THIRD PARTY SECURITY ASSESSMENT – Re-engineering E2E TPSA process to reduce TAT, streamline operations & benchmark KPIs

A leading global banking and financial services company with a centralized TPSA operation was facing severe issues from audit observations and growing customer dissatisfaction over process gaps, longer TAT and loosely coupled process controls.


  • Current TAT was >120 days for on-site assessments. Business expectation is <45 days.
  • Large number of observation closures remain unattended due lack of follow up and ownership – Audit observation.
  • High ratio of on-site assessments over total assessments contributes to high cost of operations.
  • No visibility to the pipeline and progress status of open assessments, leading to frustration among customers and senior management.


  • Re-engineered E2E process using a Value Stream Based methodology. Identified process waste in terms of non-value added activities.
  • Dismantled current processes into smaller manageable sub-processes – Applicability Assessment, Audit, Due Diligence and Observation Closures.
  • Implemented workflow based Capacity Planning Model to drive transparency into the pipeline.
  • Restructured the applicability assessment questionnaire with a pragmatic approach.
  • Established a multi-tier matrices model for enhanced ops management and monitoring.


  • E2E TAT reduced from 120 days to less than 40 days for on-site assessments.
  • Eliminated back log in due diligence and observation closures.
  • TPSA applicability ration reduced from 60% to 33%. High risk (on-site assessment) reduced to 8% from 20% – Annualized savings of SGD 1.3M in 2018.
  • Established a culture of continuous improvement through Kaizen.


  • Value Stream Mapping
  • KPIs – CTQ Mapping
  • Process Re-engineering
  • Skill based Specialization
  • Standardization