Main Page by Topic
Vendor Risk Mitigation Strategies
See Also: Vendor Risk Management
See Also: Vendor Risk Audit Checklist
This page provides suggestions for strategies that do two things:
1) Mitigate, i.e., reduce, Vendor Risk and
2) Decrease TCO (Total Cost of Ownership) or otherwise help a firm.
It is important that the items do both. Why? It would be a hard sell for an IT firm to spend money on a project that only reduced CTRM Vendor Risk with no other benefits.
Also, consider for each of the below, most if not all of the items will make Upgrades easier. In other words, where appropriate, rather than spend some Upgrade budget on a like-for-like upgrade for some particular system functionality, maybe instead redirect that budget to a better solution with lower Vendor Risk and lower TCO.
CTRM Vendor Risk Mitigation Strategies, Tips and Techniques
Note: This is a starter list. Look for additional items to be added, as well as additional clarifying descriptions to be added by November 2020. In the meantime, make sure to check out the links above, especially the Vendor Risk Audit Checklist.
1) Where practical, create an abstraction layer between your systems and the vendor-supplied CTRM system. Such that there are no or minimal direct links/interfaces to/from the CTRM system and the rest of the systems in the organization. Web Services can be a tool to use to help achieve this.
2) Own your data
e.g., keep relevant data in a system you built and own, sometimes called a ‘Datamart’ or a ‘Data Warehouse’. E.g., consider a future state as to what things would look like if you were to stop using your legacy CTRM system.
3) For end of day reporting and extracts/interfaces, instead of creating them directly from the CTRM system, create them from a Datamart/data warehouse. Send the rawest of raw data each day to the datamart.
4) In particular, consider that a Big CTRM system may have a ‘Scripting Language’ or ‘Extensibility Language’ that allows for firms to code, sometimes into the 10s of thousands of lines of code, customizations and reports.
Firms have historically put their custom business logic for extracts/reports directly into the CTRM systems, using the CTRM systems as development environments for new code. That can offer a convenience and is less of a worry in a low Vendor Risk environment.
In a high Vendor Risk environment, firms should consider halting or extremely limiting new code being written ‘behind the firewall’ of a CTRM’s proprietary APIs. And instead try to do as much as possible, i.e., in terms of reporting especially, outside of the CTRM system, using more open tools.
5) Limit your usage of the CTRM systems front end for trade entry. Build your own or use off-the-shelf tool, e.g., OMS Order Management Systems.
Introduction to CTRM
Click on this link for a great introduction to CTRM software: Introduction to CTRM Software