Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


2 Reasons UDAAP Is Violated Most Often

3 min read
Featured Image

Enforcement actions by many different regulators including the CFPB, OCC and FDIC make it clear how important UDAAP (Unfair, Deceptive or Abusive Acts or Practices) is to a solid third party risk management program. It’s often quoted as a primary regulation violation, so it’s a worthy regulation of any risk management professional to be aware of.

Common Reasons UDAAP Is Violated Most Often

Here are 2 reasons we commonly see:

  1. The acronym becomes a buzzword. This is a frequent danger with regulatory oversight and the many federal consumer protection laws to be aware of. It’s easy to quote “UDAAP” during a conversation but vendor managers need a much deeper understanding about the regulation itself as it’s more than just a throwaway line.

  1. Vendor managers aren’t sure what to look for when verifying if the regulation has been violated. Knowing, understanding and then testing against will quickly differentiate you from the pack. Don’t try to fake it until you make it! Having performed many assessments in our careers, your vendor counter party contact will soon realize the level of expertise you bring to the assessment process when you interact with them.

How Vendor Managers Can Prevent UDAAP Violations

There are many great resources available for examiners to assist in their review of UDAAP compliance which can also be leveraged in third party risk management. It’s encouraged to review the resources to have a solid foundation of regulatory compliance in your repertoire and to help you mitigate risk. After all, the CFPB’s concern is the consumers’ harm caused by the violation of federal consumer lending regulations.

Vendors have also fallen foul of UDAAP; so, while the regulation is a key factor that you should be reviewing in your annual assessment, there are clear advantages to perform a UDAAP review during initial due diligence. Remember, the vendor is an extension of your organization and may be interacting directly with the end customer.   

Here are 4 P’s to think about when it comes to UDAAP:

  1. Is the statement prominent enough for the customer to notice?

  2. Is the information presented in an easy-to-understand format that does not contradict other information in the package and at a time when the customer’s attention is not distracted elsewhere?

  3. Is the placement of the information in a location where customers can be expected to look or hear?

  4. Is the information in close proximity to the claim it qualifies?

The 4 P’s were developed for examiners by the Federal Trace Commission. Check out the FTC Policy Statement on Deception here for an overview.

Stay Updated on Regulatory Compliance for a Successful Third Party Risk Program

Reviewing regulatory agency enforcement actions for UDAAP issues and reviewing the vendors’ own advertising and disclosure practices can really help align your vendor panel selection with your organization’s compliance standards. Simply asking how a vendor complies with UDAAP really is nothing more than a check-the-box exercise.

We recommend that as your third party risk management program matures, looking deeper into regulatory compliance will help further protect your organization from risks outside of your immediate line of business. The relationship between third party risk management and a good vendor is vital to a successful program.

Dive deeper into UDAAP and what else you need to know. Download this infographic to get started. udaap and your vendors

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo