when creating these programs. From unexpected business closures, to vendor plant shut downs and manufacturing stalls, this pandemic has led institutions to re-evaluate their business’ dependence on third parties, and reanalyze how their vendor management programs are structured and operated.

To successfully mitigate risk and supervise vendor lifecycles, an institution should utilize a comprehensive third-party management software. Third-Party Risk Management clients using both WolfPAC Integrated Risk Management® and Maple Street, Inc. are able to oversee the entire vendor lifecycle while centrally managing all vendor monitoring tasks and critical vendor information.

In order to navigate the unprecedented challenges sparked by the pandemic, many WolfPAC clients have highlighted the importance of maintaining an automated risk management process by integrating vendor information with their business continuity plans.

Agile Risk Management

When the pandemic began affecting businesses, WolfPAC’s bank and credit union clients had to rely on existing disaster recovery plans to keep employees and customers safe, and ensure operations ran efficiently. Many also had to amend these plans to adapt to the rapidly changing work environments, an unsteady market, and disrupted supply chains.

It quickly became apparent that financial institutions with robust vendor management programs could easily access cloud-based documents and activities, allowing them to concentrate on sustaining and managing the critical vendors identified within their business continuity plan during this turbulent time.

Lessons Learned

Remote Work

While most pandemic plans accounted for potential office closures, many needed to adjust to accommodate this challenge. This included enhancing coordination with vendors to assist in managing a large remote workforce equipped on short notice.

For example, a WolfPAC client learned that their primary supplier of laptops was backlogged. The company needed to quickly pivot to resolve the backlog, purchase desktop computers, and deliver the assets to their remote employees immediately. The enhanced visibility of their vendor contracts on our platform allowed them to quickly and efficiently remediate this situation and offer their workers the supplies needed for minimal disruption.

Global Vendors

Financial institutions also had to consider their reliance on third-party employees and contractors in various locations around the world. Many countries experienced the effects of COVID-19 differently, and to maintain oversight on these global vendors and prevent a negative chain reaction in services, it was critical that institutions analyzed their foreign vendors’ level of preparedness.

Cyberattacks spiked astronomically during the pandemic, and some clients dealt with bad actors who were successful in attacking third parties with ransomware. Fully understanding your vendors’ capability to prevent these attacks will give you the information to properly build your own business continuity plan.


Wary of the increase in attempted cyberattacks and the potential for compromised customer information, WolfPAC clients recognized the need for comprehensive third-party monitoring and preventive cybersecurity controls.

Financial institutions were heavily targeted because of their vulnerability throughout the pandemic. During this time, mitigating risk, maintaining customer relations, securing systems, and notifying customers of their safe standing became the organization’s top priority. By consolidating all third-party documents and providing easy access to all vendor information, WolfPAC allowed these clients to establish a reliable infrastructure capable of accommodating a remote workforce securely with minimal impact on business continuity, reputation, or trust.

Maple Street, Inc.

WolfPAC’s strategic partner, Maple Street Inc., works to enhance the third-party management process by making vendor contracts easily identifiable and accessible. Many vendor services that weren’t considered “critical” prior to the pandemic soon became some of the most crucial services needed for the survival of Maple Street clients. The comprehensive view of these contracts on the Maple Street and WolfPAC platform allowed these clients to quickly prioritize vendors to manage risks and remediate the effects of this uncertain environment.

The pandemic often highlighted areas where vendor contracts could better clarify possible improvements for enhanced performance by the vendor. A good third-party vendor management program includes a vendor plan that outlines performance requirements—as planning negotiations and effective use of time lead to better contract terms. The categorization of the vendors by service also helps communicate with vendors promptly.

As they continue to handle changing service delivery requirements, financial institutions are recognizing their increased dependence on vendor performance through metrics (such as uptime and availability) to meet their customer needs. An effective third-party management program identifies the performance requirements of the institution, and outlines ways to ensure the vendor delivers on that performance.


COVID-19 caused widespread disruptions in the financial industry, and exposed the extent of institutions’ reliance on their vendors. Proper third-party risk management programs can protect your company from unwanted risks, and ensure that your vendors are just as prepared to handle unexpected events as you are. WolfPAC and Maple Street, Inc. provide an extensive platform to consolidate all third-party information in one convenient location—allowing you to make the best business decisions based on the most up-to-date vendor information.

TOPICS: Risk Management Business Continuity Business Continuity Planning Vendor Management Vendor Risk Due Diligence

Subscribe To The WolfPAC Blog

Get WolfPAC’s latest articles straight to your inbox. Enter your information below.