WolfPAC > Resources > Vendor Risk Management Case Study: Cornerstone Bank & WolfPAC Solutions
Back to Resources

Vendor Risk Management Case Study: Cornerstone Bank & WolfPAC Solutions


Vendor Risk Management Case Study - Cornerstone Bank

Cornerstone Bank is a Massachusetts-based community bank with over 150 years of history, ten branches, and more than $1.5 billion in assets under management. The bank leveraged Wolf & Company’s WolfPAC Integrated Risk Management software and Virtual Vendor Management Officer (vVMO) service to help modernize and streamline its vendor management program.

As a result, Cornerstone Bank is now optimally positioned to:

  • Effectively manage every aspect of its vendor ecosystem (including contracting & due diligence);
  • Address a growing range of third-party risks; and
  • Meet the rising expectations of regulators and its audit committee.

“The entire project has been a major success, not only regarding risk management but also because it helped streamline our vendor relationships and ensure that our vendor agreements align with the bank’s needs and standards.”

– Cornerstone Bank SVP & Chief Risk Officer Michael Roy


The Cornerstone Bank team understood the importance of formalizing, centralizing, and automating its vendor management program. However, like many community banking institutions, the client lacked the time and resources required to build the program it needed on its own.

Before WolfPAC, the client faced the following challenges:

  • Limited Resources: Bank leadership recognized the value of bolstering its vendor management efforts. They also understood that it would take more staff than they could deploy to handle the various aspects of such a project, including due diligence, policy creation, contract management, monitoring, and compliance.
  • Upholding Its Promise to Customers: Cornerstone’s promise to customers, “Built on trust,” requires the bank to ensure that they are continually maximizing their investments, protecting customer funds and data, and deliver the best possible mix of products and technologies. This task is difficult, if not impossible, without a system to track vendor risk, performance, and contracts properly.


The client leveraged WolfPAC’s Third Party Risk Management Software and Wolf & Company’s Virtual Vendor Management (vVMO) Services to modernize and enhance its TPRM program.

This engagement encompassed virtually every aspect of vendor management, including:

  • Program Review
  • Contract Negotiation and Tracking
  • Vendor Monitoring
  • Risk Assessments
  • Board, Audit Committee, and Exam Prep

“Throughout this journey, Wolf has been remarkable—their patience, thoroughness, and instructive approach have been invaluable. Also, the WolfPAC platform is far more intuitive and suited to my skill set than the other products I’ve used.”

– Cornerstone Bank SVP & Chief Risk Officer Michael Roy

The Results:

“Our investment in the software and consulting services is worthwhile, and I would choose to do it again without hesitation.”

– Cornerstone Bank SVP & Chief Risk Officer Michael Roy

Confidence & Control: 

Vendor Risk Management Case Study - Results

Having a robust vendor management program in place gives the client a new sense of confidence and control. In this case, they tell the story better than we ever could:

“It’s essential to know our vendors, understand our agreements, and not merely rely on hope for everything to go smoothly. Some of our contracts date back as far as 20 years, and they’ve undergone multiple renewals, often on a three-year or even seven-year cycle. While a seven-year contract renewal may have made sense in 2000, it might not be as practical today. Through our program, we’ve managed to catch and rectify many issues that could have posed significant risks. We’ve also made necessary adjustments to outdated pricing.”

– Cornerstone Bank SVP & Chief Risk Officer Michael Roy

Exam Preparedness: 

In-Depth Assessments

The client is now better positioned to properly assess, monitor, and reduce risk related to each of its 3rd party relationships. As a result, they can be much more confident heading into regulatory exams and board and audit committee meetings.

“The response from the audit committee was very positive. While our previous reports were good, they only covered the high-risk vendors, whereas our current system includes every vendor. As a result, when regulators come in to assess our safety and soundness, I’m well-prepared with a complete report.”

                         – Cornerstone Bank SVP & Chief Risk Officer Michael Roy

Contributing to a Stronger Cyber Defense Posture: 

Data Security & Privacy Management

The bank’s recent vendor management process improvements complement its broader efforts in IT risk and cybersecurity. Having a more modern and sophisticated vendor management program plays a vital role in maintaining the safety of the institution and its customers.

“By collecting comprehensive information on vendors and assessing their performance, we contribute to the overall security of customer information. While it’s a subset of the vendor management process, it is an essential component of the institution’s commitment to information security, IT risk management, and cyber risk mitigation.”

– Cornerstone Bank SVP & Chief Risk Officer Michael Roy

Next Steps:

Do you need help building a modern vendor risk management program that stands up to the threats of today and tomorrow?

Contact us today to learn more! 

Related Reading: