(270) 506-5140 CONTACT US
Login

Venminder Blog

Dec 31, 1969 by

Best Practices

14 Steps to Improve Your Vendor Risk Management

Dec 12, 2018

Having an effective strategy for vendor risk management is critical to protect your organization and your customers. Continuing to make improvements to your existing policy, program and procedures [...]

Read More

Vendor Management

How Much Vendor Oversight Is Enough?

Dec 11, 2018

While vendor risk management and compliance in general could be perceived as being a cost center, we often hear from clients who ask this one question which causes a pause...how much is enough [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of December 3

Dec 7, 2018

There was so much news this week, I don’t even know where to start – the massive Marriott data breach, the CFPB Ombudsman’s report, the political controversy swirling at the CFPB (as well as its [...]

Read More

Contract Management

7 Next Steps to Handle Your Naughty Vendors

Dec 5, 2018

Do you have vendors that you’d categorize as naughty around this time of year? Don’t worry, we’ll cover ways to handle them.

Read More

Best Practices

Top 10 Vendor Risk Management Best Practices to Take into 2019

Dec 4, 2018

It’s the last month of the year! When you leave behind 2018, don’t leave behind third party risk management best practices though. We have the top 10 vendor risk management best practices to take [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 26

Nov 30, 2018

At first glance, it looks like a sparse news week, but then when you look more closely, there’s a lot here – Deputy Fed Chair Quarles taking over a global regulatory function, a major UDAAP [...]

Read More

Best Practices

How to Scale Your Vendor Risk Management Program

Nov 28, 2018

Ready to grow or expand your vendor risk management function? Do you know what to think about when scaling your program? There are a number of factors to consider. Let’s go through them.

Read More

Risk Assessment

What Happens When a Vendor Gets a Poor Risk Rating

Nov 27, 2018

A vendor risk assessment should be performed on a third party vendor in order to properly assess and determine the risk posed to your organization. This should be done during both the vendor [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 19

Nov 23, 2018

Check out the articles we deemed important for this week from the world of third party risk management. Articles mention FDIC, SEC, exam consistency and more. Read below. 

Read More

Examination Preparation

6 Steps to Developing a Successful Internal Vendor Management Audit Program

Nov 21, 2018

Internal audit programs are important as they can help identify gaps and areas that may have been overlooked. It’s important to understand the basic steps to a successful internal vendor [...]

Read More

Outsourcing

6 Things to Watch Out for with Your Vendor Management Software

Nov 20, 2018

In any line of business, changing a vendor service is no easy task. The same thoughtful consideration should be given to the vendor management tool which will, ultimately, be the cornerstone of [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 12

Nov 16, 2018

Stay updated in the world of third party risk management by reading some articles that we recommend. Topics this week include more on enforcement actions, risk management and compliance, [...]

Read More

Regulations

Examinations Change from 12 to 18-Month Cycle for Under $3 Billion Institutions

Nov 14, 2018

In the second and third quarters of 2018, several of the major financial services regulators issued an interim final rule extending the examination cycle for well-managed institutions from 12 [...]

Read More

Best Practices

How to Improve Efficiency in Your Vendor Risk Management Program

Nov 13, 2018

It’s not enough that you have established a vendor risk management program that meets or exceeds regulatory guidance and audit requirements. Your organization should also make sure that your [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of November 5

Nov 9, 2018

We’ve had a little bit of everything as far as third party risk news this week – from new FFIEC information, cyber issues and, oh yes, an election causing gridlock. Read those articles and more [...]

Read More

Outsourcing

6 Things to Do Now to Your Third Party Risk Management Program for 2019

Nov 7, 2018

It’s November! Where did 2018 go and why haven’t I dove back into my vendor management program? This is certainly a common conversation we have with clients here at Venminder. By taking these 6 [...]

Read More

Outsourcing

Do You Have the Right Third Party Risk Management Software Provider? 10 Questions to Ask Yourself

Nov 6, 2018

Are you outsourcing your third party risk management functions to a software provider? If so, have you ever stopped and thought about if the company is the right fit for your organization? I [...]

Read More

Best Practices

Top 5 Reasons to Be Thankful for Third Party Risk Management

Nov 6, 2018

Third party risk management is a comprehensive concept and can be very demanding at times. We fully understand that there are challenges presented to you on a daily basis that keep you and your [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 29

Nov 2, 2018

There has been lots of news this week – none bigger than the announcement that the FTC is going to open its complaints database to the public, much as the CFPB has done. That is not just big news, [...]

Read More

Cybersecurity

Top 10 Questions in Vendor Cybersecurity Questionnaires

Oct 31, 2018

When building a vendor questionnaire or reviewing a questionnaire completed by a vendor, it’s essential to ask the right questions to properly understand the vendor’s cybersecurity environment. [...]

Read More

Best Practices

Vendor Data Breach Notifications: Are You One of the Many Organizations Left in the Dark?

Oct 30, 2018

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 22

Oct 26, 2018

This was an eventful news week in the world of regulatory risk. On our headlines, I’ve captured only two of the fines that were levied this week, but there were several others of smaller note. In [...]

Read More

Regulations

Consider ALL Third Party Risk Management Regulatory Guidance

Oct 24, 2018

Last year, I spoke at a conference and, as I wrapped up, a member of the audience approached me and shared that he thought if he is doing well with complying to FDIC guidance, he shouldn’t need to [...]

Read More

Best Practices

Vendor Management Policy Document: What You Need to Know

Oct 23, 2018

A vendor management policy is a document that informs senior management and the board about the activities provided in the vendor management program. A well-written vendor management policy is the [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 15

Oct 19, 2018

We've selected some insightful stories below related to third party risk management that we found interesting from this past week. Biggest news this week is CFPB claims it will define “A” for [...]

Read More

SOC Reports

Red Flags in Critical Vendor SOC Reports

Oct 17, 2018

When you begin your initial due diligence or regular monitoring of a vendor, one of the first things to do is to request all their SOC reports. You also need to ask for the SOC reports for any [...]

Read More

SOC Reports

What's the Significance of a Vendor's Bridge Letter?

Oct 16, 2018

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 8

Oct 12, 2018

We've selected some top stories below related to third party risk management that we found interesting from this past week. There’s more on cybersecurity, fines, data breaches and more.

Read More

SOC Reports

How, Why and When to Request a SOC Report from Your Vendors

Oct 10, 2018

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

Read More

Due Diligence

Vendor Management: What Are Vendor Due Diligence Reviews?

Oct 9, 2018

Not only is it a regulatory requirement but it’s also a sound business practice to conduct due diligence on all vendor relationships that provide the organization with a product or service.

Read More

SOC Reports

Experienced Auditor's Perspective on Vendor Cybersecurity, SOC Reports and Best Practices

Oct 8, 2018

Recently, as part of our Venminder Thought Leadership series, I had the opportunity to speak with Mike Morris at Porter Keadle Moore (PKM). In this series we speak with the industry’s sought-after [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of October 1

Oct 5, 2018

Read some top stories below related to third party risk management that we found interesting from this past week. There’s news on cybersecurity, words from the new FDIC director and even a cartoon [...]

Read More

Best Practices

Managing IT Vendor Security Risk

Oct 3, 2018

Through your vendor risk management program, you’re supposed to monitor your vendor’s information security and cybersecurity practices. As part of that, you need to manage the vendor’s information [...]

Read More

Best Practices

7 Scary Scenarios to Avoid in Vendor Risk Management

Oct 2, 2018

Vendor risk management doesn’t always work out as planned and when that's the case, the end-result can be quite chilling.

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 24

Sep 28, 2018

This past week in the world of third party risk there have been interesting stories on a SEC enforcement action related to lack of cybersecurity preparedness, the OCC’s 2019 supervisory plans, [...]

Read More

Best Practices

8 Vendor Risk Management Tips for a Successful Vendor Management Outsourcing Partnership

Sep 26, 2018

Choosing a partner to help with your vendor risk management program is an important consideration and one that requires planning, research and effort. While companies say they’re the perfect [...]

Read More

Information Security

3 Information Security Principles to Use within Your Vendor Management Program

Sep 25, 2018

With the increase in cybersecurity breaches, it’s critical to monitor and fully understand your vendor’s information security posture in order to protect the company from unnecessary risk. There [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 17

Sep 21, 2018

Summer is officially over, and the leaves are changing for fall. But the leaves aren't the only thing changing right now - more and more fintechs are moving to Atlanta and making it their home, NY [...]

Read More

Best Practices

How to Outsource and Select Vendors That Fit Your Organization’s Business Model and Needs

Sep 19, 2018

Organizations have become more involved in outsourcing and, as a result, are presented with challenges in managing the risks associated with selecting and managing vendor partners. Outsourcing has [...]

Read More

Best Practices

8 Items You Should Be Reviewing During Your Internal Audit

Sep 18, 2018

I often think of an internal audit as a helpful check-up – it's a great time to find areas that may be problematic before they become a big problem. Having had some very favorable internal audits [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 10

Sep 14, 2018

With Hurricane Florence rolling through the U.S. this week, we're reminded to check in on ours and our vendor's disaster recovery plans. From everyone here at Venminder, we hope you're all staying [...]

Read More

Best Practices

Who Is Considered a Third Party or Vendor?

Sep 12, 2018

A third party is a company or entity with whom you have a written agreement to provide a product or service on behalf of your organization to your customer or upon whom you rely on a product or [...]

Read More

Best Practices

SSAE 18: The Full Overview for Vendor Management

Sep 11, 2018

The purpose for the creation of the SSAE 18, in May 2017, was to clarify the auditing standards and to reduce duplication within similar standards covering examinations, reviews and agreed-upon [...]

Read More

Regulations

Vendor Risk Management Thought Leadership Discussion with Consumer Financial Attorney

Sep 11, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of September 3

Sep 7, 2018

We've put together the latest news on vendor risk management to keep you in the know. 

The Fed focuses on UDAP, you might see a new set of cybersecurity standards in the near future, US Treasury [...]

Read More

Best Practices

You’re Accountable for Third Party Risk Regardless of Organization Size

Sep 5, 2018

As a manager at a large organization, you rely on the efforts of an entire team of people. Since the financial crisis a decade ago, one thing has become abundantly clear from the regulators’ [...]

Read More

Examination Preparation

Vendor Oversight: 5 Easy Steps to Plan the Annual Audit Schedule

Sep 4, 2018

Based on a few industry surveys, the #1 vendor risk management challenge facing organizations is TIME. Plan and execute early on the steps below and you’ll be on your way to performing audits and [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 27

Aug 31, 2018

This week in third party risk related news: Chase Bank hit with downgrade as a result of improper third party risk management, cybersecurity remains a topic of focus, working with fintech [...]

Read More

SOC Reports

Why and When You Look at a Fourth Party’s SOC Report

Aug 29, 2018

Some say that your business is only as good as your employees. The same can be said for your vendors, as they are only as good as their vendor (your fourth party). A fourth party vendor is your [...]

Read More

Contract Management

7 Ways to Drive Effective Vendor Contract Management at Your Organization

Aug 28, 2018

Let’s face it – a very difficult part of vendor risk management, particularly in mid-sized organizations, is usually the vendor contract management process. Why exactly is that? Well, unless you [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 20

Aug 24, 2018

An update on the OCC fintech charter, the latest in regtech, Merrill Lynch pays $8.9 million fine in SEC action with major third party implications, ECOA on third parties and more! Read below for [...]

Read More

Best Practices

10 Actions for Effectively Managing Your Third Party Risk Management Program

Aug 22, 2018

Creating an effective third party risk management program takes a lot of work. There are a few critical elements to making certain your practices are robust and sustainable. Let’s look at 10 that [...]

Read More

Examination Preparation

SEC Exams Emphasize Vendor Risk Management

Aug 21, 2018

The Securities and Exchange Commission, or SEC, oversees securities transactions, financial professional activity, mutual funds and more to protect investors, prevent fraud and deception and [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 13

Aug 17, 2018

New enforcement actions and continued analysis of the CFPB changes and the fintech charter dominate this week’s headlines - read these stories and more below for this week's third party risk [...]

Read More

Outsourcing

Outsourcing Success Tips: 8 Best Practices for Managing Your Vendor Relationships

Aug 15, 2018

Outsourcing a product or service comes with a price tag. Whether you think of it as an expense or simply the cost of compliance, you may often find that the work of outsourcing, while falling in a [...]

Read More

Contract Management

6 Key Provisions to Know for Vendor Contracts

Aug 14, 2018

When reviewing a new critical vendor contract, or negotiating terms for an existing one, you should be looking at specific provisions to ensure compliance with industry regulations and standards. [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of August 6

Aug 10, 2018

This week's vendor management industry news includes analysis of the new fintech charter (some vastly different viewpoints), an article that reminds us that third party risk is not just a [...]

Read More

Regulations

Regulatory Reform – What Does It Mean for Third Party Risk Management?

Aug 8, 2018

A great deal of news recently has followed the various congressional initiatives to “roll back” portions of the Dodd-Frank Act. In the latter portion of the second quarter, a bill passed and was [...]

Read More

Risk Assessment

Need a Reminder Why Third Party Risk Management Is So Important? Consider Airport Security

Aug 7, 2018

At a conference we attended this year, one presenter represented a global bank and was responsible for global third party risk. He and his team were responsible for performing both assessments via

Read More

Best Practices

Third Party Risk from a Prepaid Expert’s Perspective

Aug 6, 2018

As part of our Venminder Thought Leadership Series interview where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 30

Aug 3, 2018

This week in third party risk news, there have been a number of mishaps that seemingly could have been avoided with proper vendor risk management. Read below for notable lessons on verifying your [...]

Read More

Contract Management

The Difference Between a Vendor Contract and a Service Level Agreement (SLA)

Aug 1, 2018

Understanding the Vendor Contract

A contract is an agreement between two parties creating a legal obligation for your organization and vendor to perform specific acts. Each of the parties to the [...]

Read More

Best Practices

Reading the News Is Good for Business and Third Party Risk Management

Jul 31, 2018

I confess that I love to read the news. It’s a practice I learned early on at MBNA America. One of our executives, long before the days of internet news feeds and automated alerts, made a practice [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 23

Jul 27, 2018

WIth a history of risk management failures, Wells Fargo can add another oops to the list - Wells is refunding "tens of millions” of dollars to customers for incorrect account charges. Read the [...]

Read More

Best Practices

UDAAP Best Practices for Vendor Risk Management

Jul 25, 2018

Ever since the creation of the Consumer Financial Protection Bureau (CFPB), Unfair Deceptive or Abusive Acts or Practices (UDAAP) has become a very hot issue in regulatory enforcement. Many have [...]

Read More

Best Practices

What Is Vendor Ongoing Monitoring?

Jul 24, 2018

Ongoing monitoring is one of the pillars of an effective vendor risk management process. All of the major regulatory guidance directs organizations to conduct ongoing monitoring on their vendors, [...]

Read More

Examination Preparation

Four Keys to Managing Third Party Risk

Jul 20, 2018
One of the biggest risks facing the U.S. financial system is third party risk , according to the OCC’s   Semiannual Risk Perspective for Spring 2018   released at the end of May. Banks also cite [...]
Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 16

Jul 20, 2018

In this week's third party risk related news, we've noticed that the need for a robust third party risk management program to combat cyber, financial, operational and reputational risks is still [...]

Read More

Examination Preparation

8 Items to Have Ready For An Examiner's Arrival

Jul 18, 2018

I'm often asked what sort of things a third party risk or compliance manager might be asked to have ready for an examination that's going to touch on third party risk management. Well, there's [...]

Read More

Examination Preparation

7 Elements to a Proper Internal Audit Program for Vendor Risk Management

Jul 17, 2018

Having an established internal audit program at an organization is a great way to identify and discover gaps or items that may have been missed before, such as a disconnect between your vendor [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 9

Jul 13, 2018

Check out this week's recommended vendor management related news articles. They include updates on PCI issues, more maneuverings at the CFPB, California and New York both weighing in on regulatory [...]

Read More

Best Practices

14 Key Components of an Effective Vendor Risk Management Program

Jul 11, 2018

I’m often asked to discuss what comprises an effective vendor management program. While there are numerous things to consider, below I've listed 14 of the most important elements.

Read More

Best Practices

What Is Vendor Risk Management?

Jul 10, 2018

Vendor risk management (or third party risk management) is defined as a set of activities associated with identifying the risk posed with outsourcing a product or service and then taking all [...]

Read More

Outsourcing

Outsourcing Overseas and Proper Vendor Oversight for a Non-Bank Lender

Jul 10, 2018

If you've elected to leverage the benefits of outsourcing a function to an overseas based partner, it’s important as a vendor manager to ensure that senior leadership is on-board with any [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of July 2

Jul 6, 2018

It seems that we can't go a week without mentioning another major NPPI breach, changes in enforcement actions or issues with regulatory compliance - and that's the case for the week of July 2 as [...]

Read More

Best Practices

3 Reasons to Keep Third Party Risk Management Independent at Your Organization

Jul 4, 2018

We've talked a bit about the classic three lines of defense approach to compliance and risk management. It's an important concept in which the series of walls protect your organization, starting [...]

Read More

Business Continuity / Disaster Recovery

Does Your Critical Vendor Have an Effective BCP Plan?

Jul 3, 2018

Business continuity planning allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined level of availability. [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 25

Jun 29, 2018

The need for vendor risk management best practices is at the forefront of the news this week - 60% of industry execs reporting they do not have a comprehensive vendor risk program in place. This [...]

Read More

Regulations

A Walk Through the OCC Vendor Lifecycle

Jun 27, 2018

The OCC’s guidance published in Bulletin 2013-29 set the gold standard for third party relationships. It takes a logical risk-based approach with the goal of protecting your institution from [...]

Read More

Regulations

Vendor Risk Management and the OCC

Jun 26, 2018

As vendor risk management, also known as third party risk management or just vendor management, has become more important, there has been more regulatory guidance from all the major regulators [...]

Read More

Regulations

Vendor Risk Management and the SEC

Jun 26, 2018

Vendor risk management, also known as vendor management and third party risk management, has become much more important in recent years. Regulators, such as the SEC, have released more and more [...]

Read More

Regulations

Vendor Risk Management and the CFPB

Jun 26, 2018

The Consumer Financial Protection Bureau (CFPB) has broad regulatory authority of the financial services industry and reminded everyone of the fact that they also could exercise direct supervisory [...]

Read More

Regulations

Vendor Risk Management and the NCUA

Jun 25, 2018

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators, the NCUA included. We’ve seen [...]

Read More

Regulations

Vendor Risk Management and The Fed

Jun 25, 2018

Vendor risk management or, more specifically, third party risk management has received a great deal of attention over the past decade by all of the major regulators. We have seen a groundswell of [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 18

Jun 22, 2018

Read about PayPal acquiring HyperWallet and Blackhawk, what CFOs have to say about their systems and hackers, vetting emerging mobile technologies and more.

Read More

Cybersecurity

Importance of Complementary User Entity Controls for Vendor Relationships

Jun 20, 2018

Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]

Read More

Due Diligence

How Do You Know If a Vendor Is FFIEC Examined?

Jun 19, 2018

The Federal Financial Institutions Examination Council (FFIEC) and the Consumer Financial Protection Bureau (CFPB) both have broad regulatory authority over third party service providers. In fact, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 11

Jun 15, 2018

An analysis and opinion of SEC guidance on cybersecurity, what fintech companies can learn from banks, Mulvaney asks BCFP to consider 20% spending reduction, plus more - read these stories and the [...]

Read More

Risk Assessment

10 Best Practices for Successful Vendor Risk Assessments

Jun 13, 2018

The vendor risk assessment is a very crucial step in the vendor vetting and ongoing monitoring due diligence phases. The assessment will give you a better understanding of the risk posed by each [...]

Read More

Best Practices

Framework of a Third Party Risk Management Program

Jun 12, 2018

Let’s discuss building out a third party risk management program, aka a vendor management or vendor risk management program from the ground up. You’ve joined an organization that lacks any sort of [...]

Read More

Best Practices

OCC Spring 2018 Semiannual Risk Report Affects Third Party Risk Management

Jun 11, 2018

The OCC recently released its semi-annual risk report for the spring of 2018. You can read the full report here.

For anyone who has been following the Office of the Comptroller of the Currency for [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of June 4

Jun 8, 2018

The vast majority of this week's vendor risk related news stories cover regulatory reform and regulatory change. Read below to see which of the regulators continue to move forward with reform and [...]

Read More

Outsourcing

5 Reasons Vendor Management Oversight Can Be Successfully Outsourced

Jun 6, 2018

Learn why vendor management oversight is now recognized as a unique discipline which you can successfully outsourced.

Read More

Outsourcing

3 Reasons to Outsource Your Third Party Risk Management

Jun 6, 2018
When you need assistance with third party risk management, it's a good idea to outsource to a reliable company. We've got 3 particular reasons why you should make the step to outsource. They are:
Read More

Best Practices

Best Practices and Benefits of Engaging the First Line of Vendor Risk Management Defense

Jun 6, 2018

Depending on where you sit within your organization, you may find yourself in 1 of 3 lines of business. In vendor risk management they are considered the 3 lines of defense.

Read More

Best Practices

Vendor Consolidation Doesn’t Limit Risk in Third Party Risk Management

Jun 5, 2018

Consumer data fulfillment services come in all shapes and sizes and include credit reporting firms, appraisal management companies and outsourced underwriting to name but a few. 

Read More

Regulations

Legal Insight: Colorado Enacts Groundbreaking Privacy and Cybersecurity Legislation

Jun 4, 2018
Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 28

Jun 1, 2018

I hope everyone had an enjoyable Memorial Day Weekend! We figured you were out enjoying warm weather with friends and family, barbecuing or taking a dip in the pool, so we put together some of the [...]

Read More

Best Practices

Why Should You Run Vendors Through OFAC?

May 30, 2018

As part of due diligence, you should always check certain foundational items to make sure that you're doing business with a legitimate third party. One often overlooked opportunity is to do an [...]

Read More

Regulations

Non-Bank Lending Is Changing But Vendor Management Principles Are Consistent

May 29, 2018

Fintech adoption will vary but the need to either staff a vendor risk management team with tech savvy expertise or engage the technical lines of business is important, as there is an increase in [...]

Read More

Best Practices

Defining Certain Third Parties as Out of Scope

May 29, 2018

You’ve heard time and time again about requests regarding your inventory of actively managed vendors. Pause and think for a moment about the concept “actively managed vendors” – that means there’s [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 21

May 25, 2018

This week in third party and vendor risk related news, we've seen a wide variety of topics. A major financial services company lied to regulators and falsified documents, the CFPB's future [...]

Read More

Best Practices

Ballard Spahr Attorney’s Perspective on Third Party Risk

May 23, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Regulations

Top Vendor Management Challenges and How to Overcome Them

May 23, 2018

Earlier this year, Venminder released our annual State of Third Party Risk Managementsurvey results. Venminder distributed the survey in mid-November and collected responses through early December [...]

Read More

Best Practices

Altaba Inc/Yahoo SEC Enforcement Action Reminds to Know Vendor Response Plan

May 22, 2018

A few weeks ago, on April 24, 2018, the Securities and Exchange Commission (SEC) fined Altaba, Inc., aka Yahoo, $35 million for a massive data breach that impacted around 50 million users in 2014

Read More

Best Practices

8 Vendor Risk Management Tips for Non-Bank Lenders

May 22, 2018

The CFPB is going to look a lot closer at a lender's vendor oversight program. Some great advice here – don’t try to blind them with how sophisticated you are. Let's go over some simple tips to [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 14

May 18, 2018

With GDPR implementation fast approaching, we've seen a spike in related stories. Read below for GDPR in one simple chart, 5 big GDPR impacts, a short 3 minute video on GDPR, along with articles [...]

Read More

Best Practices

3 vendor risk management items the examiner expects to see

May 16, 2018

One of the most difficult parts of third party risk management - or perhaps the most anxiety-laden – is the idea of being exam ready at all times. To do so, one needs to figure out what the [...]

Read More

SOC Reports

Vendor SOC Report Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Best Practices

Effective Vendor Management Policy & Program Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Due Diligence

Proper Vendor Due Diligence Requirements Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Due Diligence

Critical Vendor Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Risk Assessment

Vendor Risk Assessments Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Best Practices

Auditor's Perspective on Third Party Risk Management Q&A

May 15, 2018

During our recent three day Third Party Risk Management Bootcamp, we had a lot of GREAT questions come in. It was quite impossible to get to them all during the live sessions, so we have worked [...]

Read More

Best Practices

The Power of Outsourcing Vendor Risk Management

May 15, 2018

2017 was a year of change in the financial services industry. This includes the OCC proposed Fintech Charter and a changing of the guard within the rank and file of the Consumer Financial [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of May 7

May 11, 2018

Cybersecurity was a hot topic for vendor risk management news this week. A lot of our trusted news sources are writing about the state of cybersecurity in 2018. In addition to cybersecurity, below [...]

Read More

Best Practices

3 Reasons Why and How to Measure Vendor Performance

May 9, 2018

Managing your vendor’s performance is a key aspect of monitoring. After all the hard work that went into contract negotiations and due diligence checks to onboard a new vendor, it would make sense [...]

Read More

Best Practices

We’re a Credit Union - Why Worry About the OCC and FDIC?

May 8, 2018

I was at the NAFCU Conference and talked to quite a few risk managers during the time there. Nearly every one of them said they have had a major change of heart as to how closely they should be [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 30

May 4, 2018

We're already in the first week of May - this year has gone by rather quickly. In the first four months of 2018, we've shared the many changes in vendor risk management emerging in the news. BUT, [...]

Read More

Regulations

Data Breaches, State Notification Requirements and Third Parties

May 2, 2018

Data breaches are not a new phenomenon impacting consumers, but based on the increased frequency reported in the media, the volume of reported breach incidents is likely to increase. The risks of [...]

Read More

Regulations

GDPR and Vendor Risk Management

May 1, 2018

The General Data Protection Regulation, or GDPR as it is widely referred as, is taking the compliance world by storm. And not in a good way. The law itself is voluminous with 11 Chapters and 99 [...]

Read More

Best Practices

Third Party Risk in the Eyes of MBA President and CEO David Stevens, CMB

Apr 30, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 23

Apr 27, 2018

The week of April 23 has been a big one for vendor risk related news. Headlines include: CFPB changed their name and confirms consumer complaints are going private, Wells Fargo was slapped with a [...]

Read More

Regulations

Fourth Party Oversight and How to Organize the Effort

Apr 25, 2018

Institutions have a lot to consider when assessing third party risk, but if vendor risk management hasn’t followed the process of understanding the inner workings of their third party vendors, [...]

Read More

Best Practices

Why The Board Needs to be Directly Aware of Cybersecurity Matters

Apr 25, 2018

Hardly a week goes by that we don’t learn of some new major breach, incident or some emerging cybersecurity threat. Think Swift attacks, Equifax or Yahoo. It seems no one is immune from [...]

Read More

Regulations

GDPR: Understanding the Impact on Third Party Risk - Part 2

Apr 24, 2018

Last week we released important information about understanding the impact GDPR has on third party risk. I have even more to tell. In this part 2 we’ll look a little deeper into chapters 2-4 and, [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 16

Apr 20, 2018

Have you heard - the CFPB could start hiding consumer complaints, Mortgage Bankers Association says cyber crimes are getting nastier and nastier (and they have examples to prove it!) and even the  [...]

Read More

Best Practices

Why Third Party Risk Discussions Belong at Sr Management & Board Meetings

Apr 18, 2018

I know it seems like third party risk management is getting more attention than it needs. I say that having been involved with various facets of vendor management for much of my 28 years in [...]

Read More

Regulations

GDPR: Understanding the Impact on Third Party Risk - Part 1

Apr 17, 2018

A simple Google search on GDPR requirements and GDPR checklists will result in lots of information and free resources. The sheer amount of information available is dizzying to say the least and [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of April 9

Apr 13, 2018

This week's third party risk related news stories cover a variety of topics - bank regulatory actions are at a historic low, Congress back in session and perhaps ready to look at regulatory [...]

Read More

Best Practices

Stay Informed: An Important Vendor Risk Best Practice

Apr 11, 2018

Whether you know it or not, you need to be a news-hound in third party risk management. This helps you stay informed and educated. 

Read More

Regulations

 7 Practical Steps to Tackle GDPR Compliance Via Vendor Management

Apr 10, 2018

The EU (European Union) General Data Protection Regulation (GDPR) is considered timely in the sense that all e-commerce is officially in the sights of cyber criminals. Not a day goes by without a [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of April 2

Apr 9, 2018

Check out the latest stories in the world of third party risk for the past week - an update on regulatory relief, the compliance costs that are hurting rather than helping consumers, whether or [...]

Read More

Best Practices

5 Ways to Spring Clean Your Third Party Risk Management Program

Apr 4, 2018

Like many others, you may find the introduction of spring to be a great time to do some spring cleaning. While you’re dusting off the shelves and clearing the clutter it may not hurt to [...]

Read More

Regulations

Fintech, State Regulators and The OCC Fintech Charter

Apr 3, 2018

The term fintech is a broad definition, and I’ve heard that some firms offering software to process a data point for a financial institution, also define themselves as "fintech". In some of these [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Mar 26

Mar 30, 2018

Read below for the FFIEC's opinion on exam modernization, the CFPB teaming up with the FTC,  possible regulatory relief for community banks, fintech companies in Arizona, the FDIC announces [...]

Read More

Risk Assessment

Inherent Risk vs Residual Vendor Risk

Mar 28, 2018

A risk assessment should not include just the inherent risk or residual risk with the vendor. In order to complete a robust assessment, both inherent risk and residual risk levels should be [...]

Read More

Regulations

Facebook, General Data Security Protection (GDPR) and the Case for Stronger Data Protection

Mar 27, 2018

Cambridge Analytica data mined over 50 million subscribed Facebook user's private information. As more details emerge over the questionable activities performed, the fall out continues. 

While we [...]

Read More

Best Practices

Third Party Risk Management - How Does the Vendor Perceive It?

Mar 26, 2018

As part of our Venminder Thought Leadership interview series where we speak to experts in-housing finance and vendor service providers, we recently had the opportunity to sit down with Suresh [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Mar 19

Mar 23, 2018

Read about the latest Wells Fargo enforcement action, what a less aggressive CFPB could mean for Fintech companies, the major third party implications on illegal debt collection, what Regtech is [...]

Read More

Risk Assessment

Critical vs High Risk Vendors – What's the Difference?

Mar 21, 2018

From a best practices perspective, did you know there is a distinct difference between a critical vendor and high risk vendor? It’s common to see these two vendor types grouped as one, however [...]

Read More

Regulations

Momentum Behind Third Party Risk Oversight & Fintech

Mar 20, 2018

There is a good chance that you are reading this article on a tablet or smart phone. Perhaps, you're reading it even while traveling or waiting for your next meeting.

The fact is that we live, [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Mar 12

Mar 16, 2018

While there is not as many shocking news stories this week, there are, however, some interesting bits of news on data breaches, threats to the banking system, perspective from the new OCC head and [...]

Read More

Cybersecurity

4 Important Areas of Vendor Cybersecurity to Understand

Mar 14, 2018

We know your organization is more than likely investing in their cybersecurity program to take precautions and prevent unnecessary breaches, but are your third and fourth party vendors?

It’s [...]

Read More

Regulations

Beneficial Ownership & Panama Papers Link to Third Party Risk

Mar 13, 2018

The heading of this piece may sound like it was ripped from the pages of the latest James Bond adventure. But with recent data breaches, shell companies, pending new regulations on data privacy [...]

Read More

Best Practices

A Former Regulator’s Perspective on Third Party Risk Management

Mar 12, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Mar 5

Mar 9, 2018
This has been a week with a lot of enforcement action updates. And, overall, some of the most intriguing articles in third party risk from the week are:
  • Wells Fargo is in trouble again
  • SEC hits [...]
Read More

Due Diligence

3 Phases of the Vendor Lifecycle

Mar 7, 2018

Often times I find many people consider the lifecycle of a vendor to begin once the contract is in place and it to end once it’s terminated. Frankly, this is anything but the case. Many more steps [...]

Read More

Regulations

GDPR and The Third Party Risk Management Implications

Mar 6, 2018

Effective May 25, 2018, the General Data Privacy Regulation (GDPR), a European Union (EU) regulation which formally became law in 2016, will bolster data privacy rights for European citizens.

The [...]

Read More

Regulations

Legal Insight: SEC Continues to List Cybersecurity Among OCIE Examination Priorities

Mar 5, 2018

The SEC Office of Compliance Inspections and Examinations (OCIE) has announced its 2018 examination priorities. Unsurprisingly, cybersecurity remains among the key priorities. OCIE has included [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Feb 26

Mar 2, 2018

A lot went on in the world of third party risk management this week - some of the top news stories include:

  • Regulators are cracking down on Fintech and brokerage companies
  • SEC weighs in on [...]
Read More

Risk Assessment

The Troublesome Extra A in UDAAP

Feb 28, 2018

Unfair, Deceptive or Abusive Acts or Practices (UDAAP) is an area of intense focus by regulators at the moment. Since the creation of the Consumer Financial Protection Bureau (CFPB), there has [...]

Read More

Best Practices

First 10 Things a New Vendor Manager at XYZ Mortgage Lender Is To Do

Feb 27, 2018

If you're a new vendor manager, there's a transition period before you're comfortable in your role. We all must start somewhere. So, we've put together a top 10 list of things to do if you're [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Feb 19

Feb 23, 2018

This week in third party risk news, articles cover topics like:

  • Updates with the CFPB
  • Security and fraud cyber attacks cost the U.S. economy how much? The number is astounding!
  • Efforts the U.S. [...]
Read More

Due Diligence

Take Credit for Vendor Management Successes

Feb 21, 2018

One of my most exciting lessons in the world of compliance was that we could actually take credit for doing the job well or for investing in education.

Compliance and third party risk management [...]

Read More

Due Diligence

6 Things to Watch Out for With Your Mortgage Company’s Vendor Management Software

Feb 20, 2018

We’ve covered the benefits of using a software solution for your vendor management processes. Now, let’s talk about what to look out for and consider when selecting your software at your mortgage [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Feb 12

Feb 16, 2018

This week in third party risk management news:

  • Want to voice your opinion on CFPB regulation through enforcement action? Now you can - they're seeking input from the public.
  • Legal analysis of the [...]
Read More

Outsourcing

14 Ways Vendor Management Software and Services Help

Feb 14, 2018

Vendor management and its requirements have grown significantly over the past several years. There is now increased attention to subservice providers (fourth parties) and expectations around [...]

Read More

Best Practices

Managing Vendor Relationships - The good, bad and the ugly

Feb 13, 2018

If we had to summarize vendor management and boil it down from the many descriptions available, we'd use one word: Relationship.

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Feb 5

Feb 9, 2018

What's new in third party risk management this week? Read below to find out the progression of the OCC's proposed Fintech charter, what Mulvaney is doing regarding the CFPB, a possible OCC and [...]

Read More

Risk Assessment

Perspective: The Most Difficult Part of Third Party Risk

Feb 7, 2018

I was asked at a speaking engagement what I felt was the most difficult part of third party risk management. My answer, quite cumbrous, was “all of it”.

Read More

Due Diligence

Mortgage Subservicer Vendor Oversight Best Practices

Feb 6, 2018

Mortgage subservicers offer a unique challenge to third party risk management. Unlike many fulfilment services engaged in the origination process, a subservicer interacts with the consumer for [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 29

Feb 2, 2018

The week of Jan 29 saw some really amazing headlines. The CFPB seeks public input on its processes and enforcement actions, new debt collection rules with third party implications and now they [...]

Read More

Cybersecurity

Vendor Management Takes a Village or At Least a Team

Jan 31, 2018

I will admit I was surprised to learn that even the largest companies may have third party risk sitting on the corner of ONE person’s desk. Worse yet, it is often times just ONE FACET of a busy [...]

Read More

Best Practices

Top 10 Vendor Management Terms That Every Team Should Know

Jan 30, 2018

So, you’ve mastered the terms Business Continuity Planning (BCP) and Disaster Recovery (DR) and have a good understanding of what is needed to manage a sound vendor management program. 

Below is a [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 22

Jan 26, 2018

This week brings all sorts of BIG news from CFPB, OCC and the Federal Reserve affecting third party risk. The new director for the CFPB unleashes some significant changes in process and the OCC [...]

Read More

Best Practices

5 Tricks to Stay Organized In Third Party Risk Management

Jan 24, 2018

One of the things I pride myself on is being highly organized (is it a problem if my socks are arranged alphabetically by color?). In the ever-hectic world of a third party risk manager, you’re [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 15

Jan 19, 2018

Read below for the most important news articles in third party risk for the week of January 15, 2018. There’s lots of articles this week on the challenges in financial institutions – whether it’s [...]

Read More

Best Practices

Board Third Party Risk Management Reporting Essentials

Jan 17, 2018

Regulatory guidance is clear – you must keep your senior management team and the board informed on developments in the third party risk management program, particularly on activities related to [...]

Read More

Outsourcing

How to Raise the Vendor Management Bar

Jan 16, 2018

Vendor management maturity levels vary across the company spectrum. As part of our many in-depth consultations with clients and prospects alike, we find that the staffing, expertise and even the [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 8

Jan 12, 2018

This week in the world of third party risk management, several resources take a stab at 2018 predictions and we again hear about the importance and increased role of of cybersecurity. The concept [...]

Read More

Best Practices

Are You Testing Your Vendor Management Program?

Jan 10, 2018

We all know the importance of getting regular checkups on our health. It’s a great way to proactively address any potential problems before they become a crisis. Well, third party risk management [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 1

Jan 5, 2018

New year, new vendor management news. If this week’s news is any indication, we’re in for a wild and wacky year! 

We’ve got lots more CFPB news (the current head of NCUA may be named as the [...]

Read More

Best Practices

10 Vendor Management New Year’s Resolutions for 2018

Jan 3, 2018

Exercise more, lose a few pounds, adopt a new hobby and spend more time with family and friends are all common New Years Resolutions.

Instead of losing weight for 2018, we've decided to focus on [...]

Read More

Best Practices

Vendor Management 10 Years in the Making

Jan 2, 2018

The maturing landscape of vendor management has been ten years in the making. Take a look at how the third party risk management thought process has changed from 2007 to 2017.

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Dec 25

Dec 29, 2017

It's the last week of the year and the vendor management news hasn't stopped. This week's headlines reflect back on 2017 and outline priorities for 2018. Not surprisingly, enforcement actions, [...]

Read More

Risk Assessment

9 Regulatory Risk Types Involved in a Vendor Risk Assessment

Dec 27, 2017

Writing a risk assessment document for the first time or the thousandth time can be a daunting task. People often struggle with how much there is to consider.

So, let’s narrow the focus and go [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Dec 18

Dec 22, 2017

Top stories in vendor management related news for the week of December 18, 2017 include:

  • New York cracks down on data issues following Equifax
  • CFPB is stopping its exams while they figure out how [...]
Read More

Due Diligence

How to Know If Your Vendor Is Naughty or Nice

Dec 20, 2017

He’s making a list, he’s checking it twice, is your vendor naughty or nice? The regulators are comin’ to town… 

Read More

Due Diligence

The Need for Proper Oversight of Closing Agent Vendors

Dec 19, 2017

When reviewing your vendor list at your mortgage company, do you pay close attention to your closing agent vendors? If not, you need to ensure you’re doing proper oversight going forward.

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Dec 11

Dec 15, 2017

We've collected vendor management news articles from the past week starting with December 11, 2017. A few top ones are:

  • 3 things to consider in vendor risk management
  • An update on the battle over [...]
Read More

Outsourcing

11 Advantages of a Vendor Management Software

Dec 13, 2017

Vendor management and its requirements have grown significantly over the past several years. There is now increased attention to subservice providers (fourth parties) and expectations around [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Dec 4

Dec 8, 2017

This week in the world of vendor management was all about the changes in the regulators’ leadership and the ongoing power struggle at the CFPB, with a side order of data breach and proposed [...]

Read More

Examination Preparation

6 Reasons to Follow Up on Vendor Management Exam Items

Dec 6, 2017

At the conclusion of any examination or audit, there are always some open items. No one truly enjoys having a detailed re-hashing of areas of concern, but it’s an important conversation to have.

[...]

Read More

Due Diligence

The Relationship Between Vendor Oversight and Complaint Management

Dec 5, 2017

Complaint management plays a vital part in delivering a great customer service experience. But when it comes to vendor oversight, the initial complaint issue can have a lasting perception of the [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Nov 27

Dec 1, 2017

This week’s vendor management news is dominated by the change in the leadership at the CFPB, UDAAP action and a new head at the OCC. Check out more of the important third party risk related news [...]

Read More

Contract Management

Consider These 5 Items When Entering Into a Vendor Contract

Nov 29, 2017

I’m often asked about termination clauses in contracts. Unfortunately, if you’re in the middle of an existing contract and decide you “want out”, your options may be limited, depending on how much [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Nov 20

Nov 24, 2017

Third party risk news for the fourth week of November brought us some interesting headlines - here's what to expect in this week's Staying On Top of Vendor Management News:

  • If you haven't heard [...]
Read More

Best Practices

15 Reasons To Be Thankful for Good Vendor Management

Nov 22, 2017

We’re thankful for our company, our customers and our ever-growing set of products and services. As we pause to spend Thanksgiving time with our families and friends, we thought it would be a good [...]

Read More

Risk Assessment

Varying Levels of Expertise in Vendor Oversight

Nov 21, 2017

If an organization isn’t truly onboard with vendor management, they allocate team members that lack vendor management experience. Unfortunately, this is not surprising. So, there are a variety of [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Nov 13

Nov 17, 2017

Some weeks there’s lots of news; some weeks there’s big news – this week, there’s simply lots and lots of big news.

Let’s look at some of the massive headlines:

  • The CFPB director is stepping [...]
Read More

Examination Preparation

What Will Examiners Ask Related to Vendor Risk Management?

Nov 15, 2017

A common question we hear is “How do we know what the examiners will ask related to vendor risk management?” It’s one that does not lend itself to an exact and easy answer. However, there are many [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Nov 6

Nov 10, 2017

This week once again reminds us that keeping up with third party risk management news is a very important best practice. Here are some of the top stories:

  • An exerpt from Chairman Hensarling's [...]
Read More

Cybersecurity

10 Vendor Cybersecurity Tips

Nov 8, 2017

As part of your vendor due diligence, you should be spending time on cybersecurity. To help you out, I've got 10 tips

Read More

Due Diligence

10 Best Practices for Lead Generation Vendor Oversight

Nov 7, 2017

Many states require lead generators to hold a mortgage broker license in some shape or form on the NMLS (Nationwide Multistate Licensing System/Nationwide Mortgage Licensing System and Registry). [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 30

Nov 3, 2017

In light of Halloween, we've got some spooky third party risk management news to share with you this week.

  • Back from the dead - first national bank charter approved since the financial crisis
  • [...]
Read More

Best Practices

Avoid These 7 Vendor Management Nightmares

Nov 1, 2017

Vendor management doesn't always go smoothly and sometimes can get quite frightening. So, in the spirit of Halloween, I have 7 vendor management nightmares to share with you. Ensure you take the [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 23

Oct 27, 2017

Fortunately, there hasn't been anything too crazy happening in the world of third party risk this past week. There are still some good articles to read though to keep you updated! Check them out [...]

Read More

Due Diligence

3 Ways to Use Law Firms to Help With Third Party Risk Management

Oct 25, 2017

"The first thing we do, let's kill all the lawyers" is a well known quote from Shakespeare’s Henry VI Part 2.  I was an English major, so I read a lot of Shakespeare and I don’t particularly agree [...]

Read More

Outsourcing

How Vendor Management Software Helps Your Mortgage Company

Oct 24, 2017

Software, that is not only well-designed but created by experienced vendor risk management professionals, will help you streamline your operation. 

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 16

Oct 20, 2017

Third party risk news for the week of October 16 that you need to know:

  • Oversight on FinTech companies is tightening up
  • Are you a smaller bank? You might be experiencing higher regulatory costs [...]
Read More

Regulations

OCC Released 2018 exam priorities: NR 2017-113

Oct 18, 2017

On September 28, 2017, the Office of the Comptroller of the Currency (OCC) released BankFiscal Year 2018 Bank Supervision Operating Plan, aka, NR 2017-113. Thanks for the acronym fun… but what [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 9

Oct 13, 2017

Learn what's new in vendor risk management from the week of October 9 - there have been some real eye openers. We've put together a list of resources that cover a variety of important topics, [...]

Read More

Cybersecurity

Include Vendor Cybersecurity into Your Cybersecurity Plans

Oct 11, 2017

October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.

Read More

Examination Preparation

Prove It or Lose It! Update Your Vendor Management Policies and Procedures

Oct 10, 2017

If like me, you have had the opportunity to be examined by a regulator and survived, you’ll recognize the need to supply a copy of your vendor management policy and procedure documentation. The [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 2

Oct 6, 2017

Learn what's new in vendor risk management from the week of October 2. We've put together a list of resources to check out. 

It’s been an interesting week  topics include:

  • OCC dangles idea of [...]
Read More

Due Diligence

Who Is a Critical Vendor?

Oct 4, 2017

Your third parties should be ranked as Critical or Non-Critical for business disruption and ranked High, Medium or Low on all regulatory items.

Read More

Best Practices

Staying on Top of Vendor Management News: Week of Sept 25

Sep 29, 2017

This week in third party risk news, we are reminded of the importance of proper due diligence, reputation risk, examination preparedness and more vendor management best practices. Read the [...]

Read More

Due Diligence

What Are Vendor Due Diligence Reviews?

Sep 27, 2017

A fundamental question people often wrestle with is, “what constitutes appropriate vendor due diligence?” Or, “what are vendor due diligence reviews”?

Read More

Best Practices

There's Still Time to Achieve Your 2017 Vendor Management Goals

Sep 26, 2017

If the thought of planning in January for your 2017 vendor management goals feels like a distant memory, you’re probably not on your own. Like any news year's resolution, the initial goal is new [...]

Read More

Best Practices

Staying on Top of Vendor Management News: Week of Sept 18

Sep 22, 2017

Headlines in third party risk from this past week, the week of September 18, covered a variety of mishaps from which we can all learn. Read the articles below for how you can avoid issues with [...]

Read More

Due Diligence

It's Apple Pay Contract Renewal Time - Important Considerations

Sep 20, 2017

As you may have seen this week in the news, the first of the Apple Pay contracts are up for renewal; if you haven’t seen it, here’s a handy link to the article

Read More

Best Practices

Staying on Top of Vendor Management News: Week of Sept 11

Sep 15, 2017

Keeping up with the latest news in third party risk is important for your vendor management program. This past week - week of September 11 - has been especially eventful. Make sure to check out [...]

Read More

Due Diligence

Why Do Vendors Incorporate in Delaware?

Sep 13, 2017

If you’ve done much due diligence work, you’ve certainly noticed that many vendors incorporate here in Delaware (well, technically, I live in southeastern Pennsylvania but have worked for most of [...]

Read More

Best Practices

Mortgage Companies: Know Your Vendor's Leadership - It Affects Culture and Compliance

Sep 12, 2017

If you're an established financial institution, you're probably using third party vendors to fulfill several functions to gain efficiencies and market advantages. After the contract has been [...]

Read More

Cybersecurity

Equifax Breach Proves Importance of Cybersecurity & Vendor Oversight

Sep 8, 2017

On September 7th at around 4 pm, reports came out in the media that one of the three national credit reporting agencies – Equifax – had disclosed a large data breach. Estimates so far is that it [...]

Read More

Best Practices

Staying on Top of Vendor Management News: Week of Sept 4

Sep 8, 2017

Keep up with the latest news in third party risk. We've put together a list of resources for the week of September 4 to help keep you updated.  

Read More

Best Practices

Third Party Risk Management Advice: What I Would Share with 20 Year Younger Me

Sep 6, 2017

I’ve seen on Facebook and Twitter those amusing things where you list what you wish you could tell yourself 20 years ago, i.e., sharing the benefit of experience with a less experienced YOU. 

[...]

Read More

Best Practices

Review Vendor Management News

Aug 30, 2017

If you’re like me, you receive dozens of emails – perhaps hundreds of tweets – from various news feeds. It’s easy to lose track of them all but it's important to at least glance through them. 

Read More

Outsourcing

3 Reasons Your Mortgage Co Should Replace Excel with Vendor Management Software

Aug 29, 2017

Vendor Management has become an art, a science and has metamorphized into a discipline which addresses multiple aspects covering reputation, credit, operational and financial risk.  

You really do [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Aug 21

Aug 25, 2017

Here's a list of important vendor risk management articles from this week - week of August 21, 2017.

Read More

Best Practices

An Ounce of Third Party Risk Management Prevention

Aug 23, 2017

There is an old saying that goes, “an ounce of prevention is worth a pound of cure” Meaning the cheapest way to fix a problem is often to simply prevent it from occurring. Perhaps there is no [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Aug 14

Aug 18, 2017

What's new in vendor risk management for the week of August 14, 2017? We've put together a list of resources to check out.

Read More

Risk Assessment

Different Perspectives of Third Party Risk Management

Aug 16, 2017

The optimist sees the glass as half full; the pessimist sees the glass as half empty; the engineer sees a waste of too much glass; the compliance officer sees it as potential shattering and [...]

Read More

Cybersecurity

The Convergence of Third Party Oversight and Cybersecurity

Aug 15, 2017

We recently had an opportunity to discuss the state of vendor oversight with a former FDIC examiner. During our meeting, we discussed the importance of third party oversight and the convergence of [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Aug 7

Aug 11, 2017

You're aware of the importance of staying up to date with industry news. Learn what's new in vendor risk management for the week of August 7, 2017. We've put together a list of resources to check [...]

Read More

Business Continuity / Disaster Recovery

Balance In Third Party Risk Management

Aug 9, 2017

When I’m not at work, you’ll most likely find me on my bicycle. Some might argue that I am cyclelogically obsessed with bicycling (see what I did there?). One sure thing every cyclist knows is [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of July 31

Aug 4, 2017
Want to know what went on for the week of July 31 in third party risk? From regulatory compliance to which financial institutions are making the vendor management headlines, we've got you covered.
Read More

SOC Reports

6 Things to Do with a Vendor SOC Report Once You Have it

Aug 2, 2017

You're required to collect SOC Reports on your vendors. So, once you've determined which SOC report you need, make the request and receive it back...what's the next step? We'll explain now. 

Read More

Risk Assessment

Pros and Cons of Vendor Concentration Risk

Aug 1, 2017

Vendor Concentration Risk is the risk which may occur when an institution relies too heavily on one vendor to perform several, if not all, critical/high risk functions for their operation. Vendor [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of July 24

Jul 28, 2017

You know how important it is to stay updated with regulatory news. Learn what's new in vendor risk management from the week of July 24. We've put together a list of resources to check out. 

Read More

Due Diligence

Three Qs You Must Ask to Find Out if a Vendor is Critical

Jul 26, 2017

You need to know the business impact risk of your vendors. Once you know that, you can figure out how they play into your financial institution’s business continuity plan. A way to start is to [...]

Read More

Best Practices

NAFCU Risk Management Seminar: Networking, Third Parties and More

Jul 24, 2017

This week, we’re at the NAFCU Risk Conference in beautiful Denver, Colorado. For me, attending conferences, whether as a presenter or as an interested participant, is always exciting.

Read More

Best Practices

Staying On Top of Vendor Management News: Week of July 17

Jul 21, 2017

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

[...]

Read More

Examination Preparation

5 Things to Do to Be Proactive In Vendor Management

Jul 19, 2017

If you had an examination starting tomorrow, would you be ready? If one of your critical third parties announced it was ceasing business, would you be prepared? If there’s a big data breach at one [...]

Read More

Due Diligence

Wire Fraud Risk and Closing Agent Oversight

Jul 18, 2017

There are several wire fraud schemes currently in circulation which will have an immediate impact on the housing industry, financial institutions and the end consumer.

  • We’ll look at the top 3 [...]
Read More

Best Practices

4 Steps to Take When Vendor Management Guidance Lags Behind Tech

Jul 12, 2017

The creation and issuance of vendor management regulatory guidance takes quite a while – the process from start to finish can take months or even years. Meanwhile, the evolution of mobile [...]

Read More

Best Practices

The Importance of Vendor Management Department Independence

Jul 5, 2017

Vendor management should have its own department or group inside your financial institution. A best practice, perhaps even a fundamental expectation, is that third party risk management should be [...]

Read More

Regulations

CFPB Consumer Complaint Database: Performance & Customer Service

Jul 4, 2017

The mortgage industry has a curious relationship with the CFPB. While there are a few bad actors who fall foul of the CFPB enforcement actions...as an industry, we are striving to make mortgage [...]

Read More

Best Practices

Staying on Top of Vendor Management News: Week of June 26

Jun 30, 2017

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

Read More

Contract Management

The Basics of Service Level Agreements For Vendor Contracts

Jun 28, 2017

As a professional in third party risk management, you probably hear the term service level agreement or SLA for short. Make sure you understand what they are. To help, we'll go through a few basic [...]

Read More

Best Practices

Staying on Top of Vendor Management News: Week of June 19

Jun 23, 2017

As we’ve mentioned before, one of the challenging issues in third party risk management is staying up-to-date on news and changes occurring in the financial services regulatory world. It’s [...]

Read More

Regulations

Legal Insight: CFPB Announces Consent Order for Mortgage Servicing Violations

Jun 22, 2017

The CFPB recently announced that it has entered into a consent order with Fay Servicing, LLC (“Fay”) to settle alleged mortgage servicing violations.  A copy of the consent order can be found here

Read More

Examination Preparation

15 Tasks for When A Vendor Management Examiner Comes to Town

Jun 21, 2017

The examiner is coming, the examiner is coming!

DON'T PANIC! Seriously, there’s no need if you’re running a well-managed program. Let’s go through some of the key things you’ll want to do to plan [...]

Read More

Regulations

Legal Insight: Kerfuffle on statute of limitations issue in PHH case

Jun 21, 2017

On June 7, the CFPB submitted a Rule 28(j) letter to the D.C. Circuit in the PHH case. In the letter, the CFPB embraced the fact that the Supreme Court’s recent Kokesh v. SEC decision makes the [...]

Read More

Due Diligence

Vendor Alignment Strategies: How Making Right Choices Impact Vendor Oversight Scope

Jun 20, 2017

The responsibility given to a vendor management department may vary across institutions. In some instances, the vendor management team may even have a voice when it comes to vendor selection and [...]

Read More

Regulations

Legal Insight: Treasury report on U.S. financial system recommends significant CFPB reforms

Jun 16, 2017

The report issued earlier this week by the U.S. Treasury Department to President Trump in response to his February 2017 Executive Order 13772, “A Financial System That CreatesEconomic [...]

Read More

Regulations

Legal Insight: ABA identifies various industry concerns in fair lending white paper submitted to Treasury Secretary

Jun 15, 2017

We previously reported on the Executive Order 13772 titled “Core Principles for Regulating the United States Financial System,” which is a high-level policy statement consisting of a series of [...]

Read More

Best Practices

Vendor Ongoing Monitoring Often Overlooked

Jun 14, 2017

Vendor ongoing monitoring is required by all of the major regulators as a fundamental practice in third party risk management. So, why is it often overlooked? What happens if you fail to monitor [...]

Read More

Regulations

5 Key Takeaways from OCC Bulletin 2017-21

Jun 13, 2017

Extra extra! Read all about it! Last week, the Office of the Comptroller of the Currency issued Bulletin 2017-21 –Frequently Asked Questions to Supplement OCC Bulletin 2013-29.

We thought it might [...]

Read More

Regulations

Legal Insight: New OCC FAQs on third-party relationships highlight bank arrangements with fintech companies & marketplace lenders

Jun 12, 2017

The Office of the Comptroller of the Currency has issued a new bulletin (2017-21) containing fourteen frequently asked questions to supplement OCC Bulletin 2013-29 entitled “Third-Party [...]

Read More

Regulations

Legal Insight: FI Agencies Provide Guidance During Appraiser Shortage

Jun 9, 2017

The federal banking agencies together with the National Credit Union Administration (the “Agencies”) issued an Interagency Advisory on the Availability of Appraisers that is intended to help [...]

Read More

Reporting

What to Include In a Third Party Risk Board Report Package

Jun 7, 2017

In the past, we covered that the board needs to be involved in your vendor management program and how to figure out if they're involved enough. We also covered important points on what vendor [...]

Read More

Regulations

Raising the Bar In Third Party Risk : CFPB Formally Enters Technology Vendor Oversight

Jun 6, 2017

In the CFPB May release (Issue 15), the Consumer Financial Protection Bureau referenced updated guidance on third party oversight initiatives. We'll go through what it says, what it means and next [...]

Read More

Best Practices

3 Areas to Watch If Your Vendor Is Acquiring Another Vendor

May 31, 2017

Today, companies merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to [...]

Read More

Risk Assessment

Third Party Issues Hidden In Plain Sight

May 31, 2017

In the story, “The Purloined Letter” by Edgar Allan Poe, one of the key themes was thatthe most obvious things are often hidden in plain sight – we just manage not to see them. The same is true of

Read More

Best Practices

What To Do If Your Software Vendor Gets Acquired

May 30, 2017

You did your due diligence on your vendor, you're going about your day to day duties, and suddenly you're notified that your software vendor is being acquired by another. Today, companies merge [...]

Read More

Best Practices

Third Party Risk Q&A: Auditor's Perspective and Best Practices

May 29, 2017

During our recent three day Vendor Management Bootcamp we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live sessions, so we have worked with the [...]

Read More

Best Practices

Third Party Risk Q&A: Risk Assessments

May 29, 2017

During our recent three day  Vendor Management Bootcamp, we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live sessions, so we have worked with the [...]

Read More

Best Practices

Third Party Risk Q&A: Critical Vendors and More

May 29, 2017

During our recent three day Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Third Party Risk Q&A: Vendor Due Diligence

May 29, 2017

During our recent three day Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Q&A: Third Party Risk Policy/Program and Financials

May 29, 2017

During our recent three day  Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Best Practices

Third Party Risk Q&A: Vendor SOC Report Types and More

May 29, 2017

During our recent three day Vendor Management Bootcamp (click here to watch on-demand), we had a lot of GREAT questions come in. It was simply impossible to get to them all during the live [...]

Read More

Due Diligence

Alternatives in Third Party Risk Management

May 24, 2017

As you may already know, I’m a cyclist. So, typically, I log a few miles every morning before work, amuse the neighbors by posting pictures of my ride on Facebook and generally enjoy rolling along [...]

Read More

Regulations

What Mortgage Lenders Need to Know About Fannie Mae Day 1 Certainty for Vendor Management

May 23, 2017

Earlier this year, Fannie Mae released their long-awaited Day 1 Certainty program. For the mortgage lender,this represented a glimmer of hope to be released from certain future reps and warranty [...]

Read More

Cybersecurity

Legal Insight: DocuSign Breach a Strong Reminder to Manage Third-Party Service Provider Risks

May 22, 2017

DocuSign has confirmed that a data breach resulted in widespread malware phishing attacks targeting email addresses of more than 100 million of its customers. Companies that utilize DocuSign as a [...]

Read More

Cybersecurity

Legal Insight: White House Issues New Cybersecurity Executive Order

May 18, 2017

If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through [...]

Read More

Best Practices

It's Dangerous to Cut Vendor Management Corners

May 17, 2017

It can be tempting to cut corners when handling third party risk management at your institution. 

When I was a few years younger, I used to love to race in criterium style races… for those of you [...]

Read More

Risk Assessment

Criticality and Risk Rating Vendors

May 9, 2017

A vendor's criticality and risk rating are two different things, but they often get used interchangeably. We'll clarify them more for you to better understand.

Read More

SOC Reports

SSAE 18 Now In Effect

May 3, 2017

With it being the first week of May, there's an important reminder to point out to the financial industry regarding SOC reports for vendor management. As of Mon, May 1, SSAE 18 is now in effect.

Read More

Regulations

How to Learn From a Vendor Management Enforcement Action

Apr 26, 2017

Enforcement action – for anyone involved in risk management, that term can give you an upset stomach. Why? An enforcement action typically means large problems and potentially hefty fines. They [...]

Read More

Due Diligence

Appraisal Management Company Vendor Oversight

Apr 25, 2017

The Appraisal Management Company (AMC) is a vendor which plays a vital role in the loan origination process. Regardless if your organization is a bank, non-bank, credit union or other type of [...]

Read More

Risk Assessment

Why Must I Risk Rate EVERY Vendor?

Apr 19, 2017

There's a question I get asked often - "Why must I risk rate EVERY one of my vendors?" Many times at conferences and in follow up to webinars, this is a popular question, because I think it drives [...]

Read More

Regulations

UDAAP Enforcement Actions

Apr 12, 2017

One of the real regulatory hot buttons over the past few years is around UDAAP – Unfair, Deceptive, or Abusive Acts, or Practices. There have been numerous UDAAP violations with some pretty [...]

Read More

Regulations

CFPB Has Expanded Its Vendor Management Reach

Apr 11, 2017

CFPB exams for the non-bank lender have matured in recent years. The scope of the examination process has expanded to include a much more thorough review of vendor oversight.

Read More

Regulations

The OCC Isn’t My Regulator - BUT They Still Matter to You

Apr 5, 2017

The OCC came out with new guidance on January 24, 2017 - they published the supplemental examination guide for third party risk management, titled OCC Bulletin 2017-7. So, if you’re at a credit [...]

Read More

Best Practices

How mature is your vendor management program?

Mar 29, 2017

A topic we hear a lot at industry conferences and webinars is the maturity of your vendor management program. What exactly does this mean? Let's go through that now...

Read More

Due Diligence

Vendor Oversight Practices For Post Closing Quality Control Audit Vendors

Mar 28, 2017

Quality control audit firms play an important role in the review function of loan files. This requirement is performed at the pre-funding and post funding stage of the loan origination process. [...]

Read More

Examination Preparation

UDAAP Violations Show Vendor Management Programs Still Need Work

Mar 22, 2017

If you don’t read anything else this week on vendor management, read this! Recent studies by Protiviti and Crowe Horwath show that vendor risk management maturity has improved significantly, but [...]

Read More

Due Diligence

Your vendor just got acquired so now what?

Mar 15, 2017

On March 13, 2017, as the East Coast of the US was awaiting the latest snowpocalypse or snowmageddon, really big news broke related to vendor management – D+H was acquired and will be merged with [...]

Read More

Due Diligence

CFPB Issues Supervisory Highlights Consumer Reporting (Issue 14)

Mar 14, 2017

March 2nd, the CFPB issued Supervisory Highlights Consumer Reporting Special Edition (Issue 14), Winter 2017. For those who have had a less than perfect experience when interacting with a consumer [...]

Read More

SOC Reports

What To Know About SSAE 18 For Your Vendor Management

Mar 8, 2017

We had SAS 70, then SSAE 16... now SSAE 18 will be making an entrance in May of this year. SSAE 18 is a little different, so we’ve outlined some key points for you below to assist with your [...]

Read More

Contract Management

Your Vendor Oversight Is Only as Strong as Your Contract

Mar 1, 2017

For the non-bank lender, the process of vendor oversight begins prior to establishing an annual audit schedule. And like any good process, it begins well at the beginning - the contract. [...]

Read More

Examination Preparation

Good & Bad News About the State of Vendor Management In 2017

Feb 22, 2017

How are financial institutions handling vendor management for 2017? After surveying over one hundred people, we have good and bad news to share, data to back it up and how to make the bad news [...]

Read More

Contract Management

10 Signs That a Third Party Relationship Is Going Sour

Feb 15, 2017

There are times when even the best of relationships fall apart. But, there's also usually plenty of early warning signs. So, let's look at a few of them related to your vendors – these are just a [...]

Read More

Regulations

Actions Required to Comply with OCC Bulletin 2017-7

Feb 8, 2017

On Tuesday, January 24, 2017, the Office of the Comptroller of the Currency issued new regulation - Bulletin 2017-7. It's supplemental guidance on the approach examiners must take when reviewing [...]

Read More

Examination Preparation

CFPB Exams for Non-Bank Lenders & How to Leverage as a Vendor Oversight Function

Feb 7, 2017

Banks, credit unions and non-bank lenders have all been audited in some fashion by state or federal regulators during their lifetime. In recent years, the CFPB (Consumer Financial Protection [...]

Read More

Due Diligence

Why Vendor Document Management Is Essential to Your Third Party Risk Program

Feb 1, 2017

How often do you check your oil in your car? The air pressure in your tires? Do you take your car in for routine maintenance? Or do you ignore everything until a warning light appears on the [...]

Read More

Examination Preparation

Exam Preparation: Have These 8 Vendor Management Items Ready

Jan 25, 2017

You should prepare for an exam before you're officially given notice of it. There are items to have ready ideally 3 or 4 months before any potential exam window.

Read More

Contract Management

5 Key Provisions to Look for in Critical Vendor Contracts

Jan 18, 2017

Whether reviewing a new critical vendor contract or negotiating new terms and conditions of an existing one, there are many elements you need to consider.

Read More

Due Diligence

Creating A Culture of Compliance for Third Party Risk Management

Jan 11, 2017

With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.

I was recently at a [...]

Read More

Best Practices

Is Sr Management & Board Involved Enough In Vendor Management? Ask These Questions

Jan 4, 2017

A few weeks ago we discussed the importance of senior management and board involvement regarding vendor management. How do you know if you're following the OCC Bulletin 29-2013 guidance and OCC [...]

Read More

Regulations

Vendor Management 2017 - What's In Store?

Dec 28, 2016

I anticipate that there will be quite a few changes looming in the new year - 2017. Some examples include change of Dodd-Frank, increased pro-bank feel, change of examination cycle and [...]

Read More

Best Practices

Venminder's Top Vendor Management Downloads of 2016

Dec 23, 2016

Throughout the year we have created lots of infographics, ebooks, guides and more to help you and your peers with vendor management. Your peers have found these resources to be the most valuable [...]

Read More

Regulations

Vendor Management 2016 Review

Dec 21, 2016

2016 – the year of third party risk and cybersecurity. As 2016 winds down, we should look back and think about what we’ve seen this year. There have been many extraordinary events in the world of [...]

Read More

Regulations

In Vendor Management, What's a MRA?

Dec 14, 2016

I was recently asked what a MRA is and what it really means. Well, if you’re a compliance officer at a financial institution, that acronym is enough to send a shiver down your spine.

Read More

Due Diligence

Watch for Changes At Your Third Party Companies

Dec 7, 2016

Just as the leaves changing or the geese migrating herald the change of seasons, things change for companies as well. And, if those companies are a critical third party of yours, you need to be [...]

Read More

Examination Preparation

Board Vendor Management Involvement Is Needed & Required

Nov 30, 2016

If you’re a senior manager or a member of a board of a financial institution, you must be directly involved in many things, including vendor management. If there was any doubt about that, the OCC [...]

Read More

Outsourcing

Thankful for Vendor Management Technology

Nov 23, 2016

While I may not be entirely thankful for the heightened state of today’s regulatory environment, I am thankful that we live in a time of innovation and, therefore, have helpful tools to assist in [...]

Read More

Reporting

What vendor management information should I be reporting?

Nov 16, 2016

Reporting to senior management and/or the board is not just a good practice; it’s actually a requirement of regulatory guidance. So, what should you prepare in terms of a report?

Read More

Risk Assessment

Am I supposed to risk rate EVERY vendor?

Nov 9, 2016

The simple answer is “yes”. If they fall within the scope of your third party risk management program – and remember, your scope should be well documented on who is included and, just as [...]

Read More

Due Diligence

What Do I Do If a Vendor Won't Provide a Document?

Nov 2, 2016

Here's a classic dilemma – what happens when a vendor simply won’t give you the documents you need to complete due diligence? Do you stand up and walk out on them? Usually not... but you do need [...]

Read More

Examination Preparation

17 Vendor Management Horror Stories

Oct 26, 2016

Vendor management doesn't always go smoothly, and sometimes can get quite frightening. In the spirit of Halloween, check out these 17 vendor management horror stories followed by ways to stop or [...]

Read More

Best Practices

New Video Series Third Party Thursdays Launched

Oct 21, 2016

We have exciting news! Have you heard? Yesterday, we launched our new educational video series - Third Party Thursdays. Every Thursday, we will post a new video that will focus on a different area [...]

Read More

Cybersecurity

Addressing Insider Threats, Cyber Attacks & Data Security

Oct 19, 2016

As tiring as it may sound, training is still the most important risk mitigation factor in reducing the number of insider threats. Insider threats originate either through the vulnerability of [...]

Read More

Best Practices

Staying On Top of Vendor Management News

Oct 12, 2016

One of the most important and challenging parts of working in risk management is staying out of the news – that’s always a good goal, not to be in the news in a negative way. But equally [...]

Read More

Due Diligence

A Well-Known Vendor Doesn’t Mean It's a Safe Vendor

Oct 5, 2016

You’re getting ready to do business with a huge industry leader. Why, there’s no need to try to do the usual due diligence, is there? They have to be safe.

I mean, they’re never going to give us [...]

Read More

Best Practices

The Importance of Explaining Your Vendor Management Team’s Qualifications

Sep 28, 2016

You’ve probably updated your organization chart for your bank or credit union's compliance and third party risk management teams. You’ve likely had to explain it to Human Resources or go to senior [...]

Read More

Best Practices

Vendor Management Procedures and the Job Swap

Sep 21, 2016

Anyone who knows me knows I have a few obsessions – I’m cyclelogically obsessed with my bicycle and I am an absolute NASA-nut (thanks to Twitter and NASA Social for taking me to some really great [...]

Read More

Regulations

Mic Cue FDIC: Matters Requiring Board (and your) Attention

Sep 14, 2016

On Aug 22, 2016, the FDIC released the Summer edition of its Supervisory Insights Journal. Okay, officially, it was FDIC Financial Institution Letter 57-2016, but that’s too much of a mouthful, so [...]

Read More

Regulations

7 Ways to Stay in Tune with Vendor Management Best Practices

Sep 7, 2016

Unfortunately, there’s no magical solution to getting your staff up to speed and keeping them there. There’s no handbook or vendor management Bible, and even the best guidance only gets somewhat [...]

Read More

Outsourcing

5 Key Considerations to Outsourcing Vendor Management Tasks

Aug 31, 2016

We were recently asked if there is a certain size threshold at which an institution should or should not consider outsourcing. The discussion led to a lot of thoughts – but when it came down to [...]

Read More

Due Diligence

Put a Helmet on Your Financial Institution's Vendor Management

Aug 24, 2016

No serious cyclist would ever dream of riding their bicycle without wearing a helmet. Personally, having been hit by a car twice while cycling, I probably should wear a helmet every time I talk [...]

Read More

Budget

Planning for next year? Don’t forget vendor management!

Aug 17, 2016

I was very fortunate when I worked in a bank; I generally always got the support and investment that I needed to run a third party risk management program.

Talking to my colleagues throughout the [...]

Read More

Fourth Party Vendors

How you should treat 4th party vendors

Aug 3, 2016

Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!

What in the world is a fourth party [...]

Read More

Contract Management

The Importance of an Exit Strategy

Jul 20, 2016

Why do I want to go into a relationship thinking about the exit?

It does seem counter-intuitive, I suppose. You're all excited about signing up this great new provider who is going to help solve [...]

Read More

Contract Management

Why SLA’s are so important

Jul 6, 2016

You’re excited to be working with a terrific new vendor. Let's go through the process.

You’ve done your due diligence, written a thorough risk assessment, gotten it approved by your risk committee [...]

Read More

Due Diligence

Due diligence - regulation or just good business practice?

Jun 22, 2016

Why do we do due diligence?

There is always the natural tension between wanting to get to market with a good idea or new service provider and the need to do your homework and make sure the [...]

Read More

Contract Management

Characteristics of a Good Vendor Relationship

Jun 15, 2016

Okay, I’ll admit it – there are always certain companies that I admire and are my favorites to do business with. 

I won’t name names, but as you read this, hopefully you can identify ones of your [...]

Read More

Contract Management

Creating an Effective Vendor Contract Management System

Jun 10, 2016

Of all of the areas of third party risk management, perhaps the most difficult is handling contracts effectively. Whether it’s negotiating, tracking or simply finding all of them, contracts can be [...]

Read More

Due Diligence

Your Vendor List - The Creation, Managing and Ongoing Maintenance

Jun 3, 2016

Anywhere your company is spending money for a product or service, well, that’s a vendor of some sort. As part of your vendor management, you need to start by knowing who exactly your vendors are

Read More

Financials

Let’s talk about financials…

May 25, 2016

Not all due diligence should be rated equal

Due diligence should always be risk-based and tailored to the appropriate risks represented by the third party relationship. Lots of the items collected [...]

Read More

Regulations

Prince ...and what it means to keep your vendor management practices up with the times

May 11, 2016

Since Prince’s passing, the lyrics to his song “1999” kept coming to mind, which then triggered me to think about how vendor management has changed from then to now.

Read More

Information Security

The ADP breach is a good reminder to always be on the lookout!

May 4, 2016

You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data. 

Read More

Due Diligence

Why Due Diligence Is So Important - Some of the best advice I ever received

Apr 27, 2016

A little over ten years ago, I was leaving MBNA America following an acquisition by Bank of America. 

I really hadn’t searched for a job in nearly 20 years, so I wasn’t quite sure where to start.

[...]

Read More

Outsourcing

Spreadsheets for Vendor Management Just Don’t Cut It Anymore

Apr 13, 2016

Using Excel for your vendor management can make the data cumbersome for you to manage and difficult for your examiner to read. So why are you still using those spreadsheets?

It's time to move on! [...]

Read More

Due Diligence

Back to Basics: 5 Core Elements for your Vendor Management Program

Mar 30, 2016

Vendor management has been around for years. Having a firm grasp on the companies with whom you are doing business is not new, but the regulatory expectations continue to evolve and grow.

Whether [...]

Read More

Fourth Party Vendors

4th Party Vendors: How far do you need to go?

Jan 6, 2016

Just when you thought you had your arms around your vendor management program, auditors and examiners have been inquiring about your “vendor’s vendors”.

It’s understandably perplexing to figure [...]

Read More

Best Practices

8 Tips for Vendor Management in 2016

Jan 1, 2016

Happy New Year! Our team has got vendor management covered for 2016, we'll be releasing new helpful content to the industry every week. 

To help kick off your New Year and keep your  vendor [...]

Read More

Due Diligence

Bank Vendor Management Challenges of 2015 Recap

Jan 1, 2016

Vendor management can be difficult. Throughout 2015 we were curious what specific challenges banks were facing, so... we asked. Here's a list of what banks especially struggled with this year. [...]

Read More

Credit Union Vendor Management Challenges of 2015 Recap

Jan 1, 2016

It's no secret that with vendor management, comes many challenges. Throughout the year we asked credit unions specifically what those challenges were for them. Here's a recap of what those credit [...]

Read More

Due Diligence

15 Reasons To Be Thankful To Your Vendors

Nov 25, 2015

We've yet to come across a financial institution that does not have a vendor, and vendors of course means vendor management.

So, in the spirit of Thanksgiving, we decided to put together a fun [...]

Read More

Best Practices

What is your biggest Vendor Management Challenge?

Oct 9, 2015

Credit unions and banks face many challenges specifically with vendor management. To make sure we keep up with what those pain points are, we continually ask financial institutions' employees to [...]

Read More

Examination Preparation

Budget Time. Take an Examiners Advice - Remember Vendor Management

Sep 8, 2015

While talking to a prospect recently, he shared a comment that his examiner made from a recent exam. It went something like this:

You need to put away the manual spreadsheets and look into a [...]

Read More

Outsourcing

5 Tips to Choosing the Right Vendor Management Partner

Sep 4, 2015

Chances are you would not only like someone to help you get the work done but also help you raise your vendor management game. Will they further your vendor management education? Are your [...]

Read More

Outsourcing

3 Keys to Cost Justifying Outsourced Vendor Management

Sep 1, 2015

The job is big, you know you have to do it, there’s not enough of you to go around and the examiners will be there soon. What’s the answer?

Read More

Outsourcing

3 Signs It May Be Time To Hire A Vendor Management Partner

Aug 27, 2015

As you are well aware, Vendor Management at your bank or credit union is not an optional activity. 

Read More

SOC Reports

The Finer Points Of A SOC 2

Aug 11, 2015

In review, a SOC 1 report reviews financial and audit controls of a vendor. Basically a SOC 1 tells you if your vendor manages their books well (or not). But is it the right report for you? Does [...]

Read More

Financials

3 Areas To Look Out For In Your Vendor 10-K's

Aug 7, 2015

While you can use other reports for financial analysis, the 10-K is highly recommended to review the financial, legal and risk information about your vendor. The 10-K is formatted identically for [...]

Read More

Cybersecurity

What You Need to Know About Vendor Penetration Testing

Jul 31, 2015

Your vendor should be guarding against intrusion into the systems network from the outside and conducting regular penetration testing through a qualified credible resource.

You should insure that [...]

Read More

SOC Reports

6 Tips to Understanding a SOC 1 Report

Jul 24, 2015

Let’s start with a basic description of a SOC 1 report. A SOC 1 describes the system of internal controls in place at a service organization regarding internal controls over financial reporting.  [...]

Read More

Best Practices

Venminder Setting the Industry Standard for Vendor Management

Jul 17, 2015

This interview is part of an ongoing series where 2ONE6 International speaks with various FinTech providers as well as financial institutions that choose to partner with the innovators in this [...]

Read More

SOC Reports

SOC 1, 2 or 3 – Understanding the Differences

Jun 25, 2015

If you’re a bank or credit union then you likely already understand that you should be asking many of your vendors for a SOC report, especially your critical or high risk vendors.  

Have you [...]

Read More

Financials

The unintended consequences of declining vendor financial performance

Jun 5, 2015

Should you discover that your bank or credit union vendor's income and financial performance is declining, there are some unintended consequences you need to look out for.

Read More

Financials

Revenue has increased so the health of my vendor is better, right?

May 22, 2015

Not necessarily...

At Venminder we get this question alot. So, here are a few areas that you need to look at first before coming to that conclusion.

Read More

Financials

4 Tips to an Accurate Vendor Financial Performance Assessment

May 15, 2015

As you review your vendors financial health, here are 4 tips to an accurate vendor financial performance assessment.

Read More

Examination Preparation

What are your Bank or CU's Vendor Management Challenges?

Apr 9, 2015

Vendor management has many challenges, but what are your peers saying is their biggest challenge?

We asked a group of financial professionals just what their biggest vendor management challenge is [...]

Read More

Contract Management

5 Contract Management Tips to your Pot of Gold

Mar 17, 2015

Cost management begins and ends with effective contract management

Here are 5 simple tips for contract management at your financial institution to help you find that pot of gold: 

Read More

.Bank Domain: What you Need to Know

Mar 10, 2015

Background

In 2008, the Internet Corporation for Assigned Names and Numbers (ICANN), which manages the registration of internet domain names, approved a program to open up the Internet to [...]

Read More

Frequently Asked Bank & Credit Union Vendor Management Questions

Feb 17, 2015

Vendor management can be an arduous, time consuming process. Most banks know their critical vendors. However, they are typically missing the proper tools and/or knowledge to accurately document [...]

Read More

Best Practices

Wisely Restructuring Requires Strong Internal Management

Aug 19, 2014

Contrary to popular belief, you cannot just pick up your Core and IT service contracts a few months before expiration and hope to get it restructured in a way that is favorable to the franchise.

[...]

Read More

ALL contracts matter, not just your biggest ones

Aug 12, 2014

I recently got a call from an industry friend who knows how passionate I am about community banking and the technology providers that support it. He was curious. I have been a technology provider [...]

Read More

The Other M&A Discussion – Facts Vendors Never Share

Mar 26, 2014

Fresh off of a 5 week speaking junket, through Austin, Vegas, Naples, Phoenix and Honolulu, I have learned a lot about what is NOT being discussed amongst bankers when it comes to M&A.

I sat [...]

Read More

The Real Impact of Core IT Vendor Consolidation on YOU

Mar 4, 2014

In October we highlighted a clear and present danger resulting from the further consolidation of the Core IT vendors. Fewer vendors exist than ever before and the impact to your service level, [...]

Read More