Confidence in Every Connection: Strategic Third-Party Risk Management That Shields and Strengthens
We create forward-thinking Third-Party Risk Management (TPRM) programs that go beyond compliance—strategically designed to empower our clients, safeguard their operations, and preserve the integrity of their brand and reputation in an ever-evolving risk landscape.
Vendor Risk Assessment
We’ll exmamine your vendors’ maturity against industry peers, regulatory expectations—including ERISA—and leading practices, to ensure your third-party oversight aligns with fiduciary responsibilities and mitigates risk across your extended enterprise. Our scoring system ranks your vendors on critical capabilities against their peers.
RFPs
Our firm guides clients through the RFP process by developing tailored evaluation criteria and managing vendor communications to ensure a smooth, transparent selection of recordkeepers, investment advisors, and payroll providers. We leverage deep industry expertise to analyze proposals, facilitate finalist interviews, and deliver clear recommendations aligned with each client’s strategic goals.
Ongoing Managed Services
Gain comprehensive TPRM technology and process support tailored to your retirement and healthcare plan vendors, risk landscape, and evolving regulatory demands—empowering resilience at every stage.
We deploy AI to enable vendor selection and monitoring for ERISA compliance.
Our Vendor Cybersecurity IndexTM (VCI) is a breakthrough for fiduciaries.
Our VCI ranks 401(k) recordkeepers and payroll providers where it matters, in real-time.
We elevate conformance to the CAA by scoring healthcare plan providers’ safety.
Why Roland|Criss?
- Deep Regulatory Insight, Including ERISA Compliance
We help ensure your vendor relationships meet the highest standards of fiduciary responsibility under ERISA, reducing compliance risk and reinforcing your duty to act in the best interest of plan participants. - Unmatched Industry Expertise Across All Major Vendor Categories
Our extensive experience investigating and evaluating service providers spans every major category—including recordkeepers, investment advisors, mutual fund managers, third-party administrators (TPAs), and health & welfare plan vendors—giving you confidence in every decision. - Rigorous, Objective Vendor Evaluation and Monitoring
We apply a structured, data-driven approach to vendor selection and ongoing performance monitoring, helping you identify the best-fit partners and hold them accountable to service-level and regulatory expectations. - Tailored Strategies That Align with Your Plan’s Unique Needs
We don’t believe in one-size-fits-all. Our solutions are customized to your plan’s size, complexity, and risk profile—ensuring your vendor ecosystem supports your strategic goals and participant outcomes.
Our skills. Your opportunities.
TPRM is an Essential Fiduciary Best Practice
An effective third-party risk management program is crucial to protect retirement and healthcare plans from data breaches, compliance failures, and reputational harm.
TPRM has emerged as a widely used discipline for the selection and monitoring of vendor performance and fees. It has now become an integral part of the Department of Labor’s ( standards of fiduciary care for employers’ management of their retirement and healthcare plans.
Recent changes in employee benefit plans have improved efficiency and reduced costs but have also made it difficult for plan sponsors and fiduciaries to evaluate service provider compensation.
The subcontracting tactics used by employee benefit plan service providers place a premium on third-party risk management as a strategy.
Join us–secure your plan with confidence
We make employee benefit plan operations easier.
Efficient operations enhance strategic planning by optimizing resources, improving data insights, boosting agility, engaging employees, saving costs, and managing risks.
By focusing on those elements inherent in employee benefit plans, we help our clients create a strong foundation for strategic planning that drives long-term success.
Exposing vendors
We use AI to go where vendors’ security audits and penetration tests don’t, predicting with accuracy the likelihood of a cyber breach. Prudently selecting and monitoring vendors is made easier and more throrough.
Transparency leads to safety
Our VCI delivers full knowledge of a service provider’s cybersecurity capabilities, enabling plan fiduciaries to fulfill ERISA’s duty of prudent selection and monitoring by ensuring vendors can effectively protect sensitive participant data and plan assets from increasingly sophisticated cyber threats.
We are able to obtain the data that drives the VCI from the vendors’ online domains without their involvement.
Scoring and ranking vendors
Our proprietary algorithm analyzes multiple cybersecurity dimensions across retirement plan recordkeepers and payroll companies, dynamically ranking each vendor within quartiles specific to their service category while providing real-time cybersecurity capability assessment against industry benchmarks and peers.
This methodology delivers a representation of vendor cybersecurity posture, enabling plan fiduciaries to efficiently evaluate and continuously monitor vendors’ cybersecurity practices, document compliance with ERISA’s prudent selection requirements, and proactively identify potential vulnerabilities that could threaten participant data security.
Scoring for healthcare vendors
Our comprehensive cybersecurity scoring methodology evaluates healthcare plan providers and brokers using the same 11-point technology protocol we use for retirement plan vendors.
That protocol assesses critical security dimensions, including data encryption standards, access controls, breach notification procedures, regular security testing, incident response planning, vendor management practices, staff training protocols, regulatory compliance documentation, network security measures, data retention policies, and business continuity planning.
These multidimensional scores provide healthcare plan fiduciaries with actionable insights to identify security vulnerabilities, document due diligence efforts for compliance requirements, benchmark providers against industry standards, and implement continuous monitoring to protect sensitive participant health information from evolving cyber threats.
