Skip to content

Summarize your SOC 2 reports in minutes in Whistic AI! Read more.

Whistic

Summarize your SOC 2 reports in minutes in Whistic AI! Read more.

Whistic
Case Study

How Marlette Funding drives innovation and customer service in the finance industry with Whistic

Woman giving a presentation
Marlette Funding logo

Introduction

Marlette Funding makes money accessible to people so they can achieve their goals and enjoy their lives. This spirit drives constant innovation and has made them a leader in the Fintech market.

They pride themselves on providing outstanding customer service and understanding the needs of people who suffer from temporary financial difficulty. As a result, most of their employees are customer-facing.

It’s not unusual for an extremely agile company to hear an idea in the morning, implement it in the afternoon, and refine it at the end of the same day. They try lots of new ideas and are continually innovating. If they fail at something, they want to fail quickly, learn what they can, and move on to the next challenge.

This means that they use a lot of third-party suppliers. They needed help assessing and managing many vendors, and Whistic turned out to be the ideal partner.

man on tablet with stylus
Vendor Assessments

We bring on a lot of new vendors. We needed a platform like Whistic to help us manage that volume.”

Chet Sharrar, Chief Information Security Officer

Marlette Funding

Problem

A fast problem with a slow solution

“Our investors are carefully regulated, so we need to meet not only industry best practices but also regulatory requirements. We need to withstand the rigors of regulatory review,” said Chet Sharrar, Chief Information Security Officer. “That’s the business answer.”

The other side to this is their obligation to outstanding customer service, which means maintaining trust with customers and keeping their information private and secure—just as customers expect a financial institution to do.

When bringing on a new vendor, they used to send a spreadsheet questionnaire and wait for it to return. It could take up to a couple of months, which was way too slow for their pace.

Once a questionnaire was returned, it was evaluated for compliance and risk. They would classify and determine if the vendor was a high, medium, or low risk. Evaluations of either high or medium risk add follow-up activities, which could include a two-day on-premise visit for high-risk vendors or a remote process for suppliers deemed as medium risk.

For vendors determined to be low-risk, the questionnaire was the only instrument used. Risk analysis was formalized with a written report.

Marlette Funding needed a way to assess their vendors that matched their speed of execution.

coworkers in a meeting

Solution

“Whistic allows us to take a more fine-grained approach to the security review process,” said Chet. “Now, depending on their results, we may just do a remote assessment and not send someone on-site, so we realize large savings from not doing unnecessary evaluations.”

“We still have the same number of vendors with high inherent risk, but getting the scoring through Whistic, we’re able to carve out suppliers who don’t require the on-site follow-up procedure,” said Chet. This is why the detailed evaluation is so vital to Marlette Funding. It provides greater insights into a vendor’s control environment. They also utilize Whistic’s patented CrowdConfidence™ scoring algorithm as part of their evaluation process.

On-site follow-up activities cost nearly $30k each, so eliminating unnecessary visits is essential. The analysis possible with Whistic allows them to accurately distinguish which follow-up method is the most appropriate. In addition to cost savings, the time to onboard a new vendor is greatly reduced.

On the other end of the spectrum are suppliers who provide service, but only one department uses them. “In the past, we would have done nothing with them. But now, since we have a smaller inventory of high-risk vendors, we can do more and evaluate these suppliers,” said Chet. “We may send them a SIG assessment through Whistic, for example, so we’re able to do more due diligence with our low-risk suppliers than we were previously.”

“By using Whistic, we have a truer picture of what the residual risk is from our suppliers,” said Chet.

This is true for both high and low-risk vendors. “We’ve reduced expense on the highs, and there’s not a monetary amount associated with it, but we now have a clearer view of our low-risk vendors,” said Chet.

Evaluating low-risk suppliers is essential as well, because, even in circumstances where no PII is ever exposed, there’s still a reputational risk if any information is breached.

Using Whistic provides an accurate picture of residual risk from vendors.

Results

Increased visibility and greater reach to more vendors provide better overall visibility

20–40%

Cost savings from having appropriate follow-up activities

Better visibility

Used Whistic to clean up their existing vendor inventory, and all new vendors go through the same process providing accurate across-the-board information

Faster throughput

The previous process relied on spreadsheets and email

The Future

Marlette Funding is a fast-growing and dynamic company. And Whistic is their perfect partner.

Whistic looks forward to adapting, changing, and growing with Marlette. We’re both in the market for the long haul, and we’ve got things to prove.

Vendor Assessments Information Security
Back to Resources