How Legal & General America went from compliance concerns to building an innovative, first-rate vendor and third-party risk management program.
Legal and General America’s journey represents what it means to take your vendor management from vision to value. In 2018, with compliance deadlines looming, LGA began working with Vendor Centric to quickly establish a compliant, scalable vendor management program. In six months, Vendor Centric helped LGA design, document, and operationalize their initial vendor management program, which included implementing vendor risk management software and creating a new vendor management office.
With a compliant program in place, Vendor Centric worked with LGA over the next several years to mature the program with an eye toward value creation for the business. Key initiatives included expanding the program to more third parties, implementing more robust technology and data intelligence solutions, and strengthening relationships with LGA’s most critical vendors. Vendor Centric has been a strategic partner throughout every step of LGA’s vendor management journey and continues to provide strategic guidance and tactical support.
Complying with Looming Deadlines
In 2018, Legal & General America (LGA) was up against a deadline to meet the fourth and final milestone of the New York Department of Financial Services (NYDFS) cybersecurity regulations, specifically, the need to comply with NYDFS requirements for managing third-party vendors. Given the need to move quickly, LGA evaluated several consulting firms to support them and ultimately selected Vendor Centric based on our specialization and ‘roll-up-your-sleeve’ approach to helping them get their program up and running by the regulatory deadline.
Strategy and Solution
Building a Compliant, Scalable Vendor Management Program
Starting in the fall of 2018, Vendor Centric began working with LGA to define the goals and objectives for their vendor management program. While compliance was an important goal, it was also important that the program be designed to ultimately provide value beyond compliance, such as third-party risk reduction, improved performance, and lower costs.
Vendor Centric worked with the LGA team to create a comprehensive strategy, and execute a tactical game plan, to quickly and efficiently build out the program, which included:
- Documenting vendor management policies and procedures;
- Centralizing, cleaning, and enriching data about the company’s third parties;
- Implementing software to support the vendor risk assessment process, including inherent risk assessments, due diligence, and risk remediation
- Identifying the pool of third-party vendors covered under the NYDFS regulations
- Risk tiering more than 100 vendors and taking them through a risk assessment process
- Establishing a vendor management office (VMO) to oversee risk remediation and the growth and maturity of the vendor management program going forward.
- Providing all supporting documents and data needed for LGA to certify to the regulators that their program was compliant
In six months, LGA established a compliant, scalable vendor management program with governing policies, procedures, systems, resources, and oversight. But they were only just getting started.
Over the next several years, LGA partnered with Vendor Centric on a variety of strategic and tactical initiatives to expand and mature the program, with an eye toward creating measurable value for the company and its stakeholders. This has included:
- Adding additional resources to the vendor management office to provide stakeholders with a more well-rounded center of excellence
- Expanding third-party risk assessments to include targeted subsidiaries as well as third-party brokerage general agents
- Implementing more robust third-party management software to improve the efficiency of risk reviews and to integrate external data intelligence into the due diligence process
- Performing independent maturity assessments and control testing to identify and prioritize opportunities to improve the vendor management function
The results of the maturity assessment and internal control testing have shined a light on areas that LGA will be tackling to take vendor management to the next level – including value-creating initiatives related to reducing costs and strengthening relationships with strategic vendors.
Most importantly, as a result of the years-long relationship with Vendor Centric and the various solutions Vendor Centric has implemented to assist LGA on their vendor management journey, LGA has gained a trusted advisor throughout the process.
“LGA is a fantastic example of a company that sees the value in vendor management beyond compliance. After the program was launched in 2019, it would have been easy to maintain the compliance status quo. Instead, LGA set out to strengthen and mature the program to one that delivers real, measurable value to the business. I appreciate being their trusted partner as they continue forward to the next stage of their vendor management journey.”
– Tom Rogers, Vendor Centric
About Legal & General America
Legal & General America has been in the business of providing financial protection to American families for nearly 70 years. The company is currently one of the top five life insurance providers in the United States.
The company’s corporate history dates back to 1836 when its parent company (Legal & General Group Plc) was founded in London, England. Legal & General America’s insurance products are sold in all 50 states, including D.C., through their companies, Banner Life Insurance Company and William Penn Life Insurance Company of New York.
Are you looking to build a vendor management program that provides real, measurable value to your organization?
Vendor Centric can help you get a new program off the ground and turn it into an ROI-generating machine. Schedule a call today.