Supplier Risk Assessment Frameworks: Metro Bank Case Study

Project: Design and Implement a Supplier Risk Management Framework

Client: Metro Bank


In 2017 Metro Bank was developing its Supplier Assurance team and running a programme to implement a series of controls to meet the requirements of the General Data Protection Legislation (GDPR, 2018).

3VRM was asked initially to help design the GDPR controls required over Third Parties. In partnership with Metro Bank management, 3VRM were able to develop the programme to include the design and implementation of a complete Supplier Management Framework covering all relevant risk domains.


3VRM used its experience of meeting regulatory requirements and privacy regulation to propose a series of new and enhanced activities that would be required to support the bank’s adherence to the GDPR.  These included changes to supplier contracts, due diligence and on-going monitoring processes.

To help ensure that GDPR-controls were sustainable, 3VRM worked with Metro Bank to develop improvements to the overall Supplier Risk Management Framework, including:

  • a new Procurement & Supplier Management Policy and supporting standards;
  • a number of tools to help perform Supplier Management tasks;
  • a detailed Supplier Assurance method with supporting test scripts and report templates.

3VRM advised Metro Bank stakeholders to design a framework which included all relevant risk domains, such as Cyber Security, Information Security and Resilience.

This was an efficient way to help Metro Bank implement a consistent and scalable programme which could develop with the Bank’s growth agenda.


The primary objective of the programme was to deliver a sustainable framework which could be operated by skilled in-house capability.  3VRM enabled Metro Bank to design and implement a significantly enhanced supplier management framework within a 12-month period.  As well as designing programme content, 3VRM delivered over 20 supplier on-site reviews, and partnered with business stakeholders to educate them on the value of supplier monitoring and assurance. 

The work performed allowed Metro Bank to meet all internal and external project commitments, whilst providing the platform for Metro Bank to develop a successful in-house capability.  3VRM is now retained to provide additional expert capacity when required.

Subscribe to our updates

Would you like to receive free Third Party Risk Management insights, case studies and tools?

Sign up here

Contact 3VRM

Connect: LinkedIn

Address: 28 Kansas Avenue, Media City, Salford, M50 2GL

Drop us a line

    You can unsubscribe at any time by clicking the link in the footer of our emails. View our privacy policy here.