Post on 23-Sep-2020
Bloomberg's Secret Sauce for Their
Vendor Risk Management Assessment
(VRMA)
Real-Time Data and
Predictive Analytics:
Bloomberg
Frank Wadsworth Head of Vendor Risk Management
sig.org/eval
Real-Time Data and Predictive Analytics:
Bloomberg's Secret Sauce for Their Vendor Risk
Management Assessment (VRMA)
Bloomberg L.P. | Frank Wadsworth | Head of Vendor Risk Management
April 2016
2
Table of Contents
• Background: Bloomberg’s Vendor Risk Management Program
• Bloomberg’s VRMA Solution
• VRMA Dashboard – Risk Sensing & Intelligence
• Appendix
Risk Assessment Framework
3
Bloomberg Corporate Profile
Bloomberg, the global business and financial information and news leader, gives
influential decision makers a critical edge by connecting them to a dynamic network
of information, people and ideas. The company’s strength – delivering data, news and
analytics through innovative technology, quickly, and accurately – is the core of the
Bloomberg Professional® service.
15,500+
employees
325,000
SubscribersGlobally
192 locations
around the world
5,000new stories daily
Global circulation in
150 countries980,000
150 bureaus in 73 countries
Real-time financial information
4
Background: Bloomberg’s Vendor Risk Management Program
The Vendor Risk Management Assessment (VRMA) program at Bloomberg was
established in 2014 to identify, assess, quantify, and mitigate risk exposure from third
party vendors. The VRMA program provides transparency on vendor related risks that
enable informed risk-based business decisions across the organization
Legacy Challenges VRMA Benefits
Reactive Risk ManagementRespond to ad-hoc requests, many times after contracts signed and with little
visibility into nature of vendors work
Pro-Active Risk ManagementIntegrated into vendor engagement life cycle to inform business of inherent risks
before contracts are signed
One-Size-Fits-AllVendors and/or businesses requested to complete same risk checklist
regardless of their size, contract term period, location and nature of engagement
Vendor SegmentationUsing a simply questionnaire to identify business critical and high risk vendors to
apply different due diligence requirements based on rating
MandateVendors either approved or rejected without necessarily assessing business
impact
AdvisoryProvide transparency to business on inherent risks and advise on mitigating
actions/controls. Business makes the final decision.
Fragmented and DisconnectedManual and inconsistent processes and time consuming. Inability to track and
communicate vendor risk profile changes
Streamlined & IntegratedReal-time alerts on material changes to vendor risk profile
Not aligned to Regulatory StandardsProcesses are not reflective of current regulatory standards / requirements
Alignment with Regulatory RequirementsFoundation of VRM program and processes anchored using regulatory
standards / requirements
UnquantifiableScope and effectiveness of program not measured or tracked
MeasurableUse operational metrics to assess effectiveness of program and overall value to
our business
5
Sourcing & Selection
Due Diligence
On-boardManage &
MonitorExit/Renew
Where does Bloomberg’s VRMA fit within the Vendor Engagement Life Cycle?
NDAContract
ManagementMA SOW
Bloomberg’s VRMA
Engagement Business Impact &
Risk Assessment
• Physical Access
• Critical Services/Technology
• Personal/Confidential Information
• Systems Access
• Interaction with Government
Officials
• Activities subject to specific laws
and regulations
• Nature of customer interaction
• Subcontractor Usage
• Geographic Locations
• Cloud Services
Vendor Engagement
Life Cycle
Business Criticality &
Risk Ranking
Tier 1: HIGH
Tier 2: MODERATE
Tier 3: LOW
6
Sourcing & Selection
Due Diligence
On-boardManage &
MonitorExit/Renew
Where does Bloomberg’s VRMA fit within the Vendor Engagement Life Cycle?
NDAContract
ManagementMA SOW
Bloomberg’s VRMA
Engagement Business Impact &
Risk Assessment
• Physical Access
• Critical Services/Technology
• Personal/Confidential Information
• Systems Access
• Interaction with Government
Officials
• Activities subject to specific laws
and regulations
• Nature of customer interaction
• Subcontractor Usage
• Geographic Locations
• Cloud Services
Vendor Engagement
Life Cycle
Business Criticality &
Risk Ranking
Tier 1: HIGH
Tier 2: MODERATE
Tier 3: LOW
Risk Assessment
Leverage Bloomberg’s VRMA
Risk Dashboard to provide
forward looking insights into risks
by scanning and assessing a
wide variety of vendor risk related
data and predictive analytics
• Financial Viability
Assessment
• Litigation Review
• Information Security Review
• Penetration Test Assessment
• DR/BCP Review
• Vendor Concentration
Analysis (revenue
/geography)
• Reputational Risk
7
Sourcing & Selection
Due Diligence
On-boardManage &
MonitorExit/Renew
Where does Bloomberg’s VRMA fit within the Vendor Engagement Life Cycle?
NDAContract
ManagementMA SOW
Bloomberg’s VRMA
Engagement Business Impact &
Risk Assessment
• Physical Access
• Critical Services/Technology
• Personal/Confidential Information
• Systems Access
• Interaction with Government
Officials
• Activities subject to specific laws
and regulations
• Nature of customer interaction
• Subcontractor Usage
• Geographic Locations
• Cloud Services
Vendor Engagement
Life Cycle
Business Criticality &
Risk Ranking
Tier 1: HIGH
Tier 2: MODERATE
Tier 3: LOW
Risk Register
Track identified risks on risk
register and work with
business to:
• Assess impact across the
enterprise
• Identify mitigating actions
and controls
• Evaluate and sign-off on
residual risk
Risk Assessment
Leverage Bloomberg’s VRMA
Risk Dashboard to provide
forward looking insights into risks
by scanning and assessing a
wide variety of vendor risk related
data and predictive analytics
• Financial Viability
Assessment
• Litigation Review
• Information Security Review
• Penetration Test Assessment
• DR/BCP Review
• Vendor Concentration
Analysis (revenue
/geography)
• Reputational Risk
8
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
• ‘One Stop Shopping’ - eliminates need for
multiple vendor feeds by harnessing a
broad range of supplier data, assessment
capabilities, and analytics
• Push technology of forward-looking,
quantitative estimates of supplier default
probabilities
• Proper identification of active suppliers
through rationalization of supply base with
unique Bloomberg IDs
• Comprehensive view of supplier
relationships and parent/child lineage
• Defines tiered supplier and customer
relationships and revenue concentration
• Eliminates manual, prescriptive activities
leading to proactive management of
supplier risk
Bloomberg’s VRMA integrated solution Bloomberg Terminal enables:
CL
9
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
10
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
11
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
12
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
13
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
14
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
15
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
16
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
17
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
18
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
19
We believe Bloomberg offers unique value in managing supplier risk with a data rich platform and predictive analytics
VRMA
DRSK
RELS
SPLC
NEWS/
BSVC
BMAP
VRMA
Survey, risk scoring, and
workflow management
DRSK
Financial Viability assessments
RELS
Corporate Relationships
SPLC
Supply Chain analytics, 4th
party revenue
CL
BLAW litigation reports
NEWS
News alerts & Social Media
Velocity
BMAP
Dynamic geographical supplier
analysis
Bloomberg’s VRMA integrated solution
CL
20
VRMA DASHBOARD – real time data, alerts & analytics
COMPANY FINANCIALS includes TABS for DRSK,
Financial Statements (4 years) [incl. ESG scores],
Credit Ratings, Altman Z-Score, Capital, Debt
Distribution
COMPANY PROFILE includes TABS for
Company Description, Corporate Hierarchies
(Related Securities, Subsidiaries, Affiliates), Issuer
Info, Filings, Ownership
SUPPLY CHAIN ANALYTICS - this function is
helpful in assessing a suppliers client, vendor and
revenue concentrations while providing the ability
to quickly and easily identify 4th party relationships
(vendors of vendors)
LEGAL/REPUTATIONAL Risk includes TABS
for Company Litigation, News Alerts, Social
Media Velocity. Company litigation listed by
CASE TYPE for past 4 years with drill down
capabilities to actual litigation documents
Hurricane Sandy
LANDING PAGE – VENDOR PORTFOLIO includes business critical and high risk vendors by geography, based on location
products/services are delivered from. Additional capabilities include (1) filters by product/services category (2) ability to overlay natural
disasters (currently available), Geo/Political risks and Pandemics (planned development)
Site
Satellite
Image
21
THANK YOU
22
APPENDIX
23
Vendor Risk Key Considerations
1. Information / Physical Security Confidential / sensitive client or employee data
Level of access to Bloomberg facilities
Hosting data/applications outside Bloomberg environment/firewall
Access to Bloomberg IP
2. Business Continuity Outage impact to business
Revenue and/or cost impact to Bloomberg
3. Operational / Financial Historical financial performance and credit rating of the vendor
Revenue concentration
4. Regulatory / Legal Regulatory compliance requirements & history
Bribery or corruption
Personal health information (PHI) risk
Co-employment risk
Tax and trade compliance
5. Geographic Govt./Political stability
Natural disaster risk
Country economic/ financial instability
Crime/corruption rate
IP protection/legislation
6. Reputational Influenced by all other risk areas
Identified six risk categories and criteria allowing us to define and interpret vendor
risk in a uniform and consistent manner across the enterprise.
Vendor Risk Assessment Framework
Evaluation How-to:
Your feedback drives
SIG Event content
By signing and
submitting your
evaluation, you are
automatically entered
into a prize drawing
Why?
Option 1: App
1. Select Schedule2. Select Schedule by Day3. Select Day4. Select Session5. Scroll to Description
6. Click on the Evaluation link
Option 2: Browser
1. Go to www.sig.org/eval2. Select Session (#S35)
How?
COMPLETE &SUBMIT EVAL
Tweet: #SIGspring16
Session #35
Real-Time Data and Predictive Analytics:
Bloomberg's Secret Sauce for Their Vendor Risk
Management Assessment (VRMA)
www.sig.org/eval
Download the App: bit.ly/SIGOrlando
Frank Wadsworth
Global Head of Vendor Risk Management
fwadsworth@bloomberg.net