Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Fintech, State Regulators and The OCC Fintech Charter

4 min read
Featured Image

The term fintech is a broad definition, and I’ve heard that some firms offering software to process a data point for a financial institution, also define themselves as "fintech". In some of these cases, you can usually agree to disagree, but the consensus is that fintech is really defined as a firm who processes, offers or lends capital in an alternative manner from the typical bank, credit union or non-depository lender.

The OCC’s proposed fintech charter remains just that - a proposal. The turf war between state regulators and the OCC continues since the former argue that the OCC does not have the jurisdiction to offer such a charter and that it would allow a fintech company to bypass state licensing requirements. State regulators argue convincingly that they are much more in tune with consumer protection laws as they aim to serve their constituents. It does make for a very compelling argument.

The 4 Areas of Third Party Risk Likely to Be Affected By the New OCC Fintech Charter

There’s no question that any form of financial transaction deserves a level of regulation, and for the fintech firms who would apply for the special charter, those regulations should also apply. It’s important for them to realize that there will be some guaranteed costs involved in acquiring and maintaining such a charter.

Here are some areas of third party risk likely to be affected:

  1. Financial Health - Obtaining the charter would allow the fintech company to operate more closely as a bank operation. It’s too early to tell about the usury requirements, but it would make sense from a risk management perspective that the financial health of a fintech would be deeply scrutinized.

  2. Operational Analysis - Many of the consumer protection laws automatically come into play and there would be a certain degree of attention on the fintech’s ability to develop, manage and execute on a robust compliance management system. This one area alone increases the burden of identifying the right expertise to lead such a program and the deep knowledge of items such as Anti-Money Laundering, Bank Secrecy Act and the ability to perform Suspicious Activity Reports...collectively known as AML, BSA and SAR.
  3. Regulatory Compliance - The list of regulatory compliance requirements goes on but under the charter, the OCC is likely to require additional areas of oversight to include third party risk management. The guidance is necessary in the fact that the reliance of third party vendors for most financial services is rarely performed within the single entity and, based on experience, many vendors use third or fourth party vendors.

    Maturity levels found within traditional financial services are on the incline, and that's a positive for the industry as a whole. However, in the fintech and vendor space, maturity levels are identified as needing some investment into the fundamentals of third party risk management. This has been reiterated with fellow industry professionals and is validated by our own assessment in regulatory compliance and operational analysis reviews that we perform on vendors. 

    Ironically, some of these vendor services aren’t new entities to the financial services industry, yet the maturity levels of these programs could still use some attention. Simply put, if your fintech organization is using third or fourth parties, you should have a third party risk program in place. Even without an official regulator, the chances are that other partners will require evidence of how you manage this risk verticals.

  1. Company Policy and Procedures - The challenge for fintech to gain any charter regardless if it is issued by the state, the OCC or other government agency is the ability to demonstrate that their robust policy, procedures and internal infrastructures are in place to protect the consumer.

    A great example of this is the recent $70 million fine levied by the OCC against Citi for failure to operate a compliant AML/BSA program. If a giant such as Citi can get it wrong, either from a lack of investment into such programs or worse still a poor corporate compliance culture, then this should be a warning to exactly what a fintech may find themselves at the mercy of. The need for a solid understanding of regulatory compliance will become a prerequisite for operating in such a fashion.

Looking into the Future

The future is blurry on this issue and it’s one that many are following closely. Regardless if this gathers any traction, there are some important points to consider as fintech grows into a space which is historically highly regulated.

Playing in the majors will have the need for investment into systems and the focus on consumer protection despite the current climate of deregulation chatter. No one can predict the level of power and authority federal agencies may have in the long term, but based on the enthusiasm displayed at the state regulatory level in staking a claim to supervise fintech firms, the possibility of regulation at some level is unlikely to change. 

Ensure your fintech company is following all of the industry best practices. Download our helpful infographic.fintech third party risk management best practices

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo