This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Fidelity Investments
Enabling Resilience with Proactive Third-Party Risk Management at Fidelity Investments
Fidelity Investments is one of the world’s largest providers of investment management services. Founded in 1946, the organization now helps more than 43 million individuals with their financial goals, manages employee benefit programs that help over 24,000 organizations support their employees’ well-being, and supports more than 3,700 wealth management firms with innovative investment and technology solutions that help to grow their business.
The organization has grown its business operations tremendously since its inception eight decades ago, and it’s also grown to understand the importance of having dynamic and agile business continuity and operational resilience programs that enable the organization to bend but not break when faced with challenges. The organization recently embarked on a transformative technology recovery and resiliency project with Fusion and is also working to bolster its third-party risk management program as its next initiative.
Prior to partnering with Fusion, Fidelity had a traditional vertical understanding of its third-party risks. Its global business units worked in data silos that made it difficult to see third-party risks from a holistic perspective.
The organization relies on numerous critical third parties to deliver core business services to its global customer base, but it lacked a singular viewpoint that provides an acceptable level of service in the face of faults, stresses, outages, and unprecedented events. The enterprise resiliency team at Fidelity realized that it needed a scalable solution that would help to proactively monitor and mitigate potential disruptions while also ensuring true business continuity and operational resiliency.
Increasing Third-Party Visibility
Fidelity sought a solution that could properly manage third parties throughout the entire third-party lifecycle by revamping the onboarding process and ensuring continuous vulnerability monitoring. The organization chose Fusion’s solution because it could provide the enterprise resiliency team with a holistic understanding of potential core business disruptions as well as proactive mitigation tactics.
Since implementing Fusion’s third-party risk management solution, Fidelity has been working with the Fusion team to break down organizational silos and establish a horizontal view of risk exposures across all business units. This has provided the organization with a comprehensive understanding of its organizational risks and has enabled the enterprise resiliency team to establish proper risk ranking and RTO (recovery time objective) protocols. Fidelity is now able to make agile decisions related to its third-party ecosystem as well as respond and act quickly to any disruption that could impact the organization’s ability to provide critical products and services.
Fusion provides Fidelity with a detailed and scrutinized analysis of business impact based on each third party’s downtime. The organization is able to clearly see the effects of potential downtime at the one-day mark, after three days, and beyond. The enterprise resiliency team now has a full understanding of who it needs to engage with in the case of disruption and has a comprehensive, step-by-step process on how to respond.
Fusion allows us to create a ‘vendor continuity plan’ that is entirely separate from our existing business continuity planning that can engage all relevant stakeholders at a moment’s notice.
Establishing Agile Plans of Succession
Fidelity also required a solution that provided automation and efficiency at scale with the growth of additional transactions from new and existing Fidelity customers. The enterprise resiliency team wasn’t expanding, but it still had to meet this increased risk exposure. The team needed to develop agile succession plans to establish secondary and tertiary vendors.
The organization has been working with Fusion to develop business continuity plans that incorporate vendor alternatives for situations where supplier diversity isn’t enough to ensure true continuity and resiliency. When a disruption does occur, Fusion’s third-party risk management capabilities allow Fidelity to quickly seek established vendor alternatives and estimate the timing that it would take to return to both partial and full operationality.
It’s not just about how quickly you can change over to an alternative vendor – it’s about the health of your organization and its core functionality in that short term.
Achieving Executive Buy-In and Reinforcing Regulatory Credibility
Fidelity’s enterprise resiliency team had difficulty communicating risk exposures and third-party ecosystem health to its C-suite. Lack of visibility across the entire organization hindered communication efforts. The full potential impact of risks could not be easily visualized at an organizational level.
To help practitioners achieve executive buy-in and strengthen their continuity, third-party, and resilience programs, Fusion’s interactive capabilities easily measure the impact of disruption in both the short term and long term, down to the granularity of each individual third party. By leveraging Fusion’s solutions and resources, Fidelity’s risk practitioners now have an arsenal of easily understood materials that help them to explore current risk exposure levels across their third-party ecosystem.
Moreover, Fidelity can now map regulatory compliance efforts across its third-party risk management practice. This allows the organization to demonstrate compliance across jurisdictions with ease – all through a simplified dashboard that can easily pull vendor assessments, third-party criticality, and business impact analyses.
We utilize Fusion to provide actual numbers to our senior stakeholders. We can look at risks and show costs based on real-time measurements. It is not enough to just know if we are an ‘A student’ – we need to know if we are scoring a 90 or a 100.
Strong Partnerships Result in Strong Programs
Fidelity and Fusion continue to work together to strengthen Fidelity’s risk management posture one program at a time. As each program’s needs evolve, Fusion is there to provide customized support and powerful solutions. This strong partnership ensures that Fidelity can proactively address critical threats with minimal disruption to core functionality and continue to expand its global business operations.
Key Takeaways
-
Third-Party Visibility
Fidelity is now able to make agile decisions related to its third-party ecosystem as well as respond and act quickly to any disruption that could impact the organization’s ability to provide critical products and services.
-
Plans of Succession
Fidelity has been able to develop business continuity plans that incorporate vendor alternatives for situations where supplier diversity isn’t enough to ensure true continuity and resiliency.
-
Executive Buy-In
To help practitioners achieve executive buy-in and strengthen their continuity, third-party, and resilience programs, Fusion’s interactive capabilities easily measure the impact of disruption in both the short term and long term, down to the granularity of each individual third party.
-
Regulatory Credibility
Fidelity can now map regulatory compliance efforts across its third-party risk management practice.