WHAT is Vendor Risk Management?

When buying certain products and services, Deutsche Bank needs to make an assessment to determine what risks may arise from doing so – and then manage those risks appropriately. 
To improve the experience, of both Bank staff and our third parties, we are introducing a new Vendor Risk Management (“VRM”) process and a new system to support it. This is aimed at enhancing the Bank’s control environment and ensuring partnerships with third parties are better managed, more effective and more transparent.
This VRM process involves the establishment of a risk profile for services at the outset using questions which determine the service’s risk “attributes”. We have pre-defined the control requirements associated with these attributes and third parties will be provided with a clear list of the evidence needed to prove that the controls applicable to their service are in place. 
Once these controls have been ‘certified’, the system will “remember” the evidence for as long as it is valid – so future engagements should be quicker and easier to approve. If a new service has different attributes – and, therefore, require additional controls – third parties will only be asked for evidence of these new requirements.
This approach is designed to reduce wasted and duplicated effort so all of us are able to spend less time on administration and more time generating value for our clients.