Representative Engagements: Operational, Third-Party, and Data Risk

  • Performed a strategic evaluation of a large US bank’s Operational Risk group to position it to be innovative, effective, and aligned with a dynamic regulatory environment. Services and evaluation covered program strategy, framework, and governance addressing key risks, regulations, and functional areas/departments (card, real estate, deposits, consumer, and trust). Treliant also analyzed operational processes used to execute risk‐related work and conducted a detailed program review of the modeling of Operational Risk exposures.

  • Executed a Third-Party Risk Management program review for a top financial institution and implemented the resulting Third-Party Risk Management System.

  • Developed a comprehensive compliance program for a mobile payments provider by developing an overall compliance and risk management framework, including principles and governance structure, and performing an assessment of compliance with multiple legal and contractual requirements.

  • Strengthened the Third-Party compliance program of a Top 25 financial institution by coordinating Procurement and Information Security (IS).

  • Assessed Information Technology (IT) and IS risk for a branch of an international bank, resulting in recommendations to resolve issues.

  • Advised a Top 10 US financial institution regarding its IT practices by reviewing the security policy and program management, resulting in the strengthening of the IT Risk Governance Program and compliance with federal regulations.

  • Implemented an Enterprise Risk Management (ERM) program for a community bank, strengthening its lending practices and compliance program through project management, loan stress testing, capital planning, asset remediation analysis, compliance planning, Bank Secrecy Act (BSA) training, ERM dashboard creation and quarterly monitoring, an Application Lifecycle Management (ALM) review, board/management guidance, and recommendations for compliance with regulations.

  • Performed detailed incident response training for the global IS and executive staff of a large international retail consumer company.

  • Assisted a Top 25 pharmaceutical company in maturing its privacy and data security program as it expanded internationally. Specific activities included identifying and mapping the flow of personal information, developing and implementing a cross-border data transfer strategy, providing privacy and incident response policy reviews, and developing standard operating procedures. Reviewed existing privacy policy, related policies and procedures, organization charts, process flows and related documents, risk assessments, controls, reports, committee structures, and meeting minutes related to privacy. Treliant also analyzed current practices and provided recommendations for enhancement.

  • Supported the development of a data incident response program, including policy and procedures, for a major online real estate service provider.

  • Assisted a major broker-dealer in developing an approach for assessing and meeting data protection requirements imposed on it by third parties.

  • Functioned as Chief Privacy Officer for various organizations with responsibilities including strategic direction, program development, risk analysis, control implementation, and testing.

  • Created and implemented multiple clients’ compliance, privacy, information security, solicitation management, anti- fraud controls, IT governance, third-party risk management programs, policies, standards, and procedures.

  • Implemented enterprise risk management systems (Archer, RSAM) for the risk and control self-assessment (RCSA) process, including analysis of products, services, and line-of-business processes; risk identification, control, and testing; and monitoring and gap remediation.


Susanna K. Tisa
Executive Partner
Agnes Bundy Scanlan
Senior Advisor
B. Scott Fisher
Chief Executive Officer

Theme picker