Executive Summary
As breaches involving third-party vendors continue to make headlines, banks and fintech companies face growing pressure to review and adapt their third-party security programs. A recent high-profile incident in 2024, where a security vulnerability within a third-party system at Bank of America exposed customer data, highlights the importance of continuously monitoring vendors and suppliers. For banks, securing these relationships is critical to protecting both customer data and their reputation.
ClearBank launched in 2017 as the first new clearing bank in the UK for 250 years. It is disrupting the industry with cloud-based services that deliver banking infrastructure and today it supports more than 240 clients. A recognized leader in financial innovation, ClearBank found that managing a growing network of over 200 third-party vendors was creating multiple challenges. As the bank continued to scale, it appreciated that relying on DevOps tooling and keeping vendor records in separate silos was unsustainable.
Challenges
- Limited visibility into vendor cyber security posture
- Limited scalability for a growing digital supply chain
- Difficulty prioritizing critical vendors
- Suboptimal onboarding and vulnerability remediation cycles as the bank scaled
“Panorays gives us a full overview of our supplier base, specifically the suppliers that have a material security risk associated with them. The clear view of these suppliers’ ratings, status of the reviews, and the ongoing assurance we have around them is a game-changer.”
Meet ClearBank. Not your typical bank.
With a startup and tech-first mentality coupled to its model of building and delivering banking infrastructure to FCA regulated firms, ClearBank isn’t your typical financial institution.
The first new clearing bank in the UK for 250 years, ClearBank has built its IT infrastructure from scratch, providing banking infrastructure in the form of a variety of accounts and connectivity to the UKs payment schemes, alongside embedded banking services to regulated financial services firms, from fintechs and digital asset platforms through to credit unions and wealth management platforms. Faced with a growing network of third-party vendors, ClearBank needed to verify that their partners were secure and compliant – and to do it quickly. As the bank continued to scale, overseeing over 200 suppliers, evaluating each effectively and accurately became a challenge.
Background and Challenge
“The challenge for us was around visibility,” explains Matt O’Neill, Head of Security, Governance, Risk, and Compliance at ClearBank.
Before adopting Panorays, ClearBank used one tool to monitor suppliers and kept separate files for supplier records. Owned by different stakeholders, these siloed records were difficult to maintain, and extracting real-time insights was a challenge. This setup led to challenges with visibility and made it difficult for the team to trust the data, onboard vendors quickly, and manage cyber risks effectively.
With a growing network of vendors and without an integrated solution, the bank was unable to prioritize critical vendors and scale effectively.
ClearBank identified that it required a new approach, one that offered speed, visibility, automation, and consistency in their third-party cyber risk management. But could they find all these in one solution?
Panorays: A Single Source of Truth for Third-Party Security
While evaluating different solutions, the team learned of Panorays, a transformative platform that promised to unify and streamline ClearBank’s third-party cybersecurity processes. Unlike other solutions, it felt Panorays offered an agile and modern SaaS-based platform that focused on business outcomes and accelerating processes with automation and AI.
The platform offered:
1. Clear Visibility
Providing a 360-degree view of the entire digital supply chain, Panorays delivers real-time insights into each vendor’s security posture.
2. Enhanced Productivity
Automating the vendor assessment process, the platform reduces the time and effort required for evaluations and ongoing monitoring.
3. Advanced Standardization
Panorays standardizes workflows, processes, and assessments, reducing the likelihood of oversight, and guaranteeing full compliance.
4. Scalable Growth
As ClearBank grows and adds more vendors, Panorays’ scalable platform could easily handle the increasing workload without compromising quality or speed.
ClearBank also appreciated Panorays’ approach to support and in particular their responsiveness, understanding of ClearBank’s unique needs, and problem-solving focus.
“Whenever we’ve had questions or issues, they’ve been quick to respond and provide solutions. We’ve also had regular check-ins with them to make sure we’re getting the most out of the platform.”
Results
ClearBank needed a third-party cyber security solution that could keep up with their need to scale and move fast without losing control or compromising security.
Panorays, with its focus on business-led solutions, automation, and AI, proved the perfect match for the bank’s own attitude to using the latest technology to deliver better outcomes. As Matt explains, ClearBank doesn’t just “use” Panorays; it has rebuilt its entire third-party cyber security workflows and strategies around Panorays.
The following results prove the benefits of this decision:
360 Visibility
ClearBank now has complete control and view of its entire supplier base, including 4th to nth parties, with real-time insights into each vendor’s security posture.
Tailored Threat Prioritisation
ClearBank used to spend significant time investigating low-key cyber risks. Now, ClearBank can prioritize cyber risks based on its business KPIs and KRIs, and address critical vulnerabilities first, leveraging Panorays’ Risk DNA™ methodology.
Automated Vendor Assessments
The ability to automate assessments and easily customize cyber questionnaires had dramatically reduced the time and work needed for evaluations, freeing the team to focus on more strategic tasks.
“The pace of reviews is so much faster now. We can identify and respond to the supplier’s security posture far quicker than was possible with the very manual processes we had in place before.”
Scalability
As ClearBank continues to expand, Panorays scales effortlessly, allowing ClearBank to manage over 100 critical suppliers without compromising quality or speed.
Shorter Remediation Cycles
Panorays continuous monitoring creates a strong synergy between threat detection and remediation – eliminating the lag between identifying a vulnerability and addressing it. Using the platform’s built-in communication and tracking workflows, ClearBank can immediately engage with vendors when an issue is detected and collaborate to resolve it.
“We had a supplier that was critical for one of our projects. When we conducted the initial review using Panorays, it revealed significant cyber security gaps – they lacked multi-factor authentication and were running outdated software. We were able to work with them to address these issues before it became a bigger problem. Without Panorays, we might have missed these issues or found them too late.”
A Single Source of Truth
Before adopting Panorays, ClearBank’s third-party cyber security processes were siloed, limiting the bank’s ability to make data-based decisions. Now they have a unified, centralized platform where they can view, assess, and track every stage of the vendor lifecycle – with real-time insights to support strategic decisions and executive reports.
Complete Team Alignment
Now that ClearBank’s security team is growing, Panorays helps keep all stakeholders – Security, but also Legal and Finance, aligned and focused on their tasks. Centralizing all security and compliance processes, the platform makes it easy to track tasks, assign responsibilities, and collaborate effectively.