How Nomupay Automated Third-Party Risk Monitoring with Clarative

CASE STUDY

How Nomupay Automated Third-Party Risk Monitoring with Clarative

From Manual Tracking to Real-Time Visibility at a Fast-Growing Payments Business
‍
Nomupay's Enterprise Risk team was responsible for third-party risk across a fast-growing payments group, but ongoing vendor monitoring was manual and inconsistent. With DORA requirements in scope and a team of two, they needed a way to automate SLA tracking and due diligence review without adding headcount or adopting an oversized platform.
Clarative gave them real-time vendor visibility from day one, with almost no setup time, and is now central to how Nomupay manages and has conversations with its critical third parties.

Background

Nomupay is a payments company operating across multiple jurisdictions in Europe and Asia. The business has grown rapidly in recent years, and with that growth has come the challenge of building mature risk and compliance processes at pace.‍

Ciaran O'Donnell is the Enterprise Risk and Resilience Senior Manager at Nomupay. His team, just himself and one analyst, is responsible for the risk management frameworks that support the entire group: enterprise risk, incident management, third-party risk, and regulatory compliance. Despite the small team size, their mandate covers every aspect of risk, resilience, and compliance across the business.

A core part of that mandate is third-party risk management (TPRM).

The Challenge: Flying Blind on Ongoing Monitoring

Nomupay had onboarding processes for third parties, but ongoing monitoring was a
different story. SLA tracking was happening informally, inconsistently, and largely on
trust.

"We were going out and asking 'are you meeting the SLA' and they would say 'yes,'"
Ciaran explains. "But I had no assurance. I'm aware of incidents and downtime on some of these services, so are we sure we're definitely tracking this?"

The concern was not just operational. With DORA (the Digital Operational Resilience Act) applying to Nomupay's EU operations, the business needed to be able to demonstrate its oversight, not just assert it.

The SLA monitoring that did exist was manual, ad hoc, and not uniform across the business. With a lean team and a company that had scaled faster than its processes, there simply wasn't the headcount to keep up.

"The business itself has grown so quickly. Those more mature processes around third-party management were not uniform across the group. Once a vendor is onboarded, until they caused a problem from a business perspective, no one was actually tracking."

Why Clarative?

A Streamlined Solution

As DORA requirements came into focus and the business continued to grow, it became clear that manual monitoring was no longer sustainable. Scaling headcount in line with the business wasn't a viable path forward. They needed a way to do more without simply adding more people.

"A solution is required, because either you massively increase your team in terms of headcount, or you bring in tooling."

When Nomupay came across Clarative, it quickly became clear that tooling was the right path. But not just any tooling. The platforms Ciaran had seen before were bloated with features his team didn't need and took significant time to configure before they could see any value.

"Nine times out of ten, the solution I want is actually quite simple, but it comes with all this additional stuff you still have to pay for. The actual thing you want is like 20% of what the tool does."

What Clarative offered was different: automation that was focused, easy to adopt, and didn't require a lengthy implementation to see value. For a team already stretched thin, that distinction mattered.

"It saves you money and time in terms of headcount."

From the earliest conversations, the fit was clear, and the working relationship reinforced it.

"From the very first meetings, you could tell: this is a good, simple solution that does what it says. And the fact that you're young and growing means we can actually be on the ground floor. When you want anything changed with a bigger vendor, it can take months, if not years. With Clarative, we could say we need this and actually see it happen."

There was some initial skepticism about working with an early-stage company, Ciaran acknowledges, but "everyone's got to start somewhere."

A vendor's SLA monitoring page, which displays detailed lists of relevant incidents along with the linked source for verification

Implementation & Impact

Getting up and running with Clarative required minimal effort, which Ciaran says is rarer than it sounds.

"Sometimes when you set up a new system, there are hours and hours of setup where you have to go in, get your teams to go in, and calibrate everything. It hasn't been like that. Which for me is a massive win."

Within the onboarding period, Ciaran was already using the tool to monitor incidents from key vendors. When Clarative flagged a risk event, he could cross-check whether it had any operational impact on Nomupay and close it out quickly.

"I can see XYZ is happening and go to the person on our side and say, 'has this impacted us?' That's been really helpful."

On SLA tracking specifically, the value was immediate. Clarative backdated historical data, giving Nomupay a usable baseline from day one, and the visibility it created opened up a new dimension in vendor conversations.

"Where I can see the value add is actually for the business being able to have meaningful conversations with critical third parties. If we're looking at re-signing with a vendor, we can say, 'Actually, you haven't been hitting your SLAs.' That data makes those conversations completely different."

Expanding into Vendor Onboarding

A Streamlined Solution

With SLA monitoring in place, Nomupay began looking at a second use case: automating the intake and due diligence review processes that sit at the heart of third-party onboarding. Today that process runs through questionnaires in their GRC platform, with the team manually working through vendor responses and documentation to assess whether standards are being met.

"At the moment we go through all the evidence manually. If we can automate that review and have just the key elements flagged, plus the evidence that it meets the standard, that would be night and day in terms of the time it would save."

The implications go beyond efficiency. Right now, Nomupay has to make judgment calls about which vendors get thorough scrutiny and which get a lighter touch, simply because there are not enough hours in the day.

"It would also let us do more enhanced monitoring on third parties that right now we might just risk-accept."

Clarative's Due Diligence AI-assisted evidence review screen

In Their Own Words

For Ciaran, the case for Clarative comes down to time. With a team of two covering an entire group's worth of third-party risk, the ability to automate what was previously manual work is a must-have.

"Clarative is worth it 100%. The simplicity and ease of use, combined with how much value it gives you in terms of getting your time back, whether that's ongoing SLA monitoring or due diligence review. It gives you so much more time and so much more scope to actually do the job properly."

After seeing immediate value in SLA monitoring, Nomupay is now looking to bring that same automation to every stage of their third-party risk lifecycle, from initial onboarding through to ongoing oversight.

"It's a simple, graceful solution to quite a large problem, from a workload perspective, whether that be onboarding or ongoing monitoring. And it's applicable to so much more than just DORA."

Nomupay is a payments company operating across Europe and Asia. Ciaran O'Donnell is Enterprise Risk and Resilience Senior Manager.

Transform your team's risk & compliance processes

Discover what Clarative AI can do for you.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.