REQUEST A DEMO
venminder_eBook_resources_Mini_Vendor_Management_Handbook
New Call-to-action
New Call-to-action
Post-Hero.jpg

Venminder Blog

Subscribe--Bg.jpg

Subscribe to the Venminder Blog

Venminder Blog

Dec 31, 1969 by

OCC Released 2018 exam priorities: NR 2017-113

Oct 18, 2017

On September 28, 2017, the Office of the Comptroller of the Currency (OCC) released BankFiscal Year 2018 Bank Supervision Operating Plan, aka, NR 2017-113. Thanks for the acronym fun… but what [...]

Read More

Regulations

Staying On Top of Vendor Management News: Week of October 9

Oct 13, 2017

Learn what's new in vendor risk management from the week of October 9 - there have been some real eye openers. We've put together a list of resources that cover a variety of important topics, [...]

Read More

Best Practices

Make Sure You Include Vendor Cybersecurity into Your Cybersecurity Plans

Oct 11, 2017

October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.

Read More

Cybersecurity

Prove It or Lose It! Update Your Vendor Management Policies and Procedures

Oct 10, 2017

If like me, you have had the opportunity to be examined by a regulator and survived, you’ll recognize the need to supply a copy of your vendor management policy and procedure documentation. The [...]

Read More

Examination Preparation

Staying On Top of Vendor Management News: Week of October 2

Oct 6, 2017

Learn what's new in vendor risk management from the week of October 2. We've put together a list of resources to check out. 

It’s been an interesting week  topics include:

  • OCC dangles idea of [...]
Read More

Best Practices

Who Is a Critical Vendor?

Oct 4, 2017

Your third parties should be ranked as Critical or Non-Critical for business disruption and ranked High, Medium or Low on all regulatory items.

Read More

Due Diligence

Staying on Top of Vendor Management News: Week of Sept 25

Sep 29, 2017

This week in third party risk news, we are reminded of the importance of proper due diligence, reputation risk, examination preparedness and more vendor management best practices. Read the [...]

Read More

Best Practices

What Are Vendor Due Diligence Reviews?

Sep 27, 2017

A fundamental question people often wrestle with is, “what constitutes appropriate vendor due diligence?” Or, “what are vendor due diligence reviews”?

Read More

Due Diligence

There's Still Time to Achieve Your 2017 Vendor Management Goals

Sep 26, 2017

If the thought of planning in January for your 2017 vendor management goals feels like a distant memory, you’re probably not on your own. Like any news year's resolution, the initial goal is new [...]

Read More

Best Practices

Staying on Top of Vendor Management News: Week of Sept 18

Sep 22, 2017

Headlines in third party risk from this past week, the week of September 18, covered a variety of mishaps from which we can all learn. Read the articles below for how you can avoid issues with [...]

Read More

Best Practices

It's Apple Pay Contract Renewal Time - Important Considerations

Sep 20, 2017

As you may have seen this week in the news, the first of the Apple Pay contracts are up for renewal; if you haven’t seen it, here’s a handy link to the article

Read More

Due Diligence

Staying on Top of Vendor Management News: Week of Sept 11

Sep 15, 2017

Keeping up with the latest news in third party risk is important for your vendor management program. This past week - week of September 11 - has been especially eventful. Make sure to check out [...]

Read More

Best Practices

Why Do Vendors Incorporate in Delaware?

Sep 13, 2017

If you’ve done much due diligence work, you’ve certainly noticed that many vendors incorporate here in Delaware (well, technically, I live in southeastern Pennsylvania but have worked for most of [...]

Read More

Due Diligence

Mortgage Companies: Know Your Vendor's Leadership - It Affects Culture and Compliance

Sep 12, 2017

If you're an established financial institution, you're probably using third party vendors to fulfill several functions to gain efficiencies and market advantages. After the contract has been [...]

Read More

Best Practices

Equifax Data Breach Proves Importance of Cybersecurity and Vendor Oversight

Sep 8, 2017

On September 7th at around 4 pm, reports came out in the media that one of the three national credit reporting agencies – Equifax – had disclosed a large data breach. Estimates so far is that it [...]

Read More

Cybersecurity

Staying on Top of Vendor Management News: Week of Sept 4

Sep 8, 2017

Keep up with the latest news in third party risk. We've put together a list of resources for the week of September 4 to help keep you updated.  

Read More

Best Practices

Third Party Risk Management Advice: What I Would Share with 20 Year Younger Me

Sep 6, 2017

I’ve seen on Facebook and Twitter those amusing things where you list what you wish you could tell yourself 20 years ago, i.e., sharing the benefit of experience with a less experienced YOU. 

[...]

Read More

Best Practices

Review Vendor Management News

Aug 30, 2017

If you’re like me, you receive dozens of emails – perhaps hundreds of tweets – from various news feeds. It’s easy to lose track of them all but it's important to at least glance through them. 

Read More

Best Practices

3 Simple Reasons Why Your Mortgage Company Should Replace Excel with Vendor Management Software

Aug 29, 2017

Vendor Management has become an art, a science and has metamorphized into a discipline which addresses multiple aspects covering reputation, credit, operational and financial risk.  

You really do [...]

Read More

Outsourcing

Staying On Top of Vendor Management News: Week of Aug 21

Aug 25, 2017

Here's a list of important vendor risk management articles from this week - week of August 21, 2017.

Read More

Best Practices

An Ounce of Third Party Risk Management Prevention

Aug 23, 2017

There is an old saying that goes, “an ounce of prevention is worth a pound of cure” Meaning the cheapest way to fix a problem is often to simply prevent it from occurring. Perhaps there is no [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Aug 14

Aug 18, 2017

What's new in vendor risk management for the week of August 14, 2017? We've put together a list of resources to check out.

Read More

Best Practices

Different Perspectives of Third Party Risk Management

Aug 16, 2017

The optimist sees the glass as half full; the pessimist sees the glass as half empty; the engineer sees a waste of too much glass; the compliance officer sees it as potential shattering and [...]

Read More

Risk Assessment

X Marks the Spot: The Convergence of Third Party Oversight and Cybersecurity

Aug 15, 2017

I recently had an opportunity to discuss the state of vendor oversight with a former FDIC examiner. During our meeting, we discussed what I call the importance of third party oversight and the [...]

Read More

Cybersecurity

Staying On Top of Vendor Management News: Week of Aug 7

Aug 11, 2017

You're aware of the importance of staying up to date with industry news. Learn what's new in vendor risk management for the week of August 7, 2017. We've put together a list of resources to check [...]

Read More

Best Practices

Balance In Third Party Risk Management

Aug 9, 2017

When I’m not at work, you’ll most likely find me on my bicycle. Some might argue that I am cyclelogically obsessed with bicycling (see what I did there?). One sure thing every cyclist knows is [...]

Read More

Business Continuity / Disaster Recovery

Staying On Top of Vendor Management News: Week of July 31

Aug 4, 2017
Want to know what went on for the week of July 31 in third party risk? From regulatory compliance to which financial institutions are making the vendor management headlines, we've got you covered.
Read More

Best Practices

6 Things to Do with a Vendor SOC Report Once You Have it

Aug 2, 2017

You're required to collect SOC Reports on your vendors. So, once you've determined which SOC report you need, make the request and receive it back...what's the next step? We'll explain now. 

Read More

SOC Reports

Pros and Cons of Vendor Concentration Risk

Aug 1, 2017

Vendor Concentration Risk is the risk which may occur when an institution relies too heavily on one vendor to perform several, if not all, critical/high risk functions for their operation. Vendor [...]

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of July 24

Jul 28, 2017

You know how important it is to stay updated with regulatory news. Learn what's new in vendor risk management from the week of July 24. We've put together a list of resources to check out. 

Read More

Best Practices

Three Questions You Must Ask Yourself Today to Find Out if a Vendor is Critical

Jul 26, 2017

You need to know the business impact risk of your vendors. Once you know that, you can figure out how they play into your financial institution’s business continuity plan. A way to start is to [...]

Read More

Due Diligence

NAFCU Risk Management Seminar: Networking, Third Parties and More

Jul 24, 2017

This week, we’re at the NAFCU Risk Conference in beautiful Denver, Colorado. For me, attending conferences, whether as a presenter or as an interested participant, is always exciting.

Read More

Best Practices

Staying On Top of Vendor Management News: Week of July 17

Jul 21, 2017

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

[...]

Read More

Best Practices

5 Things to Do to Be Proactive In Vendor Management

Jul 19, 2017

If you had an examination starting tomorrow, would you be ready? If one of your critical third parties announced it was ceasing business, would you be prepared? If there’s a big data breach at one [...]

Read More

Examination Preparation

Wire Fraud Risk and Closing Agent Oversight

Jul 18, 2017

There are several wire fraud schemes currently in circulation which will have an immediate impact on the housing industry, financial institutions and the end consumer.

  • We’ll look at the top 3 [...]
Read More

Due Diligence

4 Steps to Take When Vendor Management Guidance Lags Behind Technology

Jul 12, 2017

The creation and issuance of vendor management regulatory guidance takes quite a while – the process from start to finish can take months or even years. Meanwhile, the evolution of mobile [...]

Read More

Best Practices

The Importance of Vendor Management Department Independence

Jul 5, 2017

Vendor management should have its own department or group inside your financial institution. A best practice, perhaps even a fundamental expectation, is that third party risk management should be [...]

Read More

Best Practices

The CFPB Consumer Complaint Database: Performance and Customer Service

Jul 4, 2017

The mortgage industry has a curious relationship with the CFPB. While there are a few bad actors who fall foul of the CFPB enforcement actions...as an industry, we are striving to make mortgage [...]

Read More

Regulations

Staying on Top of Vendor Management News: Week of June 26

Jun 30, 2017

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

Read More

Best Practices

The Basics of Service Level Agreements For Vendor Contracts

Jun 28, 2017

As a professional in third party risk management, you probably hear the term service level agreement or SLA for short. Make sure you understand what they are. To help, we'll go through a few basic [...]

Read More

Contract Management

Staying on Top of Vendor Management News: Week of June 19

Jun 23, 2017

As we’ve mentioned before, one of the challenging issues in third party risk management is staying up-to-date on news and changes occurring in the financial services regulatory world. It’s [...]

Read More

Best Practices

Legal Insight: CFPB Announces Consent Order for Mortgage Servicing Violations

Jun 22, 2017

The CFPB recently announced that it has entered into a consent order with Fay Servicing, LLC (“Fay”) to settle alleged mortgage servicing violations.  A copy of the consent order can be found here

Read More

Regulations

15 Things to Do When An Examiner Comes to Town for Vendor Management

Jun 21, 2017

The examiner is coming, the examiner is coming!

DON'T PANIC! Seriously, there’s no need if you’re running a well-managed program. Let’s go through some of the key things you’ll want to do to plan [...]

Read More

Examination Preparation

Legal Insight: Kerfuffle on statute of limitations issue in PHH case

Jun 21, 2017

On June 7, the CFPB submitted a Rule 28(j) letter to the D.C. Circuit in the PHH case. In the letter, the CFPB embraced the fact that the Supreme Court’s recent Kokesh v. SEC decision makes the [...]

Read More

Regulations

Vendor Alignment Strategies: How Making Right Choices Impact Vendor Oversight Scope

Jun 20, 2017

The responsibility given to a vendor management department may vary across institutions. In some instances, the vendor management team may even have a voice when it comes to vendor selection and [...]

Read More

Due Diligence

Legal Insight: Treasury report on U.S. financial system recommends significant CFPB reforms

Jun 16, 2017

The report issued earlier this week by the U.S. Treasury Department to President Trump in response to his February 2017 Executive Order 13772, “A Financial System That CreatesEconomic [...]

Read More

Regulations

Legal Insight: ABA identifies various industry concerns in fair lending white paper submitted to Treasury Secretary

Jun 15, 2017

We previously reported on the Executive Order 13772 titled “Core Principles for Regulating the United States Financial System,” which is a high-level policy statement consisting of a series of [...]

Read More

Regulations

Vendor Ongoing Monitoring Often Overlooked

Jun 14, 2017

Vendor ongoing monitoring is required by all of the major regulators as a fundamental practice in third party risk management. So, why is it often overlooked? What happens if you fail to monitor [...]

Read More

Best Practices

5 Key Takeaways from OCC Bulletin 2017-21

Jun 13, 2017

Extra extra! Read all about it! Last week, the Office of the Comptroller of the Currency issued Bulletin 2017-21 –Frequently Asked Questions to Supplement OCC Bulletin 2013-29.

We thought it might [...]

Read More

Regulations

Legal Insight: New OCC FAQs on third-party relationships highlight bank arrangements with fintech companies and marketplace lenders

Jun 12, 2017

The Office of the Comptroller of the Currency has issued a new bulletin (2017-21) containing fourteen frequently asked questions to supplement OCC Bulletin 2013-29 entitled “Third-Party [...]

Read More

Regulations

Legal Insight: Financial institution agencies provide guidance to help alleviate appraiser shortage

Jun 9, 2017

The federal banking agencies together with the National Credit Union Administration (the “Agencies”) issued an Interagency Advisory on the Availability of Appraisers that is intended to help [...]

Read More

Regulations

What to Include In a Third Party Risk Board Report Package

Jun 7, 2017

In the past, we covered that the board needs to be involved in your vendor management program and how to figure out if they're involved enough. We also covered important points on what vendor [...]

Read More

Reporting

Raising the Bar In Third Party Risk : CFPB Formally Enters Technology Vendor Oversight

Jun 6, 2017

In the CFPB May release (Issue 15), the Consumer Financial Protection Bureau referenced updated guidance on third party oversight initiatives. We'll go through what it says, what it means and next [...]

Read More

Regulations

3 Areas to Watch If Your Vendor Is Acquiring Another Vendor

May 31, 2017

Today, companies merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to [...]

Read More

Best Practices

Third Party Issues Hidden In Plain Sight

May 31, 2017

In the story, “The Purloined Letter” by Edgar Allan Poe, one of the key themes was thatthe most obvious things are often hidden in plain sight – we just manage not to see them. The same is true of

Read More

Risk Assessment

What To Do If Your Software Vendor Gets Acquired

May 30, 2017

You did your due diligence on your vendor, you're going about your day to day duties, and suddenly you're notified that your software vendor is being acquired by another. Today, companies merge [...]

Read More

Best Practices

Third Party Risk Q&A: Auditor's Perspective and Best Practices

May 29, 2017

During our recent three day Vendor Management Bootcamp we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live sessions, so we have worked with the [...]

Read More

Best Practices

Third Party Risk Q&A: Risk Assessments

May 29, 2017

During our recent three day  Vendor Management Bootcamp, we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live sessions, so we have worked with the [...]

Read More

Best Practices

Third Party Risk Q&A: Critical Vendors and More

May 29, 2017

During our recent three day Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Third Party Risk Q&A: Vendor Due Diligence

May 29, 2017

During our recent three day Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Q&A: Third Party Risk Policy/Program and Financials

May 29, 2017

During our recent three day  Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Third Party Risk Q&A: Vendor SOC Report Types and More

May 29, 2017

During our recent three day Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Alternatives in Third Party Risk Management

May 24, 2017

As you may already know, I’m a cyclist. So, typically, I log a few miles every morning before work, amuse the neighbors by posting pictures of my ride on Facebook and generally enjoy rolling along [...]

Read More

Due Diligence

What Mortgage Lenders Need to Know About Fannie Mae Day 1 Certainty for Vendor Management

May 23, 2017

Earlier this year, Fannie Mae released their long-awaited Day 1 Certainty program. For the mortgage lender,this represented a glimmer of hope to be released from certain future reps and warranty [...]

Read More

Regulations

Legal Insight: DocuSign Breach a Strong Reminder to Manage Third-Party Service Provider Risks

May 22, 2017

DocuSign has confirmed that a data breach resulted in widespread malware phishing attacks targeting email addresses of more than 100 million of its customers. Companies that utilize DocuSign as a [...]

Read More

Cybersecurity

Legal Insight: White House Issues New Cybersecurity Executive Order

May 18, 2017

If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through [...]

Read More

Cybersecurity

It's Dangerous to Cut Vendor Management Corners

May 17, 2017

It can be tempting to cut corners when handling third party risk management at your institution. 

When I was a few years younger, I used to love to race in criterium style races… for those of you [...]

Read More

Best Practices

The Real Job of Third Party Risk Management – It’s Not About the Exam

May 10, 2017

I was chatting recently with a colleague of mine and realized that depending on your role, you could have different opinions regarding the goal of third party risk management. 

Read More

Best Practices

Criticality and Risk Rating Vendors

May 9, 2017

A vendor's criticality and risk rating are two different things, but they often get used interchangeably. We'll clarify them more for you to better understand.

Read More

Risk Assessment

SSAE 18 Now In Effect

May 3, 2017

With it being the first week of May, there's an important reminder to point out to the financial industry regarding SOC reports for vendor management. As of Mon, May 1, SSAE 18 is now in effect.

Read More

SOC Reports

How to Learn From a Vendor Management Enforcement Action

Apr 26, 2017

Enforcement action – for anyone involved in risk management, that term can give you an upset stomach. Why? An enforcement action typically means large problems and potentially hefty fines. They [...]

Read More

Regulations

Appraisal Management Company Vendor Oversight

Apr 25, 2017

The Appraisal Management Company (AMC) is a vendor which plays a vital role in the loan origination process. Regardless if your organization is a bank, non-bank, credit union or other type of [...]

Read More

Due Diligence

Why Must I Risk Rate EVERY Vendor?

Apr 19, 2017

There's a question I get asked often - "Why must I risk rate EVERY one of my vendors?" Many times at conferences and in follow up to webinars, this is a popular question, because I think it drives [...]

Read More

Risk Assessment

UDAAP Enforcement Actions

Apr 12, 2017

One of the real regulatory hot buttons over the past few years is around UDAAP – Unfair, Deceptive, or Abusive Acts, or Practices. There have been numerous UDAAP violations with some pretty [...]

Read More

Regulations

CFPB Has Expanded Its Vendor Management Reach

Apr 11, 2017

CFPB exams for the non-bank lender have matured in recent years. The scope of the examination process has expanded to include a much more thorough review of vendor oversight.

Read More

Regulations

The OCC Isn’t My Regulator - BUT They Still Matter to You

Apr 5, 2017

The OCC came out with new guidance on January 24, 2017 - they published the supplemental examination guide for third party risk management, titled OCC Bulletin 2017-7. So, if you’re at a credit [...]

Read More

Regulations

How mature is your vendor management program?

Mar 29, 2017

A topic we hear a lot at industry conferences and webinars is the maturity of your vendor management program. What exactly does this mean? Let's go through that now...

Read More

Best Practices

Vendor Oversight Practices For Post Closing Quality Control Audit Vendors

Mar 28, 2017

Quality control audit firms play an important role in the review function of loan files. This requirement is performed at the pre-funding and post funding stage of the loan origination process. [...]

Read More

Due Diligence

UDAAP Violations Show Vendor Management Programs Still Need Work

Mar 22, 2017

If you don’t read anything else this week on vendor management, read this! Recent studies by Protiviti and Crowe Horwath show that vendor risk management maturity has improved significantly, but [...]

Read More

Examination Preparation

Your vendor just got acquired so now what?

Mar 15, 2017

On March 13, 2017, as the East Coast of the US was awaiting the latest snowpocalypse or snowmageddon, really big news broke related to vendor management – D+H was acquired and will be merged with [...]

Read More

Due Diligence

CFPB Issues Supervisory Highlights Consumer Reporting (Issue 14)

Mar 14, 2017

March 2nd, the CFPB issued Supervisory Highlights Consumer Reporting Special Edition (Issue 14), Winter 2017. For those who have had a less than perfect experience when interacting with a consumer [...]

Read More

Due Diligence

What To Know About SSAE 18 For Your Vendor Management

Mar 8, 2017

We had SAS 70, then SSAE 16...now SSAE 18 will be making an entrance in May of this year. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your [...]

Read More

SOC Reports

Your Vendor Oversight Is Only as Strong as Your Contract

Mar 1, 2017

For the non-bank lender, the process of vendor oversight begins prior to establishing an annual audit schedule. And like any good process, it begins well at the beginning - the contract. [...]

Read More

Contract Management

Good & Bad News About the State of Vendor Management In 2017

Feb 22, 2017

How are financial institutions handling vendor management for 2017? After surveying over one hundred people, we have good and bad news to share, data to back it up and how to make the bad news [...]

Read More

Examination Preparation

10 Signs That a Third Party Relationship Is Going Sour

Feb 15, 2017

There are times when even the best of relationships fall apart. But, there's also usually plenty of early warning signs. So, let's look at a few of them related to your vendors – these are just a [...]

Read More

Contract Management

Actions Required to Comply with OCC Bulletin 2017-7

Feb 8, 2017

On Tuesday, January 24, 2017, the Office of the Comptroller of the Currency issued new regulation - Bulletin 2017-7. It's supplemental guidance on the approach examiners must take when reviewing [...]

Read More

Regulations

CFPB Exams for the Non-Bank Lender & How to Leverage as a Vendor Oversight Function

Feb 7, 2017

Banks, credit unions and non-bank lenders have all been audited in some fashion by state or federal regulators during their lifetime. In recent years, the CFPB (Consumer Financial Protection [...]

Read More

Examination Preparation

Why Vendor Document Management Is Essential to Your Third Party Risk Program

Feb 1, 2017

How often do you check your oil in your car? The air pressure in your tires? Do you take your car in for routine maintenance? Or do you ignore everything until a warning light appears on the [...]

Read More

Due Diligence

Exam Preparation: Have These 8 Vendor Management Items Ready

Jan 25, 2017

You should prepare for an exam before you're officially given notice of it. There are items to have ready ideally 3 or 4 months before any potential exam window.

Read More

Examination Preparation

5 Key Provisions to Look for in Critical Vendor Contracts

Jan 18, 2017

Whether reviewing a new critical vendor contract or negotiating new terms and conditions of an existing one, there are many elements you need to consider.

Read More

Contract Management

Creating A Culture of Compliance for Third Party Risk Management

Jan 11, 2017

With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.

I was recently at a [...]

Read More

Due Diligence

Is Sr Management & Board Involved Enough In Vendor Management? Ask These Questions

Jan 4, 2017

A few weeks ago we discussed the importance of senior management and board involvement regarding vendor management. How do you know if you're following the OCC Bulletin 29-2013 guidance and OCC [...]

Read More

Best Practices

Vendor Management 2017 - What's In Store?

Dec 28, 2016

I anticipate that there will be quite a few changes looming in the new year - 2017. Some examples include change of Dodd-Frank, increased pro-bank feel, change of examination cycle and [...]

Read More

Regulations

Venminder's Top Vendor Management Downloads of 2016

Dec 23, 2016

Throughout the year we have created lots of infographics, ebooks, guides and more to help you and your peers with vendor management. Your peers have found these resources to be the most valuable [...]

Read More

Best Practices

Vendor Management 2016 Review

Dec 21, 2016

2016 – the year of third party risk and cybersecurity. As 2016 winds down, we should look back and think about what we’ve seen this year. There have been many extraordinary events in the world of [...]

Read More

Regulations

In Vendor Management, What's a MRA?

Dec 14, 2016

I was recently asked what a MRA is and what it really means. Well, if you’re a compliance officer at a financial institution, that acronym is enough to send a shiver down your spine.

Read More

Regulations

Watch for Changes At Your Third Party Companies

Dec 7, 2016

Just as the leaves changing or the geese migrating herald the change of seasons, things change for companies as well. And, if those companies are a critical third party of yours, you need to be [...]

Read More

Due Diligence

Board Vendor Management Involvement Is Needed & Required

Nov 30, 2016

If you’re a senior manager or a member of a board of a financial institution, you must be directly involved in many things, including vendor management. If there was any doubt about that, the OCC [...]

Read More

Examination Preparation

Thankful for Vendor Management Technology

Nov 23, 2016

While I may not be entirely thankful for the heightened state of today’s regulatory environment, I am thankful that we live in a time of innovation and, therefore, have helpful tools to assist in [...]

Read More

Outsourcing

What vendor management information should I be reporting?

Nov 16, 2016

Reporting to senior management and/or the board is not just a good practice; it’s actually a requirement of regulatory guidance. So, what should you prepare in terms of a report?

Read More

Reporting

Am I supposed to risk rate EVERY vendor?

Nov 9, 2016

The simple answer is “yes”. If they fall within the scope of your third party risk management program – and remember, your scope should be well documented on who is included and, just as [...]

Read More

Risk Assessment

What Do I Do If a Vendor Won't Provide a Document?

Nov 2, 2016

Here's a classic dilemma – what happens when a vendor simply won’t give you the documents you need to complete due diligence? Do you stand up and walk out on them? Usually not... but you do need [...]

Read More

Due Diligence

17 Vendor Management Horror Stories

Oct 26, 2016

Vendor management doesn't always go smoothly, and sometimes can get quite frightening. In the spirit of Halloween, check out these 17 vendor management horror stories followed by ways to stop or [...]

Read More

Examination Preparation

New Video Series Third Party Thursdays Launched

Oct 21, 2016

We have exciting news! Have you heard? Yesterday, we launched our new educational video series - Third Party Thursdays. Every Thursday, we will post a new video that will focus on a different area [...]

Read More

Best Practices

Addressing Insider Threats, Cyber Attacks & Data Security

Oct 19, 2016

As tiring as it may sound, training is still the most important risk mitigation factor in reducing the number of insider threats. Insider threats originate either through the vulnerability of [...]

Read More

Cybersecurity

Staying On Top of Vendor Management News

Oct 12, 2016

One of the most important and challenging parts of working in risk management is staying out of the news – that’s always a good goal, not to be in the news in a negative way. But equally [...]

Read More

Best Practices

A Well-Known Vendor Doesn’t Mean It's a Safe Vendor

Oct 5, 2016

You’re getting ready to do business with a huge industry leader. Why, there’s no need to try to do the usual due diligence, is there? They have to be safe.

I mean, they’re never going to give us [...]

Read More

Due Diligence

The Importance of Explaining Your Vendor Management Team’s Qualifications

Sep 28, 2016

You’ve probably updated your organization chart for your bank or credit union's compliance and third party risk management teams. You’ve likely had to explain it to Human Resources or go to senior [...]

Read More

Best Practices

Vendor Management Procedures and the Job Swap

Sep 21, 2016

Anyone who knows me knows I have a few obsessions – I’m cyclelogically obsessed with my bicycle and I am an absolute NASA-nut (thanks to Twitter and NASA Social for taking me to some really great [...]

Read More

Best Practices

Mic Cue FDIC: Matters Requiring Board (and your) Attention

Sep 14, 2016

On Aug 22, 2016, the FDIC released the Summer edition of its Supervisory Insights Journal. Okay, officially, it was FDIC Financial Institution Letter 57-2016, but that’s too much of a mouthful, so [...]

Read More

Regulations

7 Ways to Stay in Tune with Vendor Management Best Practices

Sep 7, 2016

Unfortunately, there’s no magical solution to getting your staff up to speed and keeping them there. There’s no handbook or vendor management Bible, and even the best guidance only gets somewhat [...]

Read More

Regulations

5 Key Considerations to Outsourcing Vendor Management Tasks

Aug 31, 2016

We were recently asked if there is a certain size threshold at which an institution should or should not consider outsourcing. The discussion led to a lot of thoughts – but when it came down to [...]

Read More

Outsourcing

Put a Helmet on Your Financial Institution's Vendor Management

Aug 24, 2016

No serious cyclist would ever dream of riding their bicycle without wearing a helmet. Personally, having been hit by a car twice while cycling, I probably should wear a helmet every time I talk [...]

Read More

Contract Management

Planning for next year? Don’t forget vendor management!

Aug 17, 2016

I was very fortunate when I worked in a bank; I generally always got the support and investment that I needed to run a third party risk management program.

Talking to my colleagues throughout the [...]

Read More

Budget

How you should treat 4th party vendors

Aug 3, 2016

Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!

What in the world is a fourth party [...]

Read More

Fourth Party Vendors

The Importance of an Exit Strategy

Jul 20, 2016

Why do I want to go into a relationship thinking about the exit?

It does seem counter-intuitive, I suppose. You're all excited about signing up this great new provider who is going to help solve [...]

Read More

Contract Management

Why SLA’s are so important

Jul 6, 2016

You’re excited to be working with a terrific new vendor. Let's go through the process.

You’ve done your due diligence, written a thorough risk assessment, gotten it approved by your risk committee [...]

Read More

Contract Management

Due diligence - regulation or just good business practice?

Jun 22, 2016

Why do we do due diligence?

There is always the natural tension between wanting to get to market with a good idea or new service provider and the need to do your homework and make sure the [...]

Read More

Due Diligence

Characteristics of a Good Vendor Relationship

Jun 15, 2016

Okay, I’ll admit it – there are always certain companies that I admire and are my favorites to do business with. 

I won’t name names, but as you read this, hopefully you can identify ones of your [...]

Read More

Contract Management

Creating an Effective Vendor Contract Management System

Jun 10, 2016

Of all of the areas of third party risk management, perhaps the most difficult is handling contracts effectively. Whether it’s negotiating, tracking or simply finding all of them, contracts can be [...]

Read More

Contract Management

Your Vendor List - The Creation, Managing and Ongoing Maintenance

Jun 3, 2016

Anywhere your company is spending money for a product or service, well, that’s a vendor of some sort. As part of your vendor management, you need to start by knowing who exactly your vendors are

Read More

Due Diligence

Let’s talk about financials…

May 25, 2016

Not all due diligence should be rated equal

Due diligence should always be risk-based and tailored to the appropriate risks represented by the third party relationship. Lots of the items collected [...]

Read More

Financials

Prince ...and what it means to keep your vendor management practices up with the times

May 11, 2016

Since Prince’s passing, the lyrics to his song “1999” kept coming to mind, which then triggered me to think about how vendor management has changed from then to now.

Read More

Regulations

The ADP breach is a good reminder to always be on the lookout!

May 4, 2016

You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data. 

Read More

Information Security

Why Due Diligence Is So Important - Some of the best advice I ever received

Apr 27, 2016

A little over ten years ago, I was leaving MBNA America following an acquisition by Bank of America. 

I really hadn’t searched for a job in nearly 20 years, so I wasn’t quite sure where to start.

[...]

Read More

Due Diligence

Spreadsheets for Vendor Management Just Don’t Cut It Anymore

Apr 13, 2016

Using Excel for your vendor management can make the data cumbersome for you to manage and difficult for your examiner to read. So why are you still using those spreadsheets?

It's time to move on! [...]

Read More

Outsourcing

Back to Basics: 5 Core Elements for your Vendor Management Program

Mar 30, 2016

Vendor management has been around for years. Having a firm grasp on the companies with whom you are doing business is not new, but the regulatory expectations continue to evolve and grow.

Whether [...]

Read More

Due Diligence

4th Party Vendors: How far do you need to go?

Jan 6, 2016

Just when you thought you had your arms around your vendor management program, auditors and examiners have been inquiring about your “vendor’s vendors”.

It’s understandably perplexing to figure [...]

Read More

Fourth Party Vendors

8 Tips for Vendor Management in 2016

Jan 1, 2016

Happy New Year! Our team has got vendor management covered for 2016, we'll be releasing new helpful content to the industry every week. 

To help kick off your New Year and keep your  vendor [...]

Read More

Best Practices

Bank Vendor Management Challenges of 2015 Recap

Jan 1, 2016

Vendor management can be difficult. Throughout 2015 we were curious what specific challenges banks were facing, so... we asked. Here's a list of what banks especially struggled with this year. [...]

Read More

Due Diligence

Credit Union Vendor Management Challenges of 2015 Recap

Jan 1, 2016

It's no secret that with vendor management, comes many challenges. Throughout the year we asked credit unions specifically what those challenges were for them. Here's a recap of what those credit [...]

Read More

15 Reasons To Be Thankful To Your Vendors

Nov 25, 2015

We've yet to come across a financial institution that does not have a vendor, and vendors of course means vendor management.

So, in the spirit of Thanksgiving, we decided to put together a fun [...]

Read More

Due Diligence

What is your biggest Vendor Management Challenge?

Oct 9, 2015

Credit unions and banks face many challenges specifically with vendor management. To make sure we keep up with what those pain points are, we continually ask financial institutions' employees to [...]

Read More

Best Practices

Budget Time. Take an Examiners Advice - Remember Vendor Management

Sep 8, 2015

While talking to a prospect recently, he shared a comment that his examiner made from a recent exam. It went something like this:

You need to put away the manual spreadsheets and look into a [...]

Read More

Examination Preparation

5 Tips to Choosing the Right Vendor Management Partner

Sep 4, 2015

Chances are you would not only like someone to help you get the work done but also help you raise your vendor management game. Will they further your vendor management education? Are your [...]

Read More

Outsourcing

3 Keys to Cost Justifying Outsourced Vendor Management

Sep 1, 2015

The job is big, you know you have to do it, there’s not enough of you to go around and the examiners will be there soon. What’s the answer?

Read More

Outsourcing

3 Signs It May Be Time To Hire A Vendor Management Partner

Aug 27, 2015

As you are well aware, Vendor Management at your bank or credit union is not an optional activity. 

Read More

Outsourcing

The Finer Points Of A SOC 2

Aug 11, 2015

In review, a SOC 1 report reviews financial and audit controls of a vendor. Basically a SOC 1 tells you if your vendor manages their books well (or not). But is it the right report for you? Does [...]

Read More

SOC Reports

3 Areas To Look Out For In Your Vendor 10-K's

Aug 7, 2015

While you can use other reports for financial analysis, the 10-K is highly recommended to review the financial, legal and risk information about your vendor. The 10-K is formatted identically for [...]

Read More

Financials

What You Need to Know About Vendor Penetration Testing

Jul 31, 2015

Your vendor should be guarding against intrusion into the systems network from the outside and conducting regular penetration testing through a qualified credible resource.

You should insure that [...]

Read More

Cybersecurity

6 Tips to Understanding a SOC 1 Report

Jul 24, 2015

Let’s start with a basic description of a SOC 1 report. A SOC 1 describes the system of internal controls in place at a service organization regarding internal controls over financial reporting.  [...]

Read More

SOC Reports

Venminder Setting the Industry Standard for Vendor Management

Jul 17, 2015

This interview is part of an ongoing series where 2ONE6 International speaks with various FinTech providers as well as financial institutions that choose to partner with the innovators in this [...]

Read More

Best Practices

SOC 1, 2 or 3 – Understanding the Differences

Jun 25, 2015

If you’re a bank or credit union then you likely already understand that you should be asking many of your vendors for a SOC report, especially your critical or high risk vendors.  

Have you [...]

Read More

SOC Reports

The unintended consequences of declining vendor financial performance

Jun 5, 2015

Should you discover that your bank or credit union vendor's income and financial performance is declining, there are some unintended consequences you need to look out for.

Read More

Financials

Revenue has increased so the health of my vendor is better, right?

May 22, 2015

Not necessarily...

At Venminder we get this question alot. So, here are a few areas that you need to look at first before coming to that conclusion.

Read More

Financials

4 Tips to an Accurate Vendor Financial Performance Assessment

May 15, 2015

As you review your vendors financial health, here are 4 tips to an accurate vendor financial performance assessment.

Read More

Financials

What are your Bank or CU's Vendor Management Challenges?

Apr 9, 2015

Vendor management has many challenges, but what are your peers saying is their biggest challenge?

We asked a group of financial professionals just what their biggest vendor management challenge is [...]

Read More

Examination Preparation

5 Contract Management Tips to your Pot of Gold

Mar 17, 2015

Cost management begins and ends with effective contract management

Here are 5 simple tips for contract management at your financial institution to help you find that pot of gold: 

Read More

Contract Management

.Bank Domain: What you Need to Know

Mar 10, 2015

Background

In 2008, the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the registration of internet domain names, approved a program to open up the Internet to [...]

Read More

Frequently Asked Bank & Credit Union Vendor Management Questions

Feb 17, 2015

Vendor management can be an arduous, time consuming process. Most banks know their critical vendors. However, they are typically missing the proper tools and/or knowledge to accurately document [...]

Read More

Wisely Restructuring Requires Strong Internal Management

Aug 19, 2014

Contrary to popular belief, you cannot just pick up your Core and IT service contracts a few months before expiration and hope to get it restructured in a way that is favorable to the franchise.

[...]

Read More

Best Practices

ALL contracts matter, not just your biggest ones

Aug 12, 2014

I recently got a call from an industry friend who knows how passionate I am about community banking and the technology providers that support it. He was curious. I have been a technology provider [...]

Read More

The Other M&A Discussion – Facts Vendors Never Share

Mar 26, 2014

Fresh off of a 5 week speaking junket, through Austin, Vegas, Naples, Phoenix and Honolulu, I have learned a lot about what is NOT being discussed amongst bankers when it comes to M&A.

I sat [...]

Read More

The Real Impact of Core IT Vendor Consolidation on YOU

Mar 4, 2014

In October we highlighted a clear and present danger resulting from the further consolidation of the Core IT vendors. Fewer vendors exist than ever before and the impact to your service level, [...]

Read More

Vendor Mergers: Resistance is Futile, You Will Be Assimilated

Feb 27, 2014

Trekkie fans will understand the reference to the BORG and what it feels like when you don’t have many choices. The assimilated Captain Picard provides this famous line, “…from this time forward [...]

Read More

Growing Concerns Surrounding Vendor Management

Feb 18, 2014

You’ve likely picked up on the growing concerns of regulatory agencies surrounding financial institution’s management of their third party vendors. These concerns are well-grounded and will become [...]

Read More

Do You Know Who You Are Working With?

Feb 13, 2014

Many organizations are initially reluctant to explore the concept of utilizing external service providers to perform critical business functions out of fear of “losing control” of the process.

[...]

Read More

Due Diligence

Under $500M? Tips for Preparing for a Potential Sale

Feb 4, 2014

A recent poll of 10,000+ CEOs and CFOs uncovered a very interesting result:  The majority agreed they would participate in M&A in some way however, very few sheepishly admitted (3%) to wanting to [...]

Read More

M&A Preparation: Old Wisdom vs. New

Jan 29, 2014

For an institution implementing a future merger strategy, what would another $250,000+ per year in additional profit mean (without having to make a single loan)?

Smart Leaders Rethink M&A Prep

A [...]

Read More

Vendor Oversight is all about Risk Management

Jan 8, 2014

Bankers have been evaluating, selecting, contracting, partnering and un-partnering with third parties as a matter of normal course of business at least since the beginning of modern banking. [...]

Read More

Ready For a Change

Dec 5, 2013

say that I like change. Change is good. Change is healthy. Innovation depends on change. The reality however is that, as much as I advocate it, I don’t really like change very much. Change can [...]

Read More

After the Chaos. How do your self-serve options look now that the dust of implementation has settled?

Oct 29, 2013

The past couple of decades have been focused heavily on rolling out technology to allow banking customers to self-serve. If you’re like most institutions, your implementations involved multiple [...]

Read More

Big League Resources for Smaller Players

Oct 1, 2013

Capgemini renews $250 million outsourcing agreement with General Motors. Reader’s Digest and HCL Technologies finalize seven-year $350 million services deal. Proctor and Gamble signs ten-year $3 [...]

Read More

Vendor Management: Building Trust

Aug 13, 2013

Close your eyes and imagine for a moment that many of the business challenges that keep you awake at night are now secondary concerns. You suddenly have the right production capacity throughout [...]

Read More

Vendor Management: A Successful Recipe for a Critical Vendor Review

Jul 18, 2013

As I talk to financial institution management I find that most adopt my old habit of quick not great. The amount of time most vendor managers spend on their annual reviews of critical vendors is [...]

Read More

Managing High Risk Vendors: Don’t Start in the Weeds

May 7, 2013

We all have seen the unbelievable risk matrices supplied by our auditors and hinted at by the FFIEC. These guides are all well-intentioned but have the effect of turning a good business practice [...]

Read More

Vendor Management: Disaster Recovery

Apr 23, 2013

Updated July of 2016

There is never a shortage of reporting on the various disasters that happen in this country, however, there is rarely any focus on “recovery.” Most managers would define [...]

Read More

Does the relationship with your card program need a little counseling?

Feb 20, 2013

ATM and Debit Cards. At one point the relationship was new and you focused all your attention on glossy brochures, preventing fraud and increasing transactions.

But then internet banking, and [...]

Read More

Vendor Risk Management: Service Level Agreements (SLA)

Feb 13, 2013

Finally, a vendor risk management topic on which most vendor managers feel they do well. After all, you tell the vendor what you expect and they agree. How hard can that be? Not hard at all if [...]

Read More

Written by

Follow