Operational and Third-Party Risk

Operational and Third-Party Risk is rapidly gaining importance and attention in the financial sector. Financial services organizations not only have regulatory issues to be aware of and address, but there are several other significant risks stemming from people, processes, technology, and external areas that banks must proactively identify and manage. Operational risk practices are maturing, and increasing in both complexity and severity, and typically require involvement from multiple service areas within a single institution. In addition, the regulatory agencies require a framework that includes the development and implementation of a comprehensive and reliable operational risk management system, guided by the board of directors and senior management, all of which requires the appropriation of adequate resources.

Treliant works with institutions in the financial services industry and consumer-oriented businesses to develop, execute, and maintain sound operational risk management programs and reviews that meet regulatory and supervisory expectations. We provide a broad range of services from program assessment, roadmap development, identification of key risk indicators, cybersecurity, information governance, third-party risk management, and incident response management, among others. Treliant professionals are familiar with industry best practices. By monitoring the industry environment and familiarizing themselves with changing regulations, they provide the most effective and efficient services and advice to operational risk clients.

Treliant’s Operational and Third-Party Risk Advisory Services include:

Privacy and Security Consulting Services

  • Program Evaluation, Design, and Implementation
  • Policies, Standards, and Procedures Development
  • Risk Assessment and Analysis
  • Control Identification, Documentation, and Implementation
  • Monitoring, Metrics, and Reporting
  • Audit and Regulatory Review Support and Preparation


  • Information Security Compliance Audits, Testing, and Monitoring
  • Information Security Corporate Governance – Structure, Strategies, Performance, and Reporting/Monitoring
  • Internal/External Incident Management Programs for Cyber Issues, including Communications, Media, and Remediation/Recovery
  • Cybersecurity Policies, Procedures, and Standards, including Written Information Security Programs (WISPs)
  • Cyber Risk Assessment and Mitigation
  • Data Loss Prevention and Data Risk
  • Third Parties with Access to your Assets
  • Secure Configuration Standards
  • Intrusion Protection and Detection
  • Security Awareness Training Programs
  • Business Continuity

Third-Party Risk Management

  • Program Design and Implementation
  • Policy and Standards Development
  • Due Diligence and Ongoing Monitoring
  • Contract Structuring and Review
  • On-Site Assessments
  • Audit and Regulatory Review Support and Preparation

Third-Party Provider Playbook

Treliant can assist clients in developing a Playbook for Third-Party requests offering the following benefits:

  • One Set of Documents Provided to Multiple Clients
  • Based on Referenced Industry Standards including Federal Financial Institution Examination Council (FFIEC), International Organization for Standardization (ISO), Control Objectives for Information and Related Technology (COBIT), and Payment Card Industry (PCI)
  • Allows Legal and Other Subject Matter Expert Areas to Review and Preapprove the Responses, increasing the Quality of the Information Provided
  • Greatly Reduces the Time and Effort the Company Spends Responding to Client Questionnaire Requests

Operational Risk Assessments

  • Operational Risk Governance Structure and Strategies
  • Operational Risk Frameworks
  • Risk and Control Self-Assessment Frameworks and Methodology
  • Risk Identification and Mitigation
  • Operational Risk Program Evaluation
  • Key Risk Indicator (KRI) Frameworks and Selection
  • Monitoring and Performance
  • Third-Party Risk Management
  • Business Continuity

If your needs are not addressed by the advisory services listed above, view more of our Services or 

Ask Us a Question


Susanna K. Tisa
Executive Partner
B. Scott Fisher
Chief Executive Officer
Agnes Bundy Scanlan
Senior Advisor

Data Risk Solutions

Data Risk Solutions℠ is a set of targeted offerings addressing the threats, requirements, and complexities associated with managing data assets in today’s global market.

Learn more about Treliant’s Data Risk Solutions Advisory Services.