Skip to content

Case Study | Third-Party Risk Management - Insurance Firm


Commercial relationships with suppliers of goods and services of several types are essential to the business model of insurance manufacturers. In pursuit of strategic objectives, insurers leverage the products and services of third parties which often are material in the delivery of important business services under the UK Operational Resilience regulation.

Our client is a global manufacturer of insurance products. As a result, they were in scope of new UK Outsourcing & TPRM regulation and engaged FourthLine for support to help them achieve compliance.  

The Challenge  

Consequently, rapid growth in headcount due to recent acquisition investment in systems, processes and procedures was required to ensure our client improved the maturity of its risk management approach. The firm had invested in a tooling solution to support its third-party risk management.  

Requirements, Solution and Approach  

The main requirement of the regulatory policy requires firms to:

  • Identify all their suppliers
  • Segment their suppliers in order of importance
  • Identify those suppliers that are material to the delivery of the firm’s important business services
  • Build a third-party register which becomes the system of record of the firm’s approach to third-party risk management

FourthLine mobilised an engagement with an initial requirements traceability assessment (‘RTA’) with the aim of identifying evidence of pre-existing alignment with the policy already active within the firm. This allows for the most efficient engagement design appropriate to the firm’s needs. The ‘RTA’ identified new capabilities required as a result of the policy, but also identified good examples of current best practice.  

The engagement design therefore focused upon developing the following capabilities: 

  • Develop a material outsourcing playbook with risk outcomes with roles & responsibilities 
  • Establish a third-party register in line with regulatory requirements 
  • Enhance inherent risk assessment and align TPRM Governance and oversight to Enterprise Risk Framework 
  • Design new third-party risk management framework and policy 
  • Embed resilience strategies into outsourcing agreements 
  • Design a strategy to operationalise, embed and socialise the new TPRM capabilities across 3 lines of defence 

The outcome & next steps  

The engagement delivered a successful compliant outcome for the client and enabled them to acquire new risk management capabilities to manage a key principal risk in their operations that impacts customer and resilience outcomes. 

To achieve further maturity our client is considering investing further in technology to enhance third-party monitoring & detection capabilities particularly around financial risks.

How FourthLine can help:

FourthLine is working with several Insurance clients to help them achieve compliance and react to the challenges of the new Third-Party Risk Management regulation, through a mixture of consulting and advisory services.

You can get in touch here to find out more about our tailored and proportionate response to TPRM compliance.

Read our TPRM Insight Deck
November 25, 2022
Jakes de Kock
Jakes is FourthLine's Marketing Director. He specialises in omni-channel, tech-enabled inbound marketing strategies to drive business growth within the b2b sector.
Contact Us

Company Number: 6952875

VAT Number: 981375491

Privacy Policy

Complaints Procedure

Code of Conduct


Stay up to date with industry news, risk and resilience events and webinars.

Copyright © 2022, FourthLine. All Rights Reserved.