TPRM Data – How to address its challenges and realize its full value.

| By Brian Shaw

Increase The Value of Your Data, And the ROI on the Data You Buy.

Buying data is easy, understanding and correlating that data to your unique risk scoring model at the
relationship level, not so much.

Most FinServ’s subscribe to one or more data providers, typically focused on TPRM risk domains
including IT / Cyber, ESG, ABAC, Supply Chain etc. The information those services provide is extremely
valuable, but most banks still find it difficult to consume that data in a meaningful way, without
significant time, expense and effort required from human review and correlation.

Efficiency, cost reduction, and the constantly increasing pressure of new and revised regulatory
requirements is driving even more banks to subscribe to even more of these subscription services than
ever before. The reality is these banks still struggle to answer “how will I consume that information” as
they are already overloaded and can’t leverage the existing data sets they already have, due to the
massive amount of information involved and personnel, time, and bandwidth constraints. This is where Mirato is in a Unique position to help.

Data Is Good, Understanding Data Is Better

The key Mirato difference is not the consumption of data but automating the correlation of that data
to your risk scoring, rating, ranking, at the service and location level, across all domains, for the entire
TPRM lifecycle. This not only reduces the time, effort, error, and cost associated with consuming that
data, but extends the value by completing the assessment exercises the data is intended to support in
the first place. (onboarding / due diligence, continuous monitoring, periodic assessment, etc.)

For existing and newly added subscription data services, Mirato constantly digests and correlates not
only the metadata (BitSight “Security Rating”, Rapid Ratings “FHR Score”, Interos “I Score” etc..), but
also the detailed information in the unstructured reports these solutions provide to increase the value
of these services. This enables firms that are already unable to consume the data they purchased to
finally do so, to get more value form that information than possible with manual review, and even add
more data sources without requiring additional headcount or training. This is simply not possible
under current time and resource limitations.

Subscription Data + Unstructured Document Analysis = Continuous Assessment

What’s better than faster and easier periodic or point in time assessments? Continuous Assessment.
Cycle times for expiration and refreshment of the many different third party provided TPRM certificates,
attestations, and documents vary greatly, reviewing and correlating their relevance as they are updated
exceeds most programs resource capabilities and is often not done at all. Mirato can monitor all
changes within these new documents as they arrive, providing real time alerts for any issue of
concern.

Combined with the constant analysis of the information coming in from your subscription data services,
this enables truly continuous monitoring, with full visibility into changes reported from your subscription
services combined with changes as they occur in your third-party documentation. This means the typical
periodic review of each third party after onboarding (cadence = “once a year, every two years, or every
three years “usually based on risk level) is unnecessary for many of your third parties. Now, all the data
on your third parties, whether provided by subscription feed, documents, or in your other systems can
be reviewed constantly. Continuous Assessment is “the new” Periodic Assessment, with Mirato.