1 (888) 836-6463 CONTACT US
Login

Venminder Blog

Dec 31, 1969 by

Best Practices

September 2020 Vendor Management News

Sep 17, 2020

Stay on top of vendor management industry updates this fall with our expert complied list of news and resources. 

Read More

Cybersecurity

How to Ensure Your Vendors Have Acceptable Cybersecurity Programs

Sep 16, 2020

Cybersecurity is front and center in today’s world, especially in these changing times. Many organizations are investing in their own cybersecurity programs, but often they forget to invest in [...]

Read More

Best Practices

Unintended Consequences of Not Investing in Third-Party Risk Management

Sep 15, 2020

Looking for a sound business reason for third-party risk management? One of the best reasons is that it saves you money. However, proper third-party risk management, with the right tools and [...]

Read More

Best Practices

Seasoned Vendor Risk Analyst Discusses Audit Best Practices

Sep 14, 2020

As part of our Venminder Thought Leadership series we have the opportunity to meet with an incredibly diverse range of seasoned leaders from across the industry to gain new perspectives and glean [...]

Read More

Best Practices

Vendor Data Breach Notifications: Is Your Organization Left in the Dark?

Sep 9, 2020

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 [...]

Read More

Contract Management

5 Steps to Successful Third-Party Contract Management

Sep 2, 2020

Vendor contract management is the administration of written agreements with third parties that provide your organization with products or services. Vendor contract management includes negotiating [...]

Read More

Due Diligence

Third-Party Due Diligence: Not All Vendors Are the Same

Sep 1, 2020

With all the rapid changes, and regulations becoming more stringent at the prudential regulators, there’s an expectation that your third-party risk management program is evolving too. When you sit [...]

Read More

Best Practices

August 2020 Vendor Management News

Aug 27, 2020

Don't be the last one to know the latest vendor risk resources and articles our experts recommend during the month of August to make sure you're staying on top of the latest third-party management [...]

Read More

Budget

The Importance of a Third-Party Risk Management Budget

Aug 26, 2020

Third-party risk management is a strategic advantage, and like many things in life, to do it well, it does come with a price tag. And while it can sometimes be a hefty one, when it comes to [...]

Read More

Risk Assessment

4 Tips to Help You Create Proper Vendor Risk Questionnaires

Aug 25, 2020

Vendor risk questionnaires must be meticulously crafted to ensure they’re in compliance with industry regulations and best practices. The ultimate goal of the questionnaire is to make sure it’s [...]

Read More

Contract Management

Vendor Contract Mid-Term Reviews: What You Need to Know

Aug 19, 2020

Much like negotiating a contract or renewing a contract, the vendor contract mid-term review can help you gather important information regarding your vendor and the products and services they [...]

Read More

Best Practices

How to Migrate Into a Third-Party Risk Management System

Aug 18, 2020

World class third-party risk management programs are 99 times out of 100 built on world class third-party risk management systems. With that in mind, it’s important to choose wisely! Pick a tool [...]

Read More

Contract Management

6 Vendor Management Contract Principles to Know

Aug 12, 2020

Sufficient vendor contract management encompasses a well-managed process for handling all agreements with your organization’s third parties from start to finish. This includes all aspects of the [...]

Read More

Business Continuity / Disaster Recovery

Weathering the Pandemic Storm: You & Your Vendors Are in the Same Boat

Aug 11, 2020

Sudden change can be chaos personified. Fear, uncertainty and doubt are everywhere; and while we’ve always known there are thousands of events that can activate our pandemic plans, did anyone [...]

Read More

Contract Management

What to Do When the Vendor Contract Has Been Signed Unexpectedly

Aug 5, 2020

Have you been in this situation? Someone at your organization signed a vendor contract, but they shouldn’t have. This is a nightmare scenario many third-party risk managers have faced at one point [...]

Read More

Best Practices

6 Reasons You Need Vendor Management Key Performance Indicators (KPIs)

Aug 4, 2020

Third-party risk management is all about monitoring and assessing the reliability, quality and performance of our organization’s vendors to ensure they’re the best choice for you at all times. It [...]

Read More

Best Practices

Vendor Management Pro Shares Expert Insight into Building a Program

Aug 3, 2020

As part of our Venminder Thought Leadership interview series, we sit down with some of the industry’s most seasoned and sought-after thought leaders for their perspective and advice on third [...]

Read More

Best Practices

July 2020 Vendor Management News

Jul 30, 2020

Catch up on these latest third-party risk resources and articles our experts recommend during the month of July to make sure you're staying on top of the latest vendor management industry news. 

Read More

Best Practices

Workarounds When You Can’t Get a Vendor Questionnaire Response

Jul 29, 2020

The best approach to handling vendor questionnaire dilemmas is to find out what the problem is and come up with a solution. I know that seems simple, but I also know that sometimes third-party [...]

Read More

Contract Management

The Importance of an Exit Strategy in Vendor Management

Jul 28, 2020

Why do we want to go into a relationship thinking about the exit?

Read More

Best Practices

What's Your Plan B Should a Vendor Relationship Go Awry

Jul 22, 2020

There are a variety of reasons you may, at some point in the vendor lifecycle, need to have an actionable plan to replace the product or service the vendor is providing. In fact, you should have a [...]

Read More

Best Practices

The Secret Struggles of Third-Party Risk Management

Jul 21, 2020

We all know that trying to accomplish anything in the corporate world that involves the coordination of various departments can be a struggle. It’s especially difficult when it involves adding [...]

Read More

Due Diligence

Consumer Complaint Resources: Useful During Vendor Oversight

Jul 17, 2020

During vendor due diligence and oversight, take a look at that third party's consumer complaints. Often regulators reference the importance of effectively managing and understanding complaints at [...]

Read More

Business Continuity / Disaster Recovery

The Critical Differences Between Vendor Pandemic and Disaster Recovery Planning

Jul 15, 2020

When it comes to large-scale events, many tend to think if they have a business continuity plan, they’re golden and adequately prepared for a pandemic. However, if recent experience has shown us [...]

Read More

Best Practices

Framework of a Vendor Management Program

Jul 14, 2020

Let’s discuss building out the framework of a vendor risk management program (or what’s sometimes referred to as third-party risk management program) from the ground up. You’ve joined an [...]

Read More

Examination Preparation

Remote Vendor Management Exams During a Pandemic Crisis

Jul 8, 2020

Let’s face it. The working world has changed a bit over the past few months. Many of us in the industry are mainly doing our jobs remotely, and at times, lacking access to things that we realize [...]

Read More

Risk Assessment

Who Is a Critical Vendor?

Jul 7, 2020

When it comes to third-party risk management, we cannot overstate how important it is to understand who your critical vendors are. For better or worse, they can have a significant impact on your [...]

Read More

Regulations

OCC Issues Bulletin 2020-65 to Help Understand UDAP/UDAAP Enforcements

Jul 1, 2020

Very recently, on June 29, 2020, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2020-65, the Comptroller’s Handbook Booklet: Unfair or Deceptive Acts or Practices and Unfair, [...]

Read More

Best Practices

How to Liberate Yourself from Vendor Management Overwhelm

Jul 1, 2020

A strong vendor management program is a sound business practice and can be critical to your organization’s success, but it’s also a lot of work. If you’ve ever caught yourself wondering how to [...]

Read More

Best Practices

Centralizing Vendor Management: What Does the Team Look Like?

Jun 30, 2020

Often, we find that organizations operate their vendor management programs in one of three ways – centralized, decentralized or a hybrid of the two models. As organizations begin to mature, they [...]

Read More

Best Practices

June 2020 Vendor Management News

Jun 25, 2020

Read through these latest third-party risk updates and articles our experts recommend during the month of June to make sure you're staying on top of the latest industry news. 

Read More

Examination Preparation

Challenging a Vendor Management Examiner: What You Need to Know

Jun 24, 2020

We all know exams are stressful, and sometimes they can be downright awkward. But most of us have had this thought at least once, “are there ever instances where it’s acceptable to challenge an [...]

Read More

Best Practices

5 Tips to Optimize Third-Party Risk Management Processes

Jun 23, 2020

A truly successful third-party risk management structure involves a lot of moving parts. From organizing countless amounts of data and resources, to communicating with an array of internal and [...]

Read More

Contract Management

5 Benefits of a Vendor Contract Management Software Component

Jun 17, 2020

If you are not already using vendor management software for your third-party risk program, you are missing out on efficiency and high-quality results to show off to your senior management team, [...]

Read More

Best Practices

3 Reasons Why and How to Measure Vendor Performance

Jun 16, 2020

Managing your vendor’s performance is a key aspect of monitoring. After all the hard work that went into contract negotiations and due diligence checks to onboard a new vendor, it would make sense [...]

Read More

Due Diligence

What Is Collected on a Critical Core Vendor?

Jun 10, 2020

The vendor due diligence process inherently means some heavy lifting when it comes to data collection… and with so many different moving parts, it can be easy to miss one or two (or let’s face it [...]

Read More

Business Continuity / Disaster Recovery

How to Ensure Vendors Can Return to Normal After the Pandemic

Jun 9, 2020

As Helmuth von Moltke once said, “No plan survives first contact with the enemy.”  We have planned for a pandemic for decades. We have updated our plans and we’ve sat through lessons learned from [...]

Read More

Outsourcing

When and How to Augment Vendor Management Staff

Jun 3, 2020

Among the many changes we’ve all seen over the recent months after the devastating effects of COVID-19, one of the most concerning has undoubtedly been the drastic cuts to staff. If your [...]

Read More

Best Practices

Strategizing Vendor Ratings: Don’t Let Your Vendors Rate Themselves

Jun 2, 2020

Are you letting vendors rate themselves and stopping at that? Do you consider that to be your risk assessment on that vendor?

Read More

Best Practices

May 2020 Vendor Management News

May 28, 2020

Take a look at the latest third-party risk updates and articles our experts recommend during the month of May to make sure you're staying on top of the latest vendor management news. 

Read More

Cybersecurity

New State Privacy Laws: Preparation for You and Your Vendors

May 27, 2020

With a rise in data breaches, both cybersecurity and data protection should be top of mind for every organization. Additionally, as concerns around data protection continue, privacy initiatives [...]

Read More

SOC Reports

Understanding the COSO 2013 17 Principles in Vendor SOC Reporting

May 26, 2020

COSO 2013 was way ahead of its time. Given that, it’s even more interesting to note that it took until 2019 for the COSO 2013 Principles to be applied to SOC 2 audits. For those of us that have [...]

Read More

Best Practices

Why You Shouldn’t Let Third-Party Risk Factors Fall Through the Cracks

May 20, 2020

I spent 28 years in banking. While I was exclusively a banker, I dealt with a wide range of industries — particularly in my MBNA America days when I helped to manage our operations centers as well [...]

Read More

Cybersecurity

The Increasing Importance of Vendor Cybersecurity in a Pandemic World

May 19, 2020

While vendor cybersecurity preparedness has always been important, it's an especially hot topic in our current pandemic environment. With a massive shift to remote work environments, better [...]

Read More

Risk Assessment

6 Phases of Conducting a Vendor Risk Assessment

May 13, 2020

There’s no way around it. Risk assessments are work. There are a lot of moving parts and a lot of pieces of information to take into consideration. Like much of life today, it’s good to take a [...]

Read More

Business Continuity / Disaster Recovery

How to Determine If Your Vendors Will Survive the Pandemic

May 12, 2020

By now, chances are most organizations have reached out to critical third-party service providers to gather up all the information they (the vendors) have on file about their pandemic planning. [...]

Read More

Best Practices

6 Steps for Establishing a Vendor Risk Management Program

May 6, 2020

Much plays into a successful vendor risk management program. The time devoted, the subject matter experts involved and a thorough understanding of the evolving regulations are all considerations [...]

Read More

Examination Preparation

7 Things Regulators Want You to Do Before a Vendor Management Exam

May 5, 2020

We know all too well the stress of an upcoming vendor management exam. We’ve been there — many times, and if we’ve learned anything about making the process a little less anxiety-inducing it’s [...]

Read More

Financials

4 Tips for Analyzing Vendor Financial Health During the Pandemic

May 4, 2020

When it comes to your vendors and your vendors’ financial health, there’s one thing you must keep in mind: financial performance is not an event of default. What do we mean by that? In a [...]

Read More

Best Practices

April 2020 Vendor Management News

Apr 30, 2020

Staying on top of the latest vendor management news and resources is more important than ever. Take a look at the latest third-party risk updates and articles our experts recommend during the [...]

Read More

Due Diligence

The Importance of Human Reviews in Vendor Due Diligence

Apr 29, 2020

Let’s face it, automation really helps drive efficiency. It speeds up processes, allows full-time employees (FTEs) to focus on strategic business initiatives and helps catch errors, but it’s [...]

Read More

Best Practices

Highlights from Venminder’s State of Third-Party Risk Management Survey

Apr 28, 2020

Earlier this year, Venminder released our annual State of Third-Party Risk Management whitepaper, based on a survey distributed at the end of 2019. It covered respondent data and analysis from a [...]

Read More

Best Practices

Third-Party Risk Management Q&A: Managing Vendor Risk in a Pandemic

Apr 27, 2020

During our recent three-day Third-Party Risk Management Bootcamp, we had a lot of GREAT questions come in and wanted to compile and share the answers. Below you will find third-party risk [...]

Read More

Financials

6 Tips to an Accurate Vendor Financial Performance Assessment

Apr 22, 2020

As you review your vendor’s financial health, here are six tips to an accurate vendor financial performance assessment.

Read More

Best Practices

Industry Survey Reveals 10 Third-Party Risk Management Best Practices

Apr 21, 2020

Recently, Venminder released our annual State of Third-Party Risk Management survey. It included respondents from a wide variety of organizations across multiple industries.

Read More

Risk Assessment

Does COVID-19 Spark Vendor Risk Assessment Updates?

Apr 20, 2020

The short answer is, if you’re doing everything right, it shouldn’t. A good risk management program should already tell you what areas of your organization are most vulnerable to risk. However, [...]

Read More

Best Practices

How to Arrange Your Vendor Management To-Do List

Apr 15, 2020

The other day we were reading a great article by Steve Tobak, author of “Real Leaders Don’t Follow,” about prioritizing time. Although the article was released about 6 years ago, the relevancy is [...]

Read More

Risk Assessment

10 Best Practices of Successful Vendor Risk Assessments

Apr 14, 2020

The vendor risk assessment is a very crucial step in the vendor selection and ongoing monitoring due diligence phases. The assessment will give you a better understanding of the risk posed by each [...]

Read More

Best Practices

Third-Party Risk Doesn't Stop with the Coronavirus

Apr 13, 2020

Even with a pandemic unfolding around us, and even with a mounting list of cancellations, postponements and rainchecks flooding our inboxes daily, third-party risk management just isn’t one of [...]

Read More

Financials

Unintended Consequences of Declining Vendor Financial Performance

Apr 8, 2020

If your vendor’s financial performance is declining, whether steadily or suddenly, you need to be on high alert. Should you discover that your vendor's income and financial performance is [...]

Read More

Best Practices

Vendor Risk Management When We're Past Pandemic Planning

Apr 7, 2020

Right about now, many organizations are dusting off their Business Continuity and Disaster recovery (BC/DR) plans, looking at the section on “Pandemic Planning,” and realizing they have a lot of [...]

Read More

Best Practices

3 Signs You’re Dealing with a Foolish Vendor

Apr 1, 2020

The definition of foolish is lacking good sense or judgment; unwise. Have you ever worked with a vendor who you felt wasn’t making sound decisions or their judgment regarding a situation was very [...]

Read More

Cybersecurity

What Your Vendors' Employees Working from Home Means to You

Mar 31, 2020

As the United States begins to settle into the reality of social distancing, working remotely, sanitizing every touch surface and using video conferencing to communicate, where does that leave [...]

Read More

Best Practices

March 2020 Vendor Management News

Mar 26, 2020

Make sure you're not the last to know about key vendor management news and articles! We've compiled a list of the important information you need to know in the month of March. 

Read More

Business Continuity / Disaster Recovery

COVID-19 Brings 3 Vendor Management Changes to Know

Mar 25, 2020

Our world has forever changed. The many reasons for this change we watch every day on the news. Every evening on the nightly news we watch people from around the world struggle with the [...]

Read More

Business Continuity / Disaster Recovery

Third-Party Risk in a Pandemic World: The Short Tail and the (Scary) Long Tail

Mar 24, 2020

This new world we are living in today will represent challenges none of us even imagined 30 days ago. So, while all of us are deep into executing a pandemic plan we never thought we would need, a [...]

Read More

Business Continuity / Disaster Recovery

FFIEC Includes Monitoring of Vendors’ Pandemic Plans in Interagency Statement

Mar 23, 2020

This month, FFIEC agencies collectively issued an interagency statement on pandemic planning, supplementing the “Interagency Advisory on Influenza Pandemic Preparedness” and “Letter to Credit [...]

Read More

Cybersecurity

Finastra Data Breach Reminds You to Verify Third-Party Cybersecurity Practices

Mar 23, 2020

Finastra, one of the largest fintech companies in the world, was subjected to a ransomware attack on March 20, 2020. How attackers compromised Finastra’s systems has not been released at this [...]

Read More

Best Practices

Champion vs. Challenger Strategy: How Often Do You Challenge a Vendor?

Mar 18, 2020

The “Champion vs. Challenger” strategy has been around for a long time. It’s a tried and true strategy. Some people may refer to it as a best practice in vendor management.  

Read More

Best Practices

Coronavirus and Its Implications in Third-Party Risk Management

Mar 17, 2020

I have to admit a delayed realization on my part. Despite having been in third-party risk management, vendor risk management or quality assurance for about half of my career, I completely [...]

Read More

Risk Assessment

Assessing Vendor Risk: What You Need to Know

Mar 11, 2020

Assessing vendor risk in a complete manner can be a herculean task but is well worth the time investment. Assessing vendor risk keeps you, your organization, customers and stakeholders safe and [...]

Read More

Best Practices

4 Important Vendor Management Reminders for the Board

Mar 10, 2020

As a board member for any organization’s board, it’s your responsibility to ensure the organization is pursuing vendors that are compatible with their risk tolerance, strategic objectives and [...]

Read More

Regulations

OCC Issues New Guidance on Third-Party Risk Management

Mar 9, 2020

On Mar 5, 2020, the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risk management. Within the new guidance they’ve added to the frequently asked questions [...]

Read More

Best Practices

Coronavirus Shows Importance of Vendor Pandemic Plans

Mar 4, 2020

When you turn on your television or read the news, chances are there’s talk around breaking news of the coronavirus. The pandemic is of major concern right now because if you’re exposed to the [...]

Read More

Contract Management

How to Review a Vendor Contract

Mar 4, 2020

Negotiation is vital. Do not accept the first contract that you see as changes to accommodate special requests by both parties are common and often necessary. It can be challenging, but break it [...]

Read More

Best Practices

7 Things That Can Happen If You Don't Prioritize Vendor Management

Mar 3, 2020

Many things can happen if you don’t prioritize vendor risk management. Unfortunately, none of the things that can happen to your organization and program due to lack of prioritization are [...]

Read More

Best Practices

February 2020 Vendor Management News

Feb 27, 2020

Make sure you're not the last to know about key vendor management news and articles! We've compiled a list of the important information you need to know in the month of February.

Read More

Risk Assessment

Vendor Concentration Risk: The Pros and Cons

Feb 26, 2020

Vendor concentration risk is the risk which may occur when an organization relies too heavily on one vendor to perform several, if not all, critical and/or high-risk functions for their operation. [...]

Read More

Regulations

Highlights from the FDIC's Guide for Fintechs and Third Parties

Feb 25, 2020

The Federal Deposit Insurance Corporation (FDIC) which serves as the primary regulator for more than 3,400 banks in the U.S., has firm expectations on third-party risk, which are codified in their [...]

Read More

Best Practices

Benefits of Vendor Risk Management Through Your Peers’ Eyes

Feb 25, 2020

Earlier this month, Venminder released our fourth annual State of Third-Party Risk Management survey results. The insightful whitepaper includes responses from a variety of organizations across [...]

Read More

Risk Assessment

How to Understand Strategic Vendor Risk

Feb 19, 2020

Strategic risk may sound like a rather simple concept, but it’s often overlooked or diminished in preparing a risk assessment. Trust me, it’s one you need to focus squarely on. In fact, it’s the [...]

Read More

Best Practices

How Vendor Management Affects Each Department in Your Organization

Feb 18, 2020

Vendor management (VM) is indeed a team sport. At this point in my career, I can assure you that vendor management is a team sport because it takes every department, every line of business, the [...]

Read More

Best Practices

6 Scenarios That May Warrant a Vendor Break Up

Feb 12, 2020

Due to the nature of business, all vendor relationships eventually come to an end. Sometimes, the relationship’s end is simply due to no longer needing the product or service. However, sometimes [...]

Read More

Best Practices

2020 Third-Party Risk Management Hurdles Are Discovered in a Recent Survey

Feb 11, 2020

For the fourth year, we’ve surveyed various organization types of all sizes across the industry to get an educated understanding of where organizations stand regarding third-party risk management. [...]

Read More

Best Practices

Creating a Vendor Management Policy to Lay Foundation for Third-Party Risk

Feb 5, 2020

Do you remember the classic childhood nursery rhyme The Three Little Pigs? As a quick refresher, in the story there are three pigs building homes. Each one is using a different material –straw, [...]

Read More

Risk Assessment

5 Essential Components of a Vendor Risk Assessment

Feb 4, 2020

If you’ve worked in third-party risk management for any period of time, you’ve certainly been asked, “Have you done a risk assessment?” It’s a question asked so many times that it has probably [...]

Read More

Best Practices

January 2020 Vendor Management News

Jan 30, 2020

It's the first month of the year! Kick 2020 off right by making sure you stay updated on key third-party risk news and resources.

Read More

Best Practices

What Is the Difference Between a Vendor and Third Party?

Jan 29, 2020

I often hear the two terms vendor and third party vendor used as if they mean essentially the same thing. While this is commonly done, it’s a misconception, or perhaps a misrepresentation, to do [...]

Read More

Due Diligence

Why Analyzing Due Diligence Is Critical

Jan 28, 2020

If you’re an organization that collects due diligence on an ongoing basis, that’s great. If you’re an organization that collects due diligence on an ongoing basis and just files it away, then [...]

Read More

Cybersecurity

Top 10 Questions in Vendor Cybersecurity Questionnaires

Jan 22, 2020

When building a vendor questionnaire or reviewing a questionnaire completed by a vendor, it’s essential to ask the right questions to properly understand the vendor’s cybersecurity environment. [...]

Read More

Best Practices

What Is Your Vendor Management Framework?

Jan 21, 2020

There’s no right or wrong way to operate your program as long as you’re satisfying regulatory requirements, examiner expectations, not letting your policy, program and due diligence grow stale and [...]

Read More

Best Practices

5 Steps to Scale Your Third Party Risk Management Program

Jan 15, 2020

Your plate is full. Your third party risk management team is falling behind and struggling to keep up with the volume of work, more so than ever now, as there’s such a regulatory emphasis on the [...]

Read More

Best Practices

Managing Third Party Risk: 3 Lessons from 2019

Jan 14, 2020

In third party risk management, each passing year provides more unique perspective. In 2019, there was certainly a strong focus on data security, clarifying unclear regulations – like “abusive” in [...]

Read More

Risk Assessment

What Is a Third Party Risk Assessment?

Jan 8, 2020

A third party risk assessment is an attempt to quantify the risk associated with a third party vendor thatll be providing a product or service to your organization. Sometimes referred to as  [...]

Read More

Best Practices

Vendor Management Policy Document: What You Need to Know

Jan 7, 2020

A vendor management policy is a document that informs senior management and the board about the activities provided in the vendor management program. A comprehensive vendor management policy is [...]

Read More

Best Practices

6 Third Party Risk Management Resolutions for 2020

Jan 1, 2020

Did you know, according to a study done by the University of Scranton, around 80 percent of people fail to keep their New Year’s resolutions? In my opinion, New Year’s resolutions are a fun way to [...]

Read More

Best Practices

A Look Back at Vendor Management Throughout 2019

Dec 31, 2019

“The days are long, but the years are short.” – Gretchen Rubin

Read More

Best Practices

December Vendor Management News

Dec 26, 2019

It's the last month of the decade! Stay updated each week with important vendor management news and resources. You can find key articles here.

Read More

Contract Management

The Difference Between a Vendor Contract and a Service Level Agreement (SLA)

Dec 23, 2019

Understanding Vendor Contracts

A contract is an agreement between two parties creating a legal obligation for your organization and vendor to perform specific acts. Each of the parties to the [...]

Read More

Best Practices

Who Is Responsible for Vendor Risk Management?

Dec 18, 2019

Vendor risk management is complex, and you likely know that it’s a responsibility that is boundless. While it may feel like only a few at your organization are overseeing vendors, there are [...]

Read More

SOC Reports

What Is a Vendor SOC Report?

Dec 17, 2019

If you’re reading this, you’re likely one of many in the industry who finds the entire concept of SOC (System and Organization Controls) reporting perplexing. Don’t worry. You’re not alone!

Read More

Cybersecurity

Vendor Cyber Risk Management: Now Is a Good Time to Do Another Check-In

Dec 11, 2019

Tis the season! Third party risk will never be the same. Why is it that cyber thieves, aka hackers, are more active around the holidays? Around Halloween each year, information security [...]

Read More

Best Practices

Unfreezing Vendor Risk Management Tasks

Dec 10, 2019

This time of the year, if you live in a similar climate as I do, when you step outside the temperatures are frigid. You’re bundling up as much as possible and layering on sweaters, coats, your [...]

Read More

Outsourcing

5 Reasons to Outsource Vendor Management Even When You Have a Solid Program

Dec 4, 2019

At times, it can prove quite challenging to justify outsourcing vendor management when the program in place gets the job done. Have you found yourself in this situation before? It’s human nature [...]

Read More

Due Diligence

Back to Basics: 6 Core Elements for Your Vendor Management Program

Dec 3, 2019

Vendor management, or third party risk management as it’s more commonly referred to, has been around for years. Having a firm grasp on the vendors with whom you are doing business isn’t new, but [...]

Read More

Best Practices

November Vendor Management News

Nov 28, 2019

Catch the latest headlines for the month of November related to third party risk management. It's important to stay up-to-date. 

Read More

Best Practices

20 Third Party Risk Management Best Practices to Take With You Into 2020

Nov 27, 2019

Can you believe it? 2019, a year for the books, is almost over. This year, there have been a lot of regulatory changes, updates, shifting priorities and more. So, in light of all this, what are [...]

Read More

Best Practices

Your Vendor Has Significant Management Turnover. Why Should You Care?

Nov 26, 2019

Turnover… it’s great if it’s an old-fashioned type of apple pie, but not so great if it’s the departure of key executives from one of your high-risk or critical third parties. It may seem simple, [...]

Read More

Reporting

Vendor Management Reports You Should Have on File

Nov 20, 2019

We often like to say analyzing vendor financial statements should be a critical component of your due diligence because it’s “not just about the numbers.” It can lead to discovering some risky [...]

Read More

Best Practices

Spreadsheets for Vendor Management Just Don’t Cut It Anymore

Nov 19, 2019

Using tools like Excel, Access or Word for your vendor management can make the data cumbersome for you to manage and difficult for your examiner to read. So, why are you still using those archaic [...]

Read More

SOC Reports

SAS 70, SSAE 18 and now the Vendor SOC 2 Alignment with COSO…Oh My!

Nov 18, 2019

Just as the world is constantly changing, so is the world of vendor management. Thankfully, the world of vendor management is changing to improve vendor security and oversight for the better via [...]

Read More

Due Diligence

Gobble Til You Wobble. What Is an Acceptable Vendor Risk Appetite?

Nov 13, 2019

You may or may not realize this yet, but every organization does have a risk appetite. The ISO 31000 defines risk appetite as the amount and type of risk that an organization is prepared to [...]

Read More

Best Practices

The Role of Vendor Management within Your Organization

Nov 12, 2019

There’s a lot that goes into vendor management and all the hard work makes it an integral component of an organization’s success. Vendor management, or often referred to as vendor risk management [...]

Read More

Best Practices

How to Make Vendor Management Software Worth It

Nov 6, 2019

You’ve taken the time to carefully vet vendor management software providers. You’ve dotted all the I’s and crossed all the T’s. You’ve found the one –the perfect vendor partnership for your [...]

Read More

Fourth Party Vendors

How You Should Treat Fourth Party Vendors

Nov 5, 2019

Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!

You may be wondering, what in the [...]

Read More

Best Practices

October Vendor Management News

Oct 31, 2019

Check out latest third party risk management news from October. It's important to catch the headlines. We've helped make it easier by making a list below.

Read More

Information Security

Your Vendor's Information Security Control Environment Is Faulty. What Now?

Oct 30, 2019

In a world where information security breaches are all too common, it’s vital that you verify each vendor’s information security control environment is adequate and designed to protect your [...]

Read More

Cybersecurity

Vendor SOC for Cybersecurity: Do You Need to Request One?

Oct 29, 2019

With increased scrutiny and regulations surrounding cybersecurity, it's a topic that is “talk of the industry.” Developed by the American Institute of Certified Public Accountants (AICPA), the SOC [...]

Read More

Cybersecurity

6 Vendor Cybersecurity Red Flags

Oct 23, 2019

A cybersecurity plan helps protect organizations from potential vulnerabilities. A vulnerability can be a data breach, phishing attack or another form of system exposure. It’s important to [...]

Read More

Cybersecurity

Vendor Information Security Policy: What Should Be Included

Oct 22, 2019

Strong information security is crucial to safeguarding your organization and customer data. Information security always keeps confidentiality, integrity and availability at the core. This means [...]

Read More

SOC Reports

How to Compensate Vendor Controls

Oct 16, 2019

In SOC audits, a compensating vendor control is the process of satisfying a security measure requirement that has been determined too difficult, impractical or unattainable at that particular time [...]

Read More

Best Practices

5 Things Vendor Managers and Ghostbusters Have in Common

Oct 15, 2019

Have you ever seen the 1984 film Ghostbusters? Or, how about its 2016 remake? The original is about a trio who start their own ghost catching business. The trio is on the hunt to catch and combat [...]

Read More

Best Practices

Third Party Risk Management Interview with Ballard Spahr Attorney

Oct 14, 2019

As part of Venminder’s Thought Leadership series, I recently had the opportunity to speak with Glen Trudel, Partner at Ballard Spahr. In this series, we speak with the industry’s sought-after [...]

Read More

Cybersecurity

4 Best Practices to Reduce Third Party Cybersecurity Risk

Oct 9, 2019

When you outsource to a third party, cybersecurity risk is a huge possibility. The confidentiality of your organization’s and customer’s data is on the verge of being exposed daily as your third [...]

Read More

Best Practices

4 Steps of Third Party Monitoring

Oct 8, 2019

The most successful vendor management programs include continuous third party monitoring. By this, I mean that the vendor management team doesn’t cease all third party monitoring after vendor [...]

Read More

Outsourcing

What Are the Advantages of Vendor Management Oversight Software?

Oct 7, 2019

Vendor management and the myriad of ensuing requirements have increased significantly over the past several years. There’s now increased attention to fourth party vendors and expectations around [...]

Read More

Cybersecurity

How to Perform a Vendor Cybersecurity Review

Oct 2, 2019

Venminder’s recent State of Third Party Risk Management survey found that fourth party risk management and cybersecurity are expected to be the next biggest hurdles at many organizations. This [...]

Read More

Budget

Real-Life Consequences of Not Investing in Vendor Management

Oct 1, 2019

In our 2019 State of Third Party Risk Management industry survey, we found that few organizations invest more than $5,000 or have more than five full-time employees (FTE) devoted to third party [...]

Read More

Best Practices

September Vendor Management News

Sep 26, 2019

Make sure you don't miss any important vendor management news! To make it easier for you, we've put together this list of key third party risk management articles and news. Read below!

Read More

SOC Reports

I’ve Never Dealt with a Vendor SOC Report: Where Do I Begin?

Sep 25, 2019

The importance of a System and Organization Controls (SOC) report in third party risk management cannot be stressed enough. A SOC report is prepared by an independent auditor, so you can be [...]

Read More

Best Practices

How to Prioritize Vendor Management Tasks

Sep 24, 2019

All too often it's hard to find a place to begin any new project. Prioritizing tasks can be challenging when all seem incredibly important. So, let’s consider this common situation that most of us [...]

Read More

Examination Preparation

Vendor Management Exam Procedures: Designating a Point Person

Sep 23, 2019

Okay, it’s exam time! The time has come to make sure you’re well-organized and well-prepared for what can be an otherwise an overwhelming process. So, how do you prep for this? We’re here to give [...]

Read More

Budget

What Should Be Included in Your Vendor Management Budget

Sep 11, 2019

When it comes to setting a budget for vendor management, some organizations try to say they have no budget. This may come off harsh, but that can't be right. You can’t spend $0 on proper – proper [...]

Read More

Best Practices

Fintechs: Do You Have Proper Third Party Risk Management In Place? Your Clients Care

Sep 10, 2019

If you’re a fintech company reading this, there’s a strong, high chance you have clients who are amongst highly regulated verticals – banks, credit unions, mortgage companies and more. Regulators [...]

Read More

Best Practices

How to Onboard a New Vendor

Sep 4, 2019

Businesses don’t run without vendors. You may only have a handful, or you may have hundreds or even thousands, but no matter what, you have at least one. Your telephone service provider is, in [...]

Read More

SOC Reports

6 Tips to Understanding a SOC 1 Report

Sep 3, 2019

SOC 1 reports can be confusing. There can be multiple types, some reports have fourth parties involved, you may have the right vendor but wrong report, you may be trying to determine what the [...]

Read More

Best Practices

August Vendor Management News

Aug 29, 2019

Keep up-to-date on the latest vendor management news. We'll help you out! Read the articles below that we recommend checking out.

Read More

Due Diligence

Vendor Document Management Disasters and How to Handle Them

Aug 28, 2019

I’ve been to a rather significant number of conferences over the course of my career. I’ve found that each session will usually give you at least one pearl of wisdom. However, the gold nuggets we [...]

Read More

Contract Management

The Basics of Service Level Agreements for Vendor Contracts

Aug 27, 2019

As a professional in third party risk management, you probably hear the term service level agreement, or SLA, for short, often. So, it’s important to understand what they are. To help, we'll go [...]

Read More

Examination Preparation

7 Elements to a Proper Internal Audit Program for Vendor Risk Management

Aug 26, 2019

Having an established internal audit program at an organization is a great way to find gaps or items that may have been missed before, such as any disconnect between your vendor management [...]

Read More

Risk Assessment

What Do I Do If My Vendor Won’t Fill Out the Vendor Risk Assessment Questionnaire?

Aug 21, 2019

You’re in a predicament. You recently sent your vendor the vendor risk assessment questionnaire not once, not twice but three times and they still haven’t filled it out. To make matters even [...]

Read More

Outsourcing

10 Signs That You Need to Outsource or Augment Vendor Management Staff

Aug 20, 2019

The workload in vendor management can be enormous, particularly with heightened regulatory expectations, pressures on deadlines and the need to keep an eye on expenses.

Read More

Contract Management

6 Items to Negotiate into Your Vendor Contracts

Aug 14, 2019

"You don't get what you deserve; you get what you negotiate." – Dr. Chester L. KarrassAs you enter into a vendor relationship, contract negotiation should always be one of the first tasks completed

Read More

Best Practices

Why You Need Vendor Management (VM) Not Just Enterprise Risk Management (ERM)

Aug 13, 2019

I was talking to my friend Jeff the other day. Jeff works for a rather large organization. I asked him how he was handling third party risk management. He informed me that his organization has an [...]

Read More

Best Practices

Third Party Risk Management Interview with Regtech Industry Leader

Aug 12, 2019

As part of Venminder’s Thought Leadership series, I recently had the pleasure of speaking with Jo Ann Barefoot, CEO at Barefoot Innovation Group and co-founder of Hummingbird Regtech. In this [...]

Read More

Due Diligence

Pre-Contract Third Party Due Diligence You Should Be Doing

Aug 7, 2019

As part of your third party due diligence, you should have a comprehensive plan to vet vendors before contracting with them. One of the first things you should consider is some type of [...]

Read More

Contract Management

5 Key Provisions to Look for in Critical Vendor Contracts

Aug 6, 2019

Whether reviewing a new critical third party contract or negotiating new terms and conditions of an existing contract, there are many elements you need to consider.

Read More

Best Practices

July Vendor Management News

Aug 1, 2019

Keep up-to-date on the latest vendor management news. We'll help you out! Read the articles below that we recommend checking out.

Read More

Best Practices

Vendor Due Diligence Document Alternatives

Jul 31, 2019

In a perfect world, we’d be able to obtain every single document or everything we request of the vendor and it would be done with a speedy turnaround. However, in third party risk, as most of us [...]

Read More

Due Diligence

Why Due Diligence Is So Important - Some of the Best Advice I Ever Received

Jul 30, 2019

A little over 13 years ago, I was leaving MBNA America following an acquisition by Bank of America. 

Read More

Cybersecurity

Importance of Complementary User Entity Controls for Vendor Relationships

Jul 29, 2019

Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]

Read More

Cybersecurity

5 Reasons Why Vendor Cybersecurity Ratings Matter

Jul 24, 2019

Did you know your vendor’s cybersecurity can be rated? Yes, rating a vendor’s cyber preparedness has become the primary due diligence challenge of 2019. In fact, according to our 2019 State of [...]

Read More

Financials

5 Steps to Evaluating Your Vendor's Financial Stability

Jul 23, 2019

A vendor’s financial status can impact your organization significantly. Things such as a decline in service levels, the vendor sunsetting their products and rapid staff turnover can all be a [...]

Read More

Best Practices

Interview with Oil and Gas Industry Thought Leader

Jul 22, 2019

Recently, as part of Venminder’s Thought Leadership interview series, I had the opportunity to speak with Michael Donnella, Corporate Compliance Officer at Murphy Oil Corporation, to hear his [...]

Read More

Cybersecurity

What to Do When Your Vendor Is Susceptible to Cybersecurity and Data Incidents

Jul 17, 2019

In today’s tech environment, it’s common to outsource a product or service to a vendor who specializes in that area. Typically, it makes the most economical sense for a business, too. But what [...]

Read More

Best Practices

How a Vendor Management System Works and Why You Need It

Jul 16, 2019

Dunbar’s Number says that the number of people you can maintain stable relationships with tops out at 150 people. It should be easy to keep up with 150 friends, relatives, coworkers and [...]

Read More

Business Continuity / Disaster Recovery

Differences Between a Vendor's Disaster Recovery and Business Continuity Plans

Jul 10, 2019

The assumption that disaster recover plans and business continuity plans are the same thing is a common misconception. While they are closely intertwined, they’re not the same.

Read More

Best Practices

How to Vet an International Vendor

Jul 9, 2019

Vetting vendors is a critical phase of the vendor lifecycle. Most of us know our organization’s requirements for vetting a US-based vendor, but what about an international vendor? Do these [...]

Read More

Best Practices

11 Helpful Tips to Onboarding a New Vendor

Jul 8, 2019

Vendor onboarding is a fundamental component of third party risk management. To have a successful vendor partnership, you must have a successful vendor vetting and onboarding process.

Read More

Best Practices

5 Ways to Make Your Vendor Management Plan Sparkle

Jul 3, 2019

When you take part in fourth of July fun, it usually involves seeing fireworks and playing with sparklers. So, in the spirit of Independence Day, we’re here to share five ways to make your vendor [...]

Read More

Risk Assessment

9 Regulatory Risk Types Involved in a Vendor Risk Assessment

Jul 2, 2019

Writing a risk assessment document for the first time or the thousandth time can be a daunting task. People often struggle with how much there is to consider.

Read More

Best Practices

June Vendor Management News

Jun 27, 2019

Keep up-to-date on the latest vendor management news. We'll help you out! Read the articles below that we recommend checking out. 

Read More

Cybersecurity

What Are ISO Certifications and Should Your Vendor Have One?

Jun 26, 2019

ISO certifications, specifically ISO/IEC 27001:2013, will inform you on a vendor’s information security. They’re a great indicator of internal process maturity at an organization. The result of [...]

Read More

Reporting

What Vendor Management Information Should I Be Reporting?

Jun 25, 2019

Reporting to senior management and/or the board is not just a best practice; it’s actually a requirement of regulatory guidance. Review guidance like OCC Bulletin 2013-29 or FDIC FIL-44-2008 to [...]

Read More

Best Practices

Who Is Considered a Third Party or Vendor?

Jun 19, 2019

A third party vendor is a company or entity with whom you have a written agreement to provide a product or service on behalf of your organization to your customer or upon whom you rely on a [...]

Read More

Best Practices

What Is a Vendor Management Program?

Jun 18, 2019

To sum it up, a vendor management program is a plan established to protect your organization from vendor risk. By outsourcing a product or service to a third party vendor – or those fourth party [...]

Read More

Best Practices

Your Vendor’s Disaster Recovery Plans: 8 Things to Watch Out For

Jun 12, 2019

Third party risk management today is like performing a high-wire act without a net. There is so much that can go wrong at any point in time and some things with disastrous consequences. One of the [...]

Read More

Risk Assessment

3 Keys to Conducting Vendor Risk Reviews

Jun 11, 2019

Imagine you’re on a gameshow. You have 3 locked doors and one key that will open only one of the doors. Instead of winning a “prize”, the door the key opens is to the vendor risk program you’re [...]

Read More

SOC Reports

What to Know About SSAE 18 for Your Vendor Management

Jun 5, 2019

We had SAS 70, then SSAE 16... now we have the SSAE 18. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your understanding.

Read More

Financials

5 Results of an Insufficient Vendor Management Budget

Jun 4, 2019

Before I delve into what can happen due to an insufficient vendor management program budget, let’s start with a story. Picture this. You’re the new Chief Information Security Officer (CISO) at a [...]

Read More

Best Practices

Thought Leadership Interview Focuses on Ongoing Vendor Monitoring Changes

Jun 3, 2019

Very recently, I had the opportunity to be a featured expert in Venminder’s Thought Leadership interview series. In this series, Venminder speaks with industry thought leaders to hear their [...]

Read More

Best Practices

May Vendor Management News

May 30, 2019

Reading up on latest vendor management news can only help your risk programs. We'll help you out!  Below we've listed some articles from this past week that we recommend checking out. 

Read More

Outsourcing

RegTech Companies Help Employees in Third Party Risk - They Don’t Replace Them

May 29, 2019

Science Fiction and Jeopardy fans will recognize the line “I, for one, welcome our robot overlords” but is there a real danger to the rise of regulatory technology (RegTech) companies in general [...]

Read More

Due Diligence

What Are Vendor Due Diligence Reviews?

May 28, 2019

A common question people often struggle with is, “What constitutes appropriate vendor due diligence?” Or, “What are vendor due diligence reviews”? As with any question, the official answer can be [...]

Read More

Best Practices

5 Tips to Achieve Vendor Management Success

May 22, 2019

Breaking news! There are some vendor management best practices that will set any organization up for vendor management success – regardless of size or industry.

Read More

Fourth Party Vendors

Fourth Party Vendors: How Far Do You Need to Go?

May 21, 2019

Just when you thought you had your arms around your vendor management program, auditors and examiners have been requesting information about your “vendor’s vendors” as of recent years.

Read More

SOC Reports

Risk of Not Reviewing Your Vendor's SOC Report

May 15, 2019

Reviewing each vendor’s SOC (System and Organization Controls) report is a critical due diligence step and is vital in the initial vendor selection stage and the ongoing monitoring stage. SOC [...]

Read More

Best Practices

Vendor Management Procedures and the Job Swap

May 14, 2019

Anyone who knows me knows I have a few obsessions – I’m “cyclelogically” obsessed with my bicycle and I am an absolute NASA-nut (thanks to Twitter and NASA Social for taking me to some really [...]

Read More

Business Continuity / Disaster Recovery

What Happens When a Critical Third Party Vendor Doesn’t Have a Good Business Continuity Plan?

May 8, 2019

Business Continuity Planning (BCP) and Disaster Recovery Planning (DR) are the processes of developing, testing and maintaining plans to sustain business resiliency as well as normalize operations [...]

Read More

Examination Preparation

7 Key Vendor Risk Management Items Your Examiner Will Care About

May 7, 2019

When you get notice of an upcoming exam it can be a time of frantic scrambling – but it doesn’t necessarily have to be. There are specific items your examiner is going to care about. The best way [...]

Read More

Cybersecurity

6 Tips for Managing Vendor Cyber Risk

May 1, 2019
According to Venminder’s  2019 State of Third Party Risk survey , one of the biggest hurdles organizations foresee this year is assessing third party cybersecurity. This comes as no surprise [...]
Read More

Best Practices

How Mature Is Your Vendor Management Program?

Apr 30, 2019

A topic we hear a lot at industry conferences and during webinars is the maturity of your vendor management program. What exactly does this mean? Let's go through that now...

Read More

Best Practices

April Vendor Management News

Apr 25, 2019

Stay on top of the third party risk management industry. To help you out, we've listed some articles below from this past week that we recommend checking out. 

Read More

Financials

What Insurance Should Your Vendors Have?

Apr 24, 2019

For all practical purposes, it’s impossible to discuss the insurance requirements for your third party vendors without discussing the overall risk posture and insurance protection your [...]

Read More

Risk Assessment

Criticality and Risk Rating Vendors 101

Apr 23, 2019

A vendor's criticality and risk rating are two different things, but they often get used interchangeably. We'll clarify them more for you to better understand.

Read More

Best Practices

5 Ways to Spring Clean Your Third Party Risk Management Program

Apr 22, 2019

Like many others, you may find the introduction of spring to be a great time to do some spring cleaning. While you’re dusting off the shelves and clearing the clutter, it may not hurt to [...]

Read More

How to Manage an On-Site Vendor Visit

Apr 16, 2019

Much goes into the planning and coordination of a vendor site visit. The planning leading up to the site visit will determine the success of the time you invest with the vendor while on-site.

Read More

Best Practices

Third Party Risk Management Survey Discovers Top 3 Challenges

Apr 15, 2019

Venminder’s State of Third Party Risk Management Survey provides insight into how financial services and financial technology companies manage third party risk management. To give you the biggest [...]

Read More

Best Practices

Vendor Management vs. Enterprise Risk Management vs. Third Party Risk Management vs. Supplier Relationship Management

Apr 10, 2019

Could it get any more confusing? Ever wonder, “What am I really supposed to be doing?”. Vendor management (VM), enterprise risk management (ERM), third party risk management (TPRM), vendor risk [...]

Read More

Best Practices

How to and How NOT to Use the First Line of Defense in Vendor Management

Apr 9, 2019

The first line of defense, in other words, the business relationship managers who deal with vendors day to day, is absolutely essential in a well-managed third party risk management program. After [...]

Read More

Regulations

Interview with Vendor Management PMO/EPMO Expert

Apr 8, 2019

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Business Continuity / Disaster Recovery

4 Big Things to Watch Out for in Your Vendor's Business Continuity Plan

Apr 3, 2019

Business continuity planning (BCP) is the process in place for companies to ensure that their key operations and products/services continue to be delivered at an accepted level of availability. Th [...]

Read More

Outsourcing

Leveraging Software for Vendor Risk Assessments to Gain Consistency

Apr 2, 2019

Risk assessments continue to be a challenge for organizations regardless of size. At a granular level, a basic risk assessment may be the guide to determine the level of oversight that a third [...]

Read More

Regulations

Vendor Management Discussion with Knowledgeable Bank Regulatory Attorney

Apr 1, 2019

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

March Vendor Management News

Mar 28, 2019

In efforts of staying on top of the third party risk management industry, we've listed some articles below from this past month that we recommend checking out. 

Read More

Due Diligence

10 Common Mistakes in Vendor Risk Management: Don’t Be “Fooled”

Mar 27, 2019

Don’t let the vendor fool you. Be diligent and perform reviews, even when you feel it may be unnecessary.

Read More

Best Practices

12 Ongoing Monitoring Best Practices for Third Party Risk Management

Mar 26, 2019

Three fundamental practices in third party risk oversight include:

Read More

Information Security

How to Get Data Back from a Vendor

Mar 20, 2019

It’s important to retrieve non-public personal information (NPPI) data after a contract has terminated. There’s a significant amount of focus on important issues or concerns when onboarding a new [...]

Read More

Due Diligence

8 Questions to Ask If Accepting Shared Vendor Due Diligence Documentation

Mar 19, 2019

One of the primary pain points in third party risk management is document collection. Add vendor questionnaires into that, and the subsequent review and analysis, and it’s no wonder that some [...]

Read More

Due Diligence

FIS Worldpay Acquisition Can Pose New Opportunities and Vendor Assessment Challenges

Mar 19, 2019

On March 18, 2019, FIS announced the acquisition of Worldpay, a move that combines two very large payments systems. Not far behind January’s First Data Fiserv move, the FIS Worldpay acquisition [...]

Read More

Due Diligence

4 Reasons You Don’t Need Luck for Successful Vendor Compliance

Mar 13, 2019

Vendor compliance isn’t about luck. Ensuring vendor compliance is dependent on how you manage vendor oversight. Here are 4 reasons why.

Read More

Financials

How to Read a Vendor Financial Statement

Mar 12, 2019

Obtaining a financial statement from your vendor(s) should never be considered a check-the-box exercise. In my daily work, I see organizations request a financial statement and, once they receive [...]

Read More

Due Diligence

What Is Third Party Risk? A Quick Look for Beginners

Mar 6, 2019

Third party risk management is the process of fully identifying all of the significant companies/vendors that aid in the delivery of a product or service to your organization or to your customers [...]

Read More

Best Practices

What Is Your Biggest Vendor Management Challenge?

Mar 5, 2019

Organizations face many challenges specifically with third party risk management. To make sure we keep up with what those pain points are, we continually ask organizations to share their biggest [...]

Read More

Best Practices

February Vendor Management News

Feb 28, 2019

Staying on top of what's happening in the industry is an important part of proper vendor risk management. So, take a look at some top articles from the month of February below that we suggest [...]

Read More

Best Practices

The Dos and Don’ts of Vendor Risk Management

Feb 27, 2019

Most of us have them – little bad habits here and there that we’ve become accustomed to and have integrated into our routine. When it comes to vendor risk management, a bad habit isn’t something [...]

Read More

Due Diligence

2 Reasons UDAAP Is Violated Most Often

Feb 26, 2019

Enforcement actions by many different regulators including the CFPB, OCC and FDIC make it clear how important UDAAP (Unfair, Deceptive or Abusive Acts or Practices) is to a solid third party risk [...]

Read More

Due Diligence

What to Know About Fourth Party Vendor Risk

Feb 20, 2019

Third party risk, fourth party risk, maybe even fifth party risk? There’s a lot of potential risk to know and understand. In this blog, we thought it’d be helpful to focus on one that seems to be [...]

Read More

Due Diligence

Are You and Your Vendor a Proper Fit? Gain Cultural Alignment

Feb 13, 2019

With any successful partnership, there should be an agreed upon level of understanding between both parties. In this piece, we’ll look a little deeper, past the dinner with the executive team, [...]

Read More

SOC Reports

Vendor SOC 1, 2 or 3 – Understanding the Differences

Feb 12, 2019

If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC reportespecially your critical or high risk vendors.  

Read More

Best Practices

Third Party Risk Management Interview with Operational Risk Expert

Feb 11, 2019
As part of our Venminder Thought Leadership series  where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]
Read More

Due Diligence

Why You Need to Do Vendor Due Diligence

Feb 6, 2019

The due diligence you collect on a vendor is only as good as the analysis performed. Due diligence is one of the most critical activities in third party risk management because let’s face it, your [...]

Read More

Best Practices

12 Common Red Flags Caught in Vendor Reviews

Feb 5, 2019

Third party risk management is a constant cycle. With oversight guidelines from regulators, there’s plenty of material about what vendor managers should be doing to effectively manage their [...]

Read More

Best Practices

January Vendor Management News

Feb 1, 2019

There was a lot of news this week! Topics include: a lengthy report by Wells on how it will make amends and respond to consumer complaints, two large CFPB enforcement actions, discussion of [...]

Read More

Outsourcing

Outsourcing Vendor Management: When Does It Make Sense?

Jan 30, 2019

Does leveraging external expertise make sense in a tight margin environment? In an environment of increasing competition with shrinking margins, there's valid reasoning that leadership might [...]

Read More

Due Diligence

Oversight Best Practices for Closing Settlement Agents

Jan 29, 2019

News articles have discussed wire fraud risk and the oversight practices involved in closing settlement agents. In fact, you can find helpful information on the topic by reading this blog post – [...]

Read More

Best Practices

Third Party Risk Thought Leadership Discussion with Silicon Valley Tech Guru

Jan 28, 2019

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Week of January 21, 2019: Staying on Top of Vendor Risk Management News

Jan 25, 2019

This was a short week and although there is less industry news this week, what news there is still is significant. Read for more details below!

Read More

Cybersecurity

3 Actions You Can Do to Avoid Vendor Breaches

Jan 23, 2019

Unfortunately, a reality that we’re living in is that it’s likely that a breach will happen at some point. So, it’s important to prevent and be prepared.

Read More

Best Practices

Third Party Risk Management Survey Discovers Two Big Hurdles to Overcome

Jan 22, 2019

Venminder’s State of Third Party Risk Management Survey provides insight into how financial services and financial technology companies manage third party risk management. To give you the biggest [...]

Read More

Best Practices

Week of January 14, 2019: Staying on Top of Vendor Risk Management News

Jan 18, 2019

This week features some fun stuff – continued sparring over how to regulate fintech’s, the best banks in US and news on last year’s major data breach at Marriott. Read for more details below!

Read More

Best Practices

What the Regulators Will Expect in 2019 Vendor Management

Jan 16, 2019

2018 did not deliver the highly anticipated sweeping regulatory reform – sure, it nibbled at the edges with a break in the exam cycle for well-managed organizations under $3 billion and changes [...]

Read More

Best Practices

Vendor Management Discussion with Prepaid Industry Expert

Jan 15, 2019

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Week of January 7, 2019: Staying on Top of Vendor Risk Management News

Jan 11, 2019

An interesting week – CFPB news, UDAAP enforcement action, huge money laundering scandal, and an NCUA update…This week’s edition of the news has something for everyone.

Read More

Best Practices

5 Third Party Risk Resolutions for 2019

Jan 9, 2019

 If you’re like us, then you’ve probably set some resolutions for yourself in the new year.

Read More

Due Diligence

The Objective of Third Party Risk Oversight

Jan 8, 2019

Review of regulatory compliance  oversight requirements for any organization can be a necessary reminder for the C-Suite and a reminder to better understand the purpose of, and requirement to [...]

Read More

Due Diligence

What Is Vendor Monitoring?

Jan 5, 2019

Have you heard the terms “vendor monitoring” and “vendor management” and thought that they mean the same thing? Chances are you’ve probably heard both used frequently and interchangeably [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of December 31

Jan 4, 2019

So this week, we heard from the new head of the CFPB, got an instructional video from the FDIC, have new workshops from the OCC, learned about a new Wells Fargo settlement and even get a little [...]

Read More

Vendor Management

Knowing Your Vendor Is More Than Just Doing an Annual Risk Assessment

Jan 1, 2019

We’ve seen what we call the square peg syndrome. It’s the mindset that all vendors and the oversight required is the same. In some cases, that could be true, after all, a business continuity or [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of December 24

Dec 28, 2018

Even though it was a busy holiday week for most, there was still a fair amount of news for third party risk. In case you missed it, this week included the release of the worst passwords of the [...]

Read More

Best Practices

7 Last-Minute Third Party Risk Management Tips Before We End the Year

Dec 26, 2018

With it being the last week left in 2018, majority of your focus may already be planning for the new year. Before this year wraps up, you can still build a better foundation for third party risk [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of December 17

Dec 21, 2018

This was another busy week for vendor risk management in the news! This week there was regulators being told to play nice, UDAP actions, AML actions, BCFP returning to its acronym of CFPB, OFAC [...]

Read More

Best Practices

Third Party Risk Reflections on 2018

Dec 19, 2018

2018 has been a quiet year from an enforcement perspective, particularly as it relates to third party risk management. However, there has been changes in leadership at all of the major national [...]

Read More

Best Practices

How to Figure Out Your Vendor Management Program Maturity

Dec 18, 2018

Often, you may wonder how mature your vendor risk management program is compared to peers and the industry. Some may measure this in terms of budget dollars spent on the program, vendors under [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of December 10

Dec 14, 2018

There are weeks that make you want to run for cover… this was one of those weeks!  News on every possible angle – new CFPB director, Equifax fall out and just tons of other news. Read for more [...]

Read More

Best Practices

14 Steps to Improve Your Vendor Risk Management

Dec 12, 2018

Having an effective strategy for vendor risk management is critical to protect your organization and your customers. Continuing to make improvements to your existing policy, program and procedures [...]

Read More

Due Diligence

How Much Vendor Oversight Is Enough?

Dec 11, 2018

While vendor risk management and compliance in general could be perceived as being a cost center, we often hear from clients who ask this one question which causes a pause...how much is enough [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of December 3

Dec 7, 2018

There was so much news this week, I don’t even know where to start – the massive Marriott data breach, the CFPB Ombudsman’s report, the political controversy swirling at the CFPB (as well as its [...]

Read More

Contract Management

7 Next Steps to Handle Your Naughty Vendors

Dec 5, 2018

Do you have vendors that you’d categorize as naughty around this time of year? Don’t worry, we’ll cover ways to handle them.

Read More

Best Practices

Top 10 Vendor Risk Management Best Practices to Take into 2019

Dec 4, 2018

It’s the last month of the year! When you leave behind 2018, don’t leave behind third party risk management best practices though. We have the top 10 vendor risk management best practices to take [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 26

Nov 30, 2018

At first glance, it looks like a sparse news week, but then when you look more closely, there’s a lot here – Deputy Fed Chair Quarles taking over a global regulatory function, a major UDAAP [...]

Read More

Best Practices

How to Scale Your Vendor Risk Management Program

Nov 28, 2018

Ready to grow or expand your vendor risk management function? Do you know what to think about when scaling your program? There are a number of factors to consider. Let’s go through them.

Read More

Risk Assessment

What Happens When a Vendor Gets a Poor Risk Rating

Nov 27, 2018

A vendor risk assessment should be performed on a third party vendor in order to properly assess and determine the risk posed to your organization. This should be done during both the vendor [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 19

Nov 23, 2018

Check out the articles we deemed important for this week from the world of third party risk management. Articles mention FDIC, SEC, exam consistency and more. Read below. 

Read More

Examination Preparation

6 Steps to Developing a Successful Internal Vendor Management Audit Program

Nov 21, 2018

Internal audit programs are important as they can help identify gaps and areas that may have been overlooked. It’s important to understand the basic steps to a successful internal vendor [...]

Read More

Outsourcing

6 Things to Watch Out for with Your Vendor Management Software

Nov 20, 2018

In any line of business, changing a vendor service is no easy task. The same thoughtful consideration should be given to the vendor management tool which will, ultimately, be the cornerstone of [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 12

Nov 16, 2018

Stay updated in the world of third party risk management by reading some articles that we recommend. Topics this week include more on enforcement actions, risk management and compliance, [...]

Read More

Regulations

Examinations Change from 12 to 18-Month Cycle for Under $3 Billion Institutions

Nov 14, 2018

In the second and third quarters of 2018, several of the major financial services regulators issued an interim final rule extending the examination cycle for well-managed institutions from 12 [...]

Read More

Best Practices

How to Improve Efficiency in Your Vendor Risk Management Program

Nov 13, 2018

It’s not enough that you have established a vendor risk management program that meets or exceeds regulatory guidance and audit requirements. Your organization should also make sure that your [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 5

Nov 9, 2018

We’ve had a little bit of everything as far as third party risk news this week – from new FFIEC information, cyber issues and, oh yes, an election causing gridlock. Read those articles and more [...]

Read More

Outsourcing

6 Things to Do Now to Your Third Party Risk Management Program for 2019

Nov 7, 2018

It’s November! Where did 2018 go and why haven’t I dove back into my vendor management program? This is certainly a common conversation we have with clients here at Venminder. By taking these 6 [...]

Read More

Outsourcing

Do You Have the Right Third Party Risk Management Software Provider? 10 Questions to Ask Yourself

Nov 6, 2018

Are you outsourcing your third party risk management functions to a software provider? If so, have you ever stopped and thought about if the company is the right fit for your organization? I [...]

Read More

Best Practices

Top 5 Reasons to Be Thankful for Third Party Risk Management

Nov 6, 2018

Third party risk management is a comprehensive concept and can be very demanding at times. We fully understand that there are challenges presented to you on a daily basis that keep you and your [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 29

Nov 2, 2018

There has been lots of news this week – none bigger than the announcement that the FTC is going to open its complaints database to the public, much as the CFPB has done. That is not just big news, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 22

Oct 26, 2018

This was an eventful news week in the world of regulatory risk. On our headlines, I’ve captured only two of the fines that were levied this week, but there were several others of smaller note. In [...]

Read More

Regulations

Consider ALL Third Party Risk Management Regulatory Guidance

Oct 24, 2018

Last year, I spoke at a conference and, as I wrapped up, a member of the audience approached me and shared that he thought if he is doing well with complying to FDIC guidance, he shouldn’t need to [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 15

Oct 19, 2018

We've selected some insightful stories below related to third party risk management that we found interesting from this past week. Biggest news this week is CFPB claims it will define “A” for [...]

Read More

SOC Reports

Red Flags in Critical Vendor SOC Reports

Oct 17, 2018

When you begin your initial due diligence or regular monitoring of a vendor, one of the first things to do is to request all their SOC reports. You also need to ask for the SOC reports for any [...]

Read More

SOC Reports

What's the Significance of a Vendor's Bridge Letter?

Oct 16, 2018

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 8

Oct 12, 2018

We've selected some top stories below related to third party risk management that we found interesting from this past week. There’s more on cybersecurity, fines, data breaches and more.

Read More

SOC Reports

How, Why and When to Request a SOC Report from Your Vendors

Oct 10, 2018

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

Read More

Due Diligence

Vendor Management: What Are Vendor Due Diligence Reviews?

Oct 9, 2018

Not only is it a regulatory requirement but it’s also a sound business practice to conduct due diligence on all vendor relationships that provide the organization with a product or service.

Read More

SOC Reports

Experienced Auditor's Perspective on Vendor Cybersecurity, SOC Reports and Best Practices

Oct 8, 2018

Recently, as part of our Venminder Thought Leadership series, I had the opportunity to speak with Mike Morris at Porter Keadle Moore (PKM). In this series we speak with the industry’s sought-after [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 1

Oct 5, 2018

Read some top stories below related to third party risk management that we found interesting from this past week. There’s news on cybersecurity, words from the new FDIC director and even a cartoon [...]

Read More

Best Practices

Managing IT Vendor Security Risk

Oct 3, 2018

Through your vendor risk management program, you’re supposed to monitor your vendor’s information security and cybersecurity practices. As part of that, you need to manage the vendor’s information [...]

Read More

Best Practices

7 Scary Scenarios to Avoid in Vendor Risk Management

Oct 2, 2018

Vendor risk management doesn’t always work out as planned and when that's the case, the end-result can be quite chilling.

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 24

Sep 28, 2018

This past week in the world of third party risk there have been interesting stories on a SEC enforcement action related to lack of cybersecurity preparedness, the OCC’s 2019 supervisory plans, [...]

Read More

Best Practices

8 Vendor Risk Management Tips for a Successful Vendor Management Outsourcing Partnership

Sep 26, 2018

Choosing a partner to help with your vendor risk management program is an important consideration and one that requires planning, research and effort. While companies say they’re the perfect [...]

Read More

Information Security

3 Information Security Principles to Use within Your Vendor Management Program

Sep 25, 2018

With the increase in cybersecurity breaches, it’s critical to monitor and fully understand your vendor’s information security posture in order to protect the company from unnecessary risk. There [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 17

Sep 21, 2018

Summer is officially over, and the leaves are changing for fall. But the leaves aren't the only thing changing right now - more and more fintechs are moving to Atlanta and making it their home, NY [...]

Read More

Best Practices

How to Outsource and Select Vendors That Fit Your Organization’s Business Model and Needs

Sep 19, 2018

Organizations have become more involved in outsourcing and, as a result, are presented with challenges in managing the risks associated with selecting and managing vendor partners. Outsourcing has [...]

Read More

Best Practices

8 Items You Should Be Reviewing During Your Internal Audit

Sep 18, 2018

I often think of an internal audit as a helpful check-up – it's a great time to find areas that may be problematic before they become a big problem. Having had some very favorable internal audits [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 10

Sep 14, 2018

With Hurricane Florence rolling through the U.S. this week, we're reminded to check in on ours and our vendor's disaster recovery plans. From everyone here at Venminder, we hope you're all staying [...]

Read More

Best Practices

SSAE 18: The Full Overview for Vendor Management

Sep 11, 2018

The purpose for the creation of the SSAE 18, in May 2017, was to clarify the auditing standards and to reduce duplication within similar standards covering examinations, reviews and agreed-upon [...]

Read More

Regulations

Vendor Risk Management Thought Leadership Discussion with Consumer Financial Attorney

Sep 11, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 3

Sep 7, 2018

We've put together the latest news on vendor risk management to keep you in the know. 

The Fed focuses on UDAP, you might see a new set of cybersecurity standards in the near future, US Treasury [...]

Read More

Best Practices

You're Accountable for Third Party Risk Regardless of Organization Size

Sep 5, 2018

As a manager at a large organization, you rely on the efforts of an entire team of people. Since the financial crisis a decade ago, one thing has become abundantly clear from the regulators’ [...]

Read More

Examination Preparation

Vendor Oversight: 5 Easy Steps to Plan the Annual Audit Schedule

Sep 4, 2018

Based on a few industry surveys, the #1 vendor risk management challenge facing organizations is TIME. Plan and execute early on the steps below and you’ll be on your way to performing audits and [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 27

Aug 31, 2018

This week in third party risk related news: Chase Bank hit with downgrade as a result of improper third party risk management, cybersecurity remains a topic of focus, working with fintech [...]

Read More

SOC Reports

Why and When You Look at a Fourth Party’s SOC Report

Aug 29, 2018

Some say that your business is only as good as your employees. The same can be said for your vendors, as they are only as good as their vendor (your fourth party). A fourth party vendor is your [...]

Read More

Contract Management

7 Ways to Drive Effective Vendor Contract Management at Your Organization

Aug 28, 2018

Let’s face it – a very difficult part of vendor risk management, particularly in mid-sized organizations, is usually the vendor contract management process. Why exactly is that? Well, unless you [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 20

Aug 24, 2018

An update on the OCC fintech charter, the latest in regtech, Merrill Lynch pays $8.9 million fine in SEC action with major third party implications, ECOA on third parties and more! Read below for [...]

Read More

Best Practices

10 Actions for Effectively Managing Your Third Party Risk Management Program

Aug 22, 2018

Creating an effective third party risk management program takes a lot of work. There are a few critical elements to making certain your practices are robust and sustainable. Let’s look at 10 that [...]

Read More

Examination Preparation

SEC Exams Emphasize Vendor Risk Management

Aug 21, 2018

The Securities and Exchange Commission, or SEC, oversees securities transactions, financial professional activity, mutual funds and more to protect investors, prevent fraud and deception and [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 13

Aug 17, 2018

New enforcement actions and continued analysis of the CFPB changes and the fintech charter dominate this week’s headlines - read these stories and more below for this week's third party risk [...]

Read More

Outsourcing

Outsourcing Success Tips: 8 Best Practices for Managing Your Vendor Relationships

Aug 15, 2018

Outsourcing a product or service comes with a price tag. Whether you think of it as an expense or simply the cost of compliance, you may often find that the work of outsourcing, while falling in a [...]

Read More

Contract Management

6 Key Provisions to Know for Vendor Contracts

Aug 14, 2018

When reviewing a new critical vendor contract, or negotiating terms for an existing one, you should be looking at specific provisions to ensure compliance with industry regulations and standards. [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 6

Aug 10, 2018

This week's vendor management industry news includes analysis of the new fintech charter (some vastly different viewpoints), an article that reminds us that third party risk is not just a [...]

Read More

Regulations

Regulatory Reform – What Does It Mean for Third Party Risk Management?

Aug 8, 2018

A great deal of news recently has followed the various congressional initiatives to “roll back” portions of the Dodd-Frank Act. In the latter portion of the second quarter, a bill passed and was [...]

Read More

Risk Assessment

Need a Reminder Why Third Party Risk Management Is So Important? Consider Airport Security

Aug 7, 2018

At a conference we attended this year, one presenter represented a global bank and was responsible for global third party risk. He and his team were responsible for performing both assessments via

Read More

Best Practices

Third Party Risk from a Prepaid Expert’s Perspective

Aug 6, 2018

As part of our Venminder Thought Leadership Series interview where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 30

Aug 3, 2018

This week in third party risk news, there have been a number of mishaps that seemingly could have been avoided with proper vendor risk management. Read below for notable lessons on verifying your [...]

Read More

Best Practices

Reading the News Is Good for Business and Third Party Risk Management

Jul 31, 2018

I confess that I love to read the news. It’s a practice I learned early on at MBNA America. One of our executives, long before the days of internet news feeds and automated alerts, made a practice [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 23

Jul 27, 2018

WIth a history of risk management failures, Wells Fargo can add another oops to the list - Wells is refunding "tens of millions” of dollars to customers for incorrect account charges. Read the [...]

Read More

Best Practices

UDAAP Best Practices for Vendor Risk Management

Jul 25, 2018

Ever since the creation of the Consumer Financial Protection Bureau (CFPB), Unfair Deceptive or Abusive Acts or Practices (UDAAP) has become a very hot issue in regulatory enforcement. Many have [...]

Read More

Best Practices

What Is Vendor Ongoing Monitoring?

Jul 24, 2018

Ongoing monitoring is one of the pillars of an effective vendor risk management process. All of the major regulatory guidance directs organizations to conduct ongoing monitoring on their vendors, [...]

Read More

Examination Preparation

Four Keys to Managing Third Party Risk

Jul 20, 2018
One of the biggest risks facing the U.S. financial system is third party risk , according to the OCC’s   Semiannual Risk Perspective for Spring 2018   released at the end of May. Banks also cite [...]
Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 16

Jul 20, 2018

In this week's third party risk related news, we've noticed that the need for a robust third party risk management program to combat cyber, financial, operational and reputational risks is still [...]

Read More

Examination Preparation

8 Items to Have Ready For An Examiner's Arrival

Jul 18, 2018

I'm often asked what sort of things a third party risk or compliance manager might be asked to have ready for an examination that's going to touch on third party risk management. Well, there's [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 9

Jul 13, 2018

Check out this week's recommended vendor management related news articles. They include updates on PCI issues, more maneuverings at the CFPB, California and New York both weighing in on regulatory [...]

Read More

Best Practices

14 Key Components of an Effective Vendor Risk Management Program

Jul 11, 2018

I’m often asked to discuss what comprises an effective vendor management program. While there are numerous things to consider, below I've listed 14 of the most important elements.

Read More

Best Practices

What Is Vendor Risk Management?

Jul 10, 2018

Vendor risk management (or third party risk management) is defined as a set of activities associated with identifying the risk posed with outsourcing a product or service and then taking all [...]

Read More

Outsourcing

Outsourcing Overseas and Proper Vendor Oversight for a Non-Bank Lender

Jul 10, 2018

If you've elected to leverage the benefits of outsourcing a function to an overseas based partner, it’s important as a vendor manager to ensure that senior leadership is on-board with any [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 2

Jul 6, 2018

It seems that we can't go a week without mentioning another major NPPI breach, changes in enforcement actions or issues with regulatory compliance - and that's the case for the week of July 2 as [...]

Read More

Best Practices

3 Reasons to Keep Third Party Risk Management Independent at Your Organization

Jul 4, 2018

We've talked a bit about the classic three lines of defense approach to compliance and risk management. It's an important concept in which the series of walls protect your organization, starting [...]

Read More

Business Continuity / Disaster Recovery

Does Your Critical Vendor Have an Effective BCP Plan?

Jul 3, 2018

Business continuity planning allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined level of availability. [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 25

Jun 29, 2018

The need for vendor risk management best practices is at the forefront of the news this week - 60% of industry execs reporting they do not have a comprehensive vendor risk program in place. This [...]

Read More

Regulations

A Walk Through the OCC Vendor Lifecycle

Jun 27, 2018

The OCC’s guidance published in Bulletin 2013-29 set the gold standard for third party relationships. It takes a logical risk-based approach with the goal of protecting your institution from [...]

Read More

Regulations

Vendor Risk Management and the OCC

Jun 26, 2018

As vendor risk management, also known as third party risk management or just vendor management, has become more important, there has been more regulatory guidance from all the major regulators [...]

Read More

Regulations

Vendor Risk Management and the SEC

Jun 26, 2018

Vendor risk management, also known as vendor management and third party risk management, has become much more important in recent years. Regulators, such as the SEC, have released more and more [...]

Read More

Regulations

Vendor Risk Management and the CFPB

Jun 26, 2018

The Consumer Financial Protection Bureau (CFPB) has broad regulatory authority of the financial services industry and reminded everyone of the fact that they also could exercise direct supervisory [...]

Read More

Regulations

Vendor Risk Management and the NCUA

Jun 25, 2018

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators, the NCUA included. We’ve seen [...]

Read More

Regulations

Vendor Risk Management and The Fed

Jun 25, 2018

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators. We have seen a groundswell of [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 18

Jun 22, 2018

Read about PayPal acquiring HyperWallet and Blackhawk, what CFOs have to say about their systems and hackers, vetting emerging mobile technologies and more.

Read More

Due Diligence

How Do You Know If a Vendor Is FFIEC Examined?

Jun 19, 2018

The Federal Financial Institutions Examination Council (FFIEC) and the Consumer Financial Protection Bureau (CFPB) both have broad regulatory authority over third party service providers. In fact, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 11

Jun 15, 2018

An analysis and opinion of SEC guidance on cybersecurity, what fintech companies can learn from banks, Mulvaney asks BCFP to consider 20% spending reduction, plus more - read these stories and the [...]

Read More

Best Practices

OCC Spring 2018 Semiannual Risk Report Affects Third Party Risk Management

Jun 11, 2018

The OCC recently released its semi-annual risk report for the spring of 2018. You can read the full report here.

For anyone who has been following the Office of the Comptroller of the Currency for [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 4

Jun 8, 2018

The vast majority of this week's vendor risk related news stories cover regulatory reform and regulatory change. Read below to see which of the regulators continue to move forward with reform and [...]

Read More

Outsourcing

5 Reasons Vendor Management Oversight Can Be Successfully Outsourced

Jun 6, 2018

Learn why vendor management oversight is now recognized as a unique discipline which you can successfully outsourced.

Read More

Outsourcing

3 Reasons to Outsource Your Third Party Risk Management

Jun 6, 2018
When you need assistance with third party risk management, it's a good idea to outsource to a reliable company. We've got 3 particular reasons why you should make the step to outsource. They are:
Read More

Best Practices

Best Practices and Benefits of Engaging the First Line of Vendor Risk Management Defense

Jun 6, 2018

Depending on where you sit within your organization, you may find yourself in 1 of 3 lines of business. In vendor risk management they are considered the 3 lines of defense.

Read More

Best Practices

Vendor Consolidation Doesn’t Limit Risk in Third Party Risk Management

Jun 5, 2018

Consumer data fulfillment services come in all shapes and sizes and include credit reporting firms, appraisal management companies and outsourced underwriting to name but a few. 

Read More

Regulations

Legal Insight: Colorado Enacts Groundbreaking Privacy and Cybersecurity Legislation

Jun 4, 2018
Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 28

Jun 1, 2018

I hope everyone had an enjoyable Memorial Day Weekend! We figured you were out enjoying warm weather with friends and family, barbecuing or taking a dip in the pool, so we put together some of the [...]

Read More

Best Practices

Why Should You Run Vendors Through OFAC?

May 30, 2018

As part of due diligence, you should always check certain foundational items to make sure that you're doing business with a legitimate third party. One often overlooked opportunity is to do an [...]

Read More

Regulations

Non-Bank Lending Is Changing But Vendor Management Principles Are Consistent

May 29, 2018

Fintech adoption will vary but the need to either staff a vendor risk management team with tech savvy expertise or engage the technical lines of business is important, as there is an increase in [...]

Read More

Best Practices

Defining Certain Third Parties as Out of Scope

May 29, 2018

You’ve heard time and time again about requests regarding your inventory of actively managed vendors. Pause and think for a moment about the concept “actively managed vendors” – that means there’s [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 21

May 25, 2018

This week in third party and vendor risk related news, we've seen a wide variety of topics. A major financial services company lied to regulators and falsified documents, the CFPB's future [...]

Read More

Best Practices

Ballard Spahr Attorney’s Perspective on Third Party Risk

May 23, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Regulations

Top Vendor Management Challenges and How to Overcome Them

May 23, 2018

Earlier this year, Venminder released our annual State of Third Party Risk Managementsurvey results. Venminder distributed the survey in mid-November and collected responses through early December [...]

Read More

Best Practices

Altaba Inc/Yahoo SEC Enforcement Action Reminds to Know Vendor Response Plan

May 22, 2018

A few weeks ago, on April 24, 2018, the Securities and Exchange Commission (SEC) fined Altaba, Inc., aka Yahoo, $35 million for a massive data breach that impacted around 50 million users in 2014

Read More

Best Practices

8 Vendor Risk Management Tips for Non-Bank Lenders

May 22, 2018

The CFPB is going to look a lot closer at a lender's vendor oversight program. Some great advice here – don’t try to blind them with how sophisticated you are. Let's go over some simple tips to [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 14

May 18, 2018

With GDPR implementation fast approaching, we've seen a spike in related stories. Read below for GDPR in one simple chart, 5 big GDPR impacts, a short 3 minute video on GDPR, along with articles [...]

Read More

Best Practices

3 Vendor Risk Management Items the Examiner Expects to See

May 16, 2018

One of the most difficult parts of third party risk management - or perhaps the most anxiety-laden – is the idea of being exam ready at all times. To do so, one needs to figure out what the [...]

Read More

SOC Reports

Vendor SOC Report Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Best Practices

Effective Vendor Management Policy & Program Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Due Diligence

Proper Vendor Due Diligence Requirements Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Due Diligence

Critical Vendor Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Risk Assessment

Vendor Risk Assessments Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Best Practices

Auditor's Perspective on Third Party Risk Management Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Best Practices

The Power of Outsourcing Vendor Risk Management

May 15, 2018

2017 was a year of change in the financial services industry. This includes the OCC proposed Fintech Charter and a changing of the guard within the rank and file of the Consumer Financial [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 7

May 11, 2018

Cybersecurity was a hot topic for vendor risk management news this week. A lot of our trusted news sources are writing about the state of cybersecurity in 2018. In addition to cybersecurity, below [...]

Read More

Best Practices

We’re a Credit Union - Why Worry About the OCC and FDIC?

May 8, 2018

I was at the NAFCU Conference and talked to quite a few risk managers during the time there. Nearly every one of them said they have had a major change of heart as to how closely they should be [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 30

May 4, 2018

We're already in the first week of May - this year has gone by rather quickly. In the first four months of 2018, we've shared the many changes in vendor risk management emerging in the news. BUT, [...]

Read More

Regulations

Data Breaches, State Notification Requirements and Third Parties

May 2, 2018

Data breaches are not a new phenomenon impacting consumers, but based on the increased frequency reported in the media, the volume of reported breach incidents is likely to increase. The risks of [...]

Read More

Regulations

GDPR and Vendor Risk Management

May 1, 2018

The General Data Protection Regulation, or GDPR as it is widely referred as, is taking the compliance world by storm. And not in a good way. The law itself is voluminous with 11 Chapters and 99 [...]

Read More

Best Practices

Third Party Risk in the Eyes of MBA President and CEO David Stevens, CMB

Apr 30, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 23

Apr 27, 2018

The week of April 23 has been a big one for vendor risk related news. Headlines include: CFPB changed their name and confirms consumer complaints are going private, Wells Fargo was slapped with a [...]

Read More

Regulations

Fourth Party Oversight and How to Organize the Effort

Apr 25, 2018

Institutions have a lot to consider when assessing third party risk, but if vendor risk management hasn’t followed the process of understanding the inner workings of their third party vendors, [...]

Read More

Best Practices

Why The Board Needs to be Directly Aware of Cybersecurity Matters

Apr 25, 2018

Hardly a week goes by that we don’t learn of some new major breach, incident or some emerging cybersecurity threat. Think Swift attacks, Equifax or Yahoo. It seems no one is immune from [...]

Read More

Regulations

GDPR: Understanding the Impact on Third Party Risk - Part 2

Apr 24, 2018

Last week we released important information about understanding the impact GDPR has on third party risk. I have even more to tell. In this part 2 we’ll look a little deeper into chapters 2-4 and, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 16

Apr 20, 2018

Have you heard - the CFPB could start hiding consumer complaints, Mortgage Bankers Association says cyber crimes are getting nastier and nastier (and they have examples to prove it!) and even the  [...]

Read More

Best Practices

Why Third Party Risk Discussions Belong at Sr Management & Board Meetings

Apr 18, 2018

I know it seems like third party risk management is getting more attention than it needs. I say that having been involved with various facets of vendor management for much of my 28 years in [...]

Read More

Regulations

GDPR: Understanding the Impact on Third Party Risk - Part 1

Apr 17, 2018

A simple Google search on GDPR requirements and GDPR checklists will result in lots of information and free resources. The sheer amount of information available is dizzying to say the least and [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of April 9

Apr 13, 2018

This week's third party risk related news stories cover a variety of topics - bank regulatory actions are at a historic low, Congress back in session and perhaps ready to look at regulatory [...]

Read More

Best Practices

Stay Informed: An Important Vendor Risk Best Practice

Apr 11, 2018

Whether you know it or not, you need to be a news-hound in third party risk management. This helps you stay informed and educated. 

Read More