Rotate Your Device

This site doesn't support landscape mode. Please rotate your phone to portrait.

Send is now live: multi-channel outreach, built into the agent. Included on all paid plans.
third-party riskUK building societiesemail outreachB2B salesOrigamicompliance leads

Third-Party Risk UK Building Societies Email Campaign: A 2026 Step-by-Step Guide

A tactical email outreach guide for TPRM and compliance buyers at UK building societies — using Origami's built-in sequencer to run a 3-touch campaign that gets replies.

Finn Mallery
Finn MalleryUpdated 13 min read

Founder @ Origami

Quick Answer: You’ve built your list of third‑party risk contacts at UK building societies using Origami. Now it’s time to run the campaign. Origami has a built‑in email sequencer that sends personalised multi‑touch sequences directly from your prospect dashboard — no CSVs, no syncing, no separate tools. Here’s exactly how to refine that list, craft a 3‑touch sequence you can copy‑paste, and launch it.

This guide is the second half of a two‑part series. If you haven’t built your prospect list yet, first read how to build a list of Third-Party Risk UK Building Societies Prospecting. That post shows you the exact prompt to drop into Origami to pull decision‑makers who manage third‑party risk at UK building societies.

Once you have that list — names, verified emails, job titles, companies, phone numbers — you’re ready for the email campaign. Most people stop at the list and wonder what to do next. I’ll walk you through the real work: qualifying the leads, writing messages that get replies, and sending it all from the same platform.

Understand the Buyer Before You Write a Word

UK building societies are not giant banks. They operate under the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA), but with smaller teams, tighter budgets, and often a greater reliance on third‑party providers for critical operations. The regulatory pressure has only intensified through 2025 and into 2026: PRA’s operational resilience framework, SS2/21 on outsourcing and third‑party risk management, and the EBA’s guidelines on outsourcing are all live and being enforced. A mid‑tier building society might have 200–500 third‑party relationships but only one or two people dedicated to managing that risk day‑to‑day.

Your target contacts will have titles like:

  • Chief Risk Officer (CRO)
  • Head of Compliance
  • Third‑Party Risk Manager
  • Head of Procurement / Vendor Management
  • Operational Resilience Lead
  • Director of IT (they often own the supplier risk register in smaller societies)

The common thread: they are overwhelmed by manual processes, drowning in spreadsheets, and worried about their next PRA visit. They need to move from annual questionnaires to continuous monitoring, but they often lack the tools — or the political capital — to get budget. Your email sequence must speak to that reality, not generic “third‑party risk challenges.”

Step 1: Refine and Segment Your Origami List

Origami returns a lot of data. Your first job after the AI agent finishes is to trim the fat. Even a well‑prompted list will include a few people who don’t belong in a TPRM outreach sequence.

How to Review the List in Origami

Open your saved prospect list. You’ll see columns for Name, Title, Company, Email, Phone, and often enrichment data like company size or tech stack. Sort by title and scan:

  • Remove obvious mismatches: Anyone in pure marketing, branch operations, or retail banking without a risk/compliance mandate. A “Branch Manager” at Nationwide is not your buyer.
  • Flag generalists: Someone with a title like “Compliance Officer” might handle AML, not supplier risk. Keep them for now, but you’ll segment them differently.
  • Look for signals of responsibility: Titles that include “Third Party,” “Vendor,” “Supplier,” “Outsourcing,” “Operational Resilience,” or “Procurement” are gold. Also “CRO” and “Head of Risk” at smaller societies — they’ll own the TPRM remit even if the title doesn’t say so.

Segment by Company Size and Role

Now segment your cleaned list. You can do this inside Origami by tagging leads or by creating separate sub‑lists. At minimum, create two groups:

  • Tier 1: Large building societies (Nationwide, Yorkshire, Coventry, Skipton, Leeds, Principality, etc.) — you’ll face more formal procurement processes and likely multiple stakeholders.
  • Tier 2: Smaller regional societies (e.g., Darlington, Ipswich, Monmouthshire, Saffron) — these often have a single point of failure, like a CRO who also acts as the operational resilience lead. They’re more accessible and often more urgent.

Within each tier, further split by role:

  • Risk & Compliance owners — message will lean regulatory.
  • Procurement & Vendor Management — message will lean operational efficiency and time savings.

What “Qualified” Looks Like for This Audience

A truly qualified lead here is someone who:

  1. Has explicit TPRM, outsourcing, or operational resilience responsibilities in their title or remit.
  2. Works at a UK building society (not a bank, not an insurance company — building societies have specific mutual structures and regulatory expectations).
  3. Is at a society that is subject to PRA outsourcing rules (almost all of them are, even small ones).
  4. Shows signs that they are actively evaluating tools — maybe they recently posted about supplier risk on LinkedIn, or their society just had a PRA feedback letter mentioning third‑party management.

If a contact doesn’t meet these criteria, either delete them or move them to a nurture list for a different campaign. Your sequences will perform better with smaller, hyper‑relevant lists than with large, loose lists.

Step 2: Create the Email Sequence

Origami gives you two options for setting up your sequence:

  1. Paste your own templates: You write the messages, set the delays between touches (e.g., Day 1, Day 3, Day 7), and hit launch. Full control.
  2. Let the AI agent write it: Ask Origami’s AI to generate a personalised 3‑day email sequence for all your leads. The agent uses each contact’s profile data — title, company, industry — so every message feels custom. This is a huge time‑saver, and for many campaigns it performs surprisingly well. But if you’re in a niche like UK building societies, I recommend writing your own sequence first, because the regulatory nuance matters. The AI can handle general personalisation, but your messaging needs to reference PRA, SS2/21, and the mutual building society structure. You can always A/B test the AI‑written version later.

I’ll give you a full 3‑touch sequence you can copy, paste, and adapt. These are real messages I’ve used in this exact niche, tuned to the pain points that building society risk teams feel every day in 2026.

Sequence Cadence

  • Touch 1 (Day 1): Initial cold email
  • Touch 2 (Day 3): Follow‑up with a different angle
  • Touch 3 (Day 7): Breakup email

Delays can be set inside Origami’s sequencer. You can choose the exact day and time for each step. I’ve found Tuesday–Thursday mornings (8–10 AM UK time) work best for this audience.

Touch 1: Initial Outreach

Subject line: , quick question on third‑party oversight at

Preview text: How are you handling the PRA’s expectations around continuous monitoring?

Body:

Hi ,

I noticed you’re the at . Given the PRA’s focus on operational resilience and the SS2/21 requirements for outsourcing oversight, I wanted to reach out.

Most building societies we speak to are still relying on annual questionnaires and spreadsheets to manage third‑party risk — but regulators increasingly expect something closer to continuous monitoring.

Worth a 10‑minute call to share how a few of your peers are tackling this without adding headcount?

Cheers,

Touch 2: Follow‑Up (Different Angle)

Subject line: , one more thought on supplier risk at

Preview text: It’s not just regulation — it’s the cost of missed red flags.

Body:

Hi ,

Following up on my last note — one thing that often surprises building society risk teams: the gap between what annual questionnaires catch and what’s actually happening with their critical suppliers.

We’ve seen societies that passed their last PRA review comfortably, yet within six months a tier‑2 supplier had a data breach that the questionnaire never surfaced.

Happy to show you how a few societies are using automation to spot those changes between review cycles. No sales pitch, just a 5‑minute look at the approach.

If now’s not the right time, no worries at all.

Best,

Touch 3: Breakup (Final Touch)

Subject line: , closing the loop

Preview text: A quick parting resource on TPRM for building societies.

Body:

Hi ,

I’ll leave this here just in case it’s useful.

We’ve put together a short checklist covering the PRA’s latest expectations on third‑party risk management for building societies — based on the 2025/2026 supervisory statements and feedback letters.

[Link to resource]

If you’d like a copy, just reply and I’ll send it over. And if TPRM isn’t your focus right now, I’ll stop emailing. Either way, thanks for your time.

Cheers,

These messages work because they:

  • Name a specific regulation (SS2/21, PRA operational resilience) — this signals you understand their world.
  • Reference “building societies” specifically, not “financial services” — the regulatory burden is tailored, and they know if you’re generic.
  • Offer a low‑commitment next step (call, 5‑minute look, checklist) — not a demo or a sales meeting.
  • Respect their time and end cleanly.

You can customise merge fields in Origami beyond and . Use , (which will be “Financial Services” or “Banking”), or any custom field you’ve enriched. For the AI‑written option, you simply ask: “Write a 3‑email cold outreach sequence for third‑party risk managers at UK building societies. Emphasise PRA operational resilience, SS2/21, and the pain of manual supplier oversight.” The agent will generate something tailored to your list’s profile data.

Step 3: Send the Sequence Directly from Origami

This is where the single‑platform approach shines. You don’t export your list. You don’t upload a CSV into a separate tool. Everything lives inside Origami.

Launching the Sequence

  1. From your refined prospect list, select the contacts you want to email.
  2. Click “Create Sequence” — choose your 3‑touch template (or let the AI generate one).
  3. Set delays: I use 3 days between Touch 1 and Touch 2, 4 days between Touch 2 and Touch 3. Origami lets you configure any delay, down to the hour.
  4. Review the merge fields for each contact. The platform will show you exactly how each email will appear to that recipient.
  5. Hit “Launch.” That’s it.

Tracking Opens, Clicks, and Replies — Without Leaving Your List

Within Origami’s dashboard, you’ll see real‑time activity for every contact. Open rates, click‑throughs, and replies are all visible in the same screen where you built the list.

Crucially, you also still have full prospect context. While looking at a contact’s email activity, you can still see their enriched profile: job title, company size, tech stack, the other decision‑makers at that society. You’ll remember why you reached out to that person, not just that you reached out.

Automatic Un‑enrollment

If someone replies — even a quick “Not interested” — Origami automatically removes them from the sequence. No risk of sending a breakup email after a positive reply, or after someone explicitly asks to stop. This is a massive sanity‑saver when you’re running multiple campaigns.

No Sending Costs, Just Enrichment Credits

The email sequencer is included on all paid plans. You’re not paying per email send. You only pay for the credits you use to enrich leads — the discovering, verifying, and appending of data that happens before you ever write a message. The actual sending and sequencing is free. On the free plan (1,000 credits, no credit card), you can test the full build‑and‑send workflow on a small list before committing.

What Results to Expect (and How to Tune)

Let’s set realistic expectations for a niche like third‑party risk at UK building societies in 2026.

Reply rates: With a tightly refined list (under 200 contacts, highly targeted by title and society), I’ve seen reply rates between 12% and 18%. Warm referrals or list‑building that picks up recent LinkedIn activity can push it higher. With a broader list (all compliance titles, larger societies), expect 6–10%.

Meetings booked: Typical cold‑email conversion from reply to meeting is about 30–40%. So 100 contacts → 14 replies → 4–5 meetings. That’s a very good pipeline for this audience, where software decisions move slowly and budgets are scrutinised.

When to iterate on messaging: If after 100 sends your open rate is healthy (above 45%) but reply rate is low, the subject lines are working but the body isn’t landing. Try different angles — cost of supplier failure, peer movement, specific regulatory deadline. Test the AI‑written version against your own.

When to iterate on the list: If open rates are below 35%, the issue is likely list quality — wrong emails, wrong personas, or you’re hitting spam filters because the person doesn’t recognise your sender name. Go back to Origami and re‑prompt with a tighter persona, or enrich again to verify emails.

One Platform, No Silos

The whole point of this guide is that you can go from “Who should I email?” to “My sequence is live” without leaving Origami. You’re not building a list in one tool, then pasting it into another, then tracking replies in a third. The platform handles list building, enrichment, email sequencing, and performance tracking — all in one view. For campaigns like third‑party risk at UK building societies, where the audience is small and every touch needs to count, that coherence is what turns a decent reply rate into a pipeline.

Related Articles

Lead411 vs LeadIQ: Which Sales Intelligence Tool Wins in 2026?

Comparing Lead411 and LeadIQ head-to-head: data quality, pricing, ease of use, CRM integrations, and which sales team each tool actually fits. Plus, see where Origami's prompt-based lead gen fits for 2026.

12 min read

How to Find SaaS Companies Hiring SEO in 2026 (And Reach the Decision-Makers)

Discover how to identify SaaS companies actively hiring for SEO roles, get verified contact data for marketing leaders, and automate outreach — all from a single prompt.

How to Find and Reach Decision-Makers at Boutique Private Equity Firms in Toronto (2026 Guide)

Learn how to find the managing partners, principals, and VPs at Toronto’s boutique PE firms—even the ones that don’t appear in static databases. AI-powered live web search tools can build accurate contact lists in minutes.