Skip to content
Case Study

Fintech: the importance of vendor program automation

Woman smiling with numbers behind her
finicity logo


Founded in 1999, Finicity is a financial industry pioneer. With over 15 years as an innovator in Personal Financial Management and Consumer Financial Wellness, Finicity has built a culture that centers around enabling and celebrating the financial success of our customers. Finicity enables a financial data-sharing ecosystem that is secure, inclusive and innovative. Through its real-time financialdata aggregation and insights platform, Finicity provides solutions for financial management, payments and credit decisioning. It is also leading the development and promotion of industry standards. The company has developed more than 16,000 bank integrations, with the vast majority through connections that provide access to formatted bank data, improving information access and accuracy. Finicity is the winner of API World’s 2016 Finance API of the Year. Finicity’s mission is 3-fold: Democratize Financial Event Data, Improve Financial Data Access Security, & Unlock Financial Application Innovation.

Vendor Assessments

Previously with Ernst & Young for 12 years, where he focused on assisting companies with security & compliance programs across a broad spectrum of vendor management, access controls & vulnerability management.”

Danial Palmer, VP, Compliance and Internal Audit


The Challenge

Given heightened awareness & sensitivities in the Fintech Space, Finicity recognizes & evangelizes the importance of enforcing and emphasizing compliance & security requirements given the large amount on confidential & sensitive information involved within their industry. Finicity continues to drive maturity & proper perspective given the impact of the data in this space.

Responding to security questionnaires averaged 5-8 hours each occurrence, depending on what exactly was being requested. Our team was literally filling out spreadsheets manually and knew this process could be improved upon. Finicity had no tool nor formal platform and realized they needed to develop a security program moving forward. Finicity needed a platform and assessment tool to vet vendors and ideally assist in responding to security requests sent to us from financial institutions.

Finicity had no tool nor formal platform and realized they needed to develop a security program moving forward.

The Solution

Finicity chose to expedite installing a best in class platform with Whistic versus building their own framework.

An internal buildout would have most likely included spreadsheets & using a suboptimal file structure. “Whistic helped us get off the ground quickly & actually start our vendor assessment program utilizing with the existing tools & processes within the platform. Whistic truly is a seamless platform that offered us easy out of the box implementation. Implementation was pretty easy and we were able to use a good amount of functionality from day 1,” according to Dan.

Whistic allowed Finicity to expedite the building & deployment of their security program. Finicity has sent their Security Profile to approximately 40 Financial Institutions (Banks & Credit Unions) and has seen a 100% acceptance rate thus far amongst those that have received & reviewed it. Mr. Palmer stated “Our Security Profile helps to build trust and to show our proactive posture, display a mature program to our partners. The flexibility to quickly change/modify our profile is also quite nice, it only takes a matter of minutes to send out Finicity’s Security Profile.”

With regards to impact on sales cycle, security is a top priority and line-item within the procurement process. Finicity is required to pass requirements set by financial institutions right from the start, the Whistic platform assists Finicity to move efficiently through the sales cycle. Fincity’s Compliance is able to work in concert with their Sales team in order to be efficient, the previous alternative entailed spending 8+ hours answering questionnaires,sometimes over multiple work days.

Fincity also benefits from the Whistic Vendor Catalog. This is useful to show evidence that Finicity has assessed their vendors since Finicity is held to the same security requirements that many large financial institutions are held to.

Additional features of benefit include the Whistic Suite’s included reporting proved to be very useful, as well as getting feedback on who has viewed Finicity’s Security Profile. The SIG & SIG Lite questionnaires being housed within the platform are especially useful.

Whistic truly is a seamless platform that offered us easy, out of the box, implementation.”

Danial Palmer, VP, Compliance and Internal Audit an Finicity


Customer Trust Third-Party Risk Management