REQUEST A DEMO
venminder_eBook_resources_Mini_Vendor_Management_Handbook
New Call-to-action
New Call-to-action
Post-Hero.jpg

Venminder Blog

Subscribe--Bg.jpg

Subscribe to the Venminder Blog

Venminder Blog

Dec 31, 1969 by

Branan Cooper

Branan Cooper
Branan Cooper is the Chief Risk Officer at Venminder. Branan has more than 25 years of experience in the financial services industry with a focus on the management of internal processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject-matter expert in residence.
Find me on:

Recent Posts

Why The Board Needs to be Directly Aware of Cybersecurity Matters

Apr 25, 2018

Hardly a week goes by that we don’t learn of some new major breach, incident or some emerging cybersecurity threat. Think Swift attacks, Equifax or Yahoo. It seems no one is immune from [...]

Read More

Best Practices

Staying On Top of Vendor Risk Management News: Week of April 16

Apr 20, 2018

Have you heard - the CFPB could start hiding consumer complaints, Mortgage Bankers Association says cyber crimes are getting nastier and nastier (and they have examples to prove it!) and even the  [...]

Read More

Best Practices

Why Third Party Risk Discussions Belong at Sr Management & Board Meetings

Apr 18, 2018

I know it seems like third party risk management is getting more attention than it needs. I say that having been involved with various facets of vendor management for much of my 28 years in [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of April 9

Apr 13, 2018

This week's third party risk related news stories cover a variety of topics - bank regulatory actions are at a historic low, Congress back in session and perhaps ready to look at regulatory [...]

Read More

Best Practices

Stay Informed: An Important Vendor Risk Best Practice

Apr 11, 2018

Whether you know it or not, you need to be a news-hound in third party risk management. This helps you stay informed and educated. 

Read More

Best Practices

Staying On Top of Vendor Management News: Week of April 2

Apr 9, 2018

Check out the latest stories in the world of third party risk for the past week - an update on regulatory relief, the compliance costs that are hurting rather than helping consumers, whether or [...]

Read More

Best Practices

5 Ways to Spring Clean Your Third Party Risk Management Program

Apr 4, 2018

Like many others, you may find the introduction of spring to be a great time to do some spring cleaning. While you’re dusting off the shelves and clearing the clutter it may not hurt to [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Mar 26

Mar 30, 2018

Read below for the FFIEC's opinion on exam modernization, the CFPB teaming up with the FTC,  possible regulatory relief for community banks, fintech companies in Arizona, the FDIC announces [...]

Read More

Best Practices

Inherent Risk vs Residual Vendor Risk

Mar 28, 2018

A risk assessment should not include just the inherent risk or residual risk with the vendor. In order to complete a robust assessment, both inherent risk and residual risk levels should be [...]

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of Mar 19

Mar 23, 2018

Read about the latest Wells Fargo enforcement action, what a less aggressive CFPB could mean for Fintech companies, the major third party implications on illegal debt collection, what Regtech is [...]

Read More

Best Practices

Critical vs High Risk Vendors – What's the Difference?

Mar 21, 2018

From a best practices perspective, did you know there is a distinct difference between a critical vendor and high risk vendor? It’s common to see these two vendor types grouped as one, however [...]

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of Mar 12

Mar 16, 2018

While there is not as many shocking news stories this week, there are, however, some interesting bits of news on data breaches, threats to the banking system, perspective from the new OCC head and [...]

Read More

Best Practices

A Former Regulator’s Perspective on Third Party Risk Management

Mar 12, 2018

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Mar 5

Mar 9, 2018
This has been a week with a lot of enforcement action updates. And, overall, some of the most intriguing articles in third party risk from the week are:
  • Wells Fargo is in trouble again
  • SEC hits [...]
Read More

Best Practices

Staying On Top of Vendor Management News: Week of Feb 26

Mar 2, 2018

A lot went on in the world of third party risk management this week - some of the top news stories include:

  • Regulators are cracking down on Fintech and brokerage companies
  • SEC weighs in on [...]
Read More

Best Practices

The Troublesome Extra A in UDAAP

Feb 28, 2018

Unfair, Deceptive or Abusive Acts or Practices (UDAAP) is an area of intense focus by regulators at the moment. Since the creation of the Consumer Financial Protection Bureau (CFPB), there has [...]

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of Feb 19

Feb 23, 2018

This week in third party risk news, articles cover topics like:

  • Updates with the CFPB
  • Security and fraud cyber attacks cost the U.S. economy how much? The number is astounding!
  • Efforts the U.S. [...]
Read More

Best Practices

Take Credit for Vendor Management Successes

Feb 21, 2018

One of my most exciting lessons in the world of compliance was that we could actually take credit for doing the job well or for investing in education.

Compliance and third party risk management [...]

Read More

Due Diligence

Staying On Top of Vendor Management News: Week of Feb 12

Feb 16, 2018

This week in third party risk management news:

  • Want to voice your opinion on CFPB regulation through enforcement action? Now you can - they're seeking input from the public.
  • Legal analysis of the [...]
Read More

Best Practices

14 Ways Vendor Management Software and Services Help

Feb 14, 2018

Vendor management and its requirements have grown significantly over the past several years. There is now increased attention to subservice providers (fourth parties) and expectations around [...]

Read More

Outsourcing

Staying On Top of Vendor Management News: Week of Feb 5

Feb 9, 2018

What's new in third party risk management this week? Read below to find out the progression of the OCC's proposed Fintech charter, what Mulvaney is doing regarding the CFPB, a possible OCC and [...]

Read More

Best Practices

Perspective: The Most Difficult Part of Third Party Risk

Feb 7, 2018

I was asked at a speaking engagement what I felt was the most difficult part of third party risk management. My answer, quite cumbrous, was “all of it”.

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of Jan 29

Feb 2, 2018

The week of Jan 29 saw some really amazing headlines. The CFPB seeks public input on its processes and enforcement actions, new debt collection rules with third party implications and now they [...]

Read More

Best Practices

Vendor Management Takes a Village or At Least a Team

Jan 31, 2018

I will admit I was surprised to learn that even the largest companies may have third party risk sitting on the corner of ONE person’s desk. Worse yet, it is often times just ONE FACET of a busy [...]

Read More

Cybersecurity

Staying On Top of Vendor Management News: Week of Jan 22

Jan 26, 2018

This week brings all sorts of BIG news from CFPB, OCC and the Federal Reserve affecting third party risk. The new director for the CFPB unleashes some significant changes in process and the OCC [...]

Read More

Best Practices

5 Tricks to Stay Organized In Third Party Risk Management

Jan 24, 2018

One of the things I pride myself on is being highly organized (is it a problem if my socks are arranged alphabetically by color?). In the ever-hectic world of a third party risk manager, you’re [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 15

Jan 19, 2018

Read below for the most important news articles in third party risk for the week of January 15, 2018. There’s lots of articles this week on the challenges in financial institutions – whether it’s [...]

Read More

Best Practices

Board Third Party Risk Management Reporting Essentials

Jan 17, 2018

Regulatory guidance is clear – you must keep your senior management team and the board informed on developments in the third party risk management program, particularly on activities related to [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 8

Jan 12, 2018

This week in the world of third party risk management, several resources take a stab at 2018 predictions and we again hear about the importance and increased role of of cybersecurity. The concept [...]

Read More

Best Practices

Are You Testing Your Vendor Management Program?

Jan 10, 2018

We all know the importance of getting regular checkups on our health. It’s a great way to proactively address any potential problems before they become a crisis. Well, third party risk management [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Jan 1

Jan 5, 2018

New year, new vendor management news. If this week’s news is any indication, we’re in for a wild and wacky year! 

We’ve got lots more CFPB news (the current head of NCUA may be named as the [...]

Read More

Best Practices

10 Vendor Management New Year’s Resolutions for 2018

Jan 3, 2018

Exercise more, lose a few pounds, adopt a new hobby and spend more time with family and friends are all common New Years Resolutions.

Instead of losing weight for 2018, we've decided to focus on [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Dec 25

Dec 29, 2017

It's the last week of the year and the vendor management news hasn't stopped. This week's headlines reflect back on 2017 and outline priorities for 2018. Not surprisingly, enforcement actions, [...]

Read More

Best Practices

9 Regulatory Risk Types Involved in a Vendor Risk Assessment

Dec 27, 2017

Writing a risk assessment document for the first time or the thousandth time can be a daunting task. People often struggle with how much there is to consider.

So, let’s narrow the focus and go [...]

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of Dec 18

Dec 22, 2017

Top stories in vendor management related news for the week of December 18, 2017 include:

  • New York cracks down on data issues following Equifax
  • CFPB is stopping its exams while they figure out how [...]
Read More

Best Practices

How to Know If Your Vendor Is Naughty or Nice

Dec 20, 2017

He’s making a list, he’s checking it twice, is your vendor naughty or nice? The regulators are comin’ to town… 

Read More

Due Diligence

Staying On Top of Vendor Management News: Week of Dec 11

Dec 15, 2017

We've collected vendor management news articles from the past week starting with December 11, 2017. A few top ones are:

  • 3 things to consider in vendor risk management
  • An update on the battle over [...]
Read More

Best Practices

11 Advantages of a Vendor Management Software

Dec 13, 2017

Vendor management and its requirements have grown significantly over the past several years. There is now increased attention to subservice providers (fourth parties) and expectations around [...]

Read More

Outsourcing

Staying On Top of Vendor Management News: Week of Dec 4

Dec 8, 2017

This week in the world of vendor management was all about the changes in the regulators’ leadership and the ongoing power struggle at the CFPB, with a side order of data breach and proposed [...]

Read More

Best Practices

6 Reasons to Follow Up on Vendor Management Exam Items

Dec 6, 2017

At the conclusion of any examination or audit, there are always some open items. No one truly enjoys having a detailed re-hashing of areas of concern, but it’s an important conversation to have.

[...]

Read More

Examination Preparation

Staying On Top of Vendor Management News: Week of Nov 27

Dec 1, 2017

This week’s vendor management news is dominated by the change in the leadership at the CFPB, UDAAP action and a new head at the OCC. Check out more of the important third party risk related news [...]

Read More

Best Practices

Consider These 5 Items When Entering Into a Vendor Contract

Nov 29, 2017

I’m often asked about termination clauses in contracts. Unfortunately, if you’re in the middle of an existing contract and decide you “want out”, your options may be limited, depending on how much [...]

Read More

Contract Management

Staying On Top of Vendor Management News: Week of Nov 20

Nov 24, 2017

Third party risk news for the fourth week of November brought us some interesting headlines - here's what to expect in this week's Staying On Top of Vendor Management News:

  • If you haven't heard [...]
Read More

Best Practices

15 Reasons To Be Thankful for Good Vendor Management

Nov 22, 2017

We’re thankful for our company, our customers and our ever-growing set of products and services. As we pause to spend Thanksgiving time with our families and friends, we thought it would be a good [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Nov 13

Nov 17, 2017

Some weeks there’s lots of news; some weeks there’s big news – this week, there’s simply lots and lots of big news.

Let’s look at some of the massive headlines:

  • The CFPB director is stepping [...]
Read More

Best Practices

What Will Examiners Ask Related to Vendor Risk Management?

Nov 15, 2017

A common question we hear is “How do we know what the examiners will ask related to vendor risk management?” It’s one that does not lend itself to an exact and easy answer. However, there are many [...]

Read More

Examination Preparation

Staying On Top of Vendor Management News: Week of Nov 6

Nov 10, 2017

This week once again reminds us that keeping up with third party risk management news is a very important best practice. Here are some of the top stories:

  • An exerpt from Chairman Hensarling's [...]
Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 30

Nov 3, 2017

In light of Halloween, we've got some spooky third party risk management news to share with you this week.

  • Back from the dead - first national bank charter approved since the financial crisis
  • [...]
Read More

Best Practices

Avoid These 7 Vendor Management Nightmares

Nov 1, 2017

Vendor management doesn't always go smoothly and sometimes can get quite frightening. So, in the spirit of Halloween, I have 7 vendor management nightmares to share with you. Ensure you take the [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 23

Oct 27, 2017

Fortunately, there hasn't been anything too crazy happening in the world of third party risk this past week. There are still some good articles to read though to keep you updated! Check them out [...]

Read More

Best Practices

3 Ways to Use Law Firms to Help With Third Party Risk Management

Oct 25, 2017

"The first thing we do, let's kill all the lawyers" is a well known quote from Shakespeare’s Henry VI Part 2.  I was an English major, so I read a lot of Shakespeare and I don’t particularly agree [...]

Read More

Due Diligence

Staying On Top of Vendor Management News: Week of October 16

Oct 20, 2017

Third party risk news for the week of October 16 that you need to know:

  • Oversight on FinTech companies is tightening up
  • Are you a smaller bank? You might be experiencing higher regulatory costs [...]
Read More

Best Practices

OCC Released 2018 exam priorities: NR 2017-113

Oct 18, 2017

On September 28, 2017, the Office of the Comptroller of the Currency (OCC) released BankFiscal Year 2018 Bank Supervision Operating Plan, aka, NR 2017-113. Thanks for the acronym fun… but what [...]

Read More

Regulations

Staying On Top of Vendor Management News: Week of October 9

Oct 13, 2017

Learn what's new in vendor risk management from the week of October 9 - there have been some real eye openers. We've put together a list of resources that cover a variety of important topics, [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of October 2

Oct 6, 2017

Learn what's new in vendor risk management from the week of October 2. We've put together a list of resources to check out. 

It’s been an interesting week  topics include:

  • OCC dangles idea of [...]
Read More

Best Practices

Who Is a Critical Vendor?

Oct 4, 2017

Your third parties should be ranked as Critical or Non-Critical for business disruption and ranked High, Medium or Low on all regulatory items.

Read More

Due Diligence

Staying on Top of Vendor Management News: Week of Sept 25

Sep 29, 2017

This week in third party risk news, we are reminded of the importance of proper due diligence, reputation risk, examination preparedness and more vendor management best practices. Read the [...]

Read More

Best Practices

What Are Vendor Due Diligence Reviews?

Sep 27, 2017

A fundamental question people often wrestle with is, “what constitutes appropriate vendor due diligence?” Or, “what are vendor due diligence reviews”?

Read More

Due Diligence

Staying on Top of Vendor Management News: Week of Sept 18

Sep 22, 2017

Headlines in third party risk from this past week, the week of September 18, covered a variety of mishaps from which we can all learn. Read the articles below for how you can avoid issues with [...]

Read More

Best Practices

It's Apple Pay Contract Renewal Time - Important Considerations

Sep 20, 2017

As you may have seen this week in the news, the first of the Apple Pay contracts are up for renewal; if you haven’t seen it, here’s a handy link to the article

Read More

Due Diligence

Staying on Top of Vendor Management News: Week of Sept 11

Sep 15, 2017

Keeping up with the latest news in third party risk is important for your vendor management program. This past week - week of September 11 - has been especially eventful. Make sure to check out [...]

Read More

Best Practices

Why Do Vendors Incorporate in Delaware?

Sep 13, 2017

If you’ve done much due diligence work, you’ve certainly noticed that many vendors incorporate here in Delaware (well, technically, I live in southeastern Pennsylvania but have worked for most of [...]

Read More

Due Diligence

Staying on Top of Vendor Management News: Week of Sept 4

Sep 8, 2017

Keep up with the latest news in third party risk. We've put together a list of resources for the week of September 4 to help keep you updated.  

Read More

Best Practices

Third Party Risk Management Advice: What I Would Share with 20 Year Younger Me

Sep 6, 2017

I’ve seen on Facebook and Twitter those amusing things where you list what you wish you could tell yourself 20 years ago, i.e., sharing the benefit of experience with a less experienced YOU. 

[...]

Read More

Best Practices

Review Vendor Management News

Aug 30, 2017

If you’re like me, you receive dozens of emails – perhaps hundreds of tweets – from various news feeds. It’s easy to lose track of them all but it's important to at least glance through them. 

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Aug 21

Aug 25, 2017

Here's a list of important vendor risk management articles from this week - week of August 21, 2017.

Read More

Best Practices

An Ounce of Third Party Risk Management Prevention

Aug 23, 2017

There is an old saying that goes, “an ounce of prevention is worth a pound of cure” Meaning the cheapest way to fix a problem is often to simply prevent it from occurring. Perhaps there is no [...]

Read More

Best Practices

Staying On Top of Vendor Management News: Week of Aug 14

Aug 18, 2017

What's new in vendor risk management for the week of August 14, 2017? We've put together a list of resources to check out.

Read More

Best Practices

Different Perspectives of Third Party Risk Management

Aug 16, 2017

The optimist sees the glass as half full; the pessimist sees the glass as half empty; the engineer sees a waste of too much glass; the compliance officer sees it as potential shattering and [...]

Read More

Risk Assessment

Staying On Top of Vendor Management News: Week of Aug 7

Aug 11, 2017

You're aware of the importance of staying up to date with industry news. Learn what's new in vendor risk management for the week of August 7, 2017. We've put together a list of resources to check [...]

Read More

Best Practices

Balance In Third Party Risk Management

Aug 9, 2017

When I’m not at work, you’ll most likely find me on my bicycle. Some might argue that I am cyclelogically obsessed with bicycling (see what I did there?). One sure thing every cyclist knows is [...]

Read More

Business Continuity / Disaster Recovery

Staying On Top of Vendor Management News: Week of July 31

Aug 4, 2017
Want to know what went on for the week of July 31 in third party risk? From regulatory compliance to which financial institutions are making the vendor management headlines, we've got you covered.
Read More

Best Practices

Staying On Top of Vendor Management News: Week of July 24

Jul 28, 2017

You know how important it is to stay updated with regulatory news. Learn what's new in vendor risk management from the week of July 24. We've put together a list of resources to check out. 

Read More

Best Practices

Three Qs You Must Ask to Find Out if a Vendor is Critical

Jul 26, 2017

You need to know the business impact risk of your vendors. Once you know that, you can figure out how they play into your financial institution’s business continuity plan. A way to start is to [...]

Read More

Due Diligence

NAFCU Risk Management Seminar: Networking, Third Parties and More

Jul 24, 2017

This week, we’re at the NAFCU Risk Conference in beautiful Denver, Colorado. For me, attending conferences, whether as a presenter or as an interested participant, is always exciting.

Read More

Best Practices

Staying On Top of Vendor Management News: Week of July 17

Jul 21, 2017

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

[...]

Read More

Best Practices

5 Things to Do to Be Proactive In Vendor Management

Jul 19, 2017

If you had an examination starting tomorrow, would you be ready? If one of your critical third parties announced it was ceasing business, would you be prepared? If there’s a big data breach at one [...]

Read More

Examination Preparation

4 Steps to Take When Vendor Management Guidance Lags Behind Tech

Jul 12, 2017

The creation and issuance of vendor management regulatory guidance takes quite a while – the process from start to finish can take months or even years. Meanwhile, the evolution of mobile [...]

Read More

Best Practices

The Importance of Vendor Management Department Independence

Jul 5, 2017

Vendor management should have its own department or group inside your financial institution. A best practice, perhaps even a fundamental expectation, is that third party risk management should be [...]

Read More

Best Practices

Staying on Top of Vendor Management News: Week of June 26

Jun 30, 2017

As we've mentioned before, it's important to stay updated with regulatory news. Learn what's new in vendor risk management this past week. We've put together a list of resources to check out. 

Read More

Best Practices

The Basics of Service Level Agreements For Vendor Contracts

Jun 28, 2017

As a professional in third party risk management, you probably hear the term service level agreement or SLA for short. Make sure you understand what they are. To help, we'll go through a few basic [...]

Read More

Contract Management

Staying on Top of Vendor Management News: Week of June 19

Jun 23, 2017

As we’ve mentioned before, one of the challenging issues in third party risk management is staying up-to-date on news and changes occurring in the financial services regulatory world. It’s [...]

Read More

Best Practices

15 Tasks for When A Vendor Management Examiner Comes to Town

Jun 21, 2017

The examiner is coming, the examiner is coming!

DON'T PANIC! Seriously, there’s no need if you’re running a well-managed program. Let’s go through some of the key things you’ll want to do to plan [...]

Read More

Examination Preparation

Vendor Ongoing Monitoring Often Overlooked

Jun 14, 2017

Vendor ongoing monitoring is required by all of the major regulators as a fundamental practice in third party risk management. So, why is it often overlooked? What happens if you fail to monitor [...]

Read More

Best Practices

5 Key Takeaways from OCC Bulletin 2017-21

Jun 13, 2017

Extra extra! Read all about it! Last week, the Office of the Comptroller of the Currency issued Bulletin 2017-21 –Frequently Asked Questions to Supplement OCC Bulletin 2013-29.

We thought it might [...]

Read More

Regulations

What to Include In a Third Party Risk Board Report Package

Jun 7, 2017

In the past, we covered that the board needs to be involved in your vendor management program and how to figure out if they're involved enough. We also covered important points on what vendor [...]

Read More

Reporting

3 Areas to Watch If Your Vendor Is Acquiring Another Vendor

May 31, 2017

Today, companies merge suddenly and frequently for a variety of reasons - some of those reasons can be a really good thing, but some can introduce a variety of risks that can cause performance to [...]

Read More

Best Practices

Third Party Issues Hidden In Plain Sight

May 31, 2017

In the story, “The Purloined Letter” by Edgar Allan Poe, one of the key themes was thatthe most obvious things are often hidden in plain sight – we just manage not to see them. The same is true of

Read More

Risk Assessment

Alternatives in Third Party Risk Management

May 24, 2017

As you may already know, I’m a cyclist. So, typically, I log a few miles every morning before work, amuse the neighbors by posting pictures of my ride on Facebook and generally enjoy rolling along [...]

Read More

Due Diligence

Legal Insight: White House Issues New Cybersecurity Executive Order

May 18, 2017

If you have listened to some of our webinars, you’ve heard me recommend reviewing legal analysis of the voluminous or complex new vendor management regulatory guidance. Rather than digging through [...]

Read More

Cybersecurity

It's Dangerous to Cut Vendor Management Corners

May 17, 2017

It can be tempting to cut corners when handling third party risk management at your institution. 

When I was a few years younger, I used to love to race in criterium style races… for those of you [...]

Read More

Best Practices

How to Learn From a Vendor Management Enforcement Action

Apr 26, 2017

Enforcement action – for anyone involved in risk management, that term can give you an upset stomach. Why? An enforcement action typically means large problems and potentially hefty fines. They [...]

Read More

Regulations

Why Must I Risk Rate EVERY Vendor?

Apr 19, 2017

There's a question I get asked often - "Why must I risk rate EVERY one of my vendors?" Many times at conferences and in follow up to webinars, this is a popular question, because I think it drives [...]

Read More

Risk Assessment

UDAAP Enforcement Actions

Apr 12, 2017

One of the real regulatory hot buttons over the past few years is around UDAAP – Unfair, Deceptive, or Abusive Acts, or Practices. There have been numerous UDAAP violations with some pretty [...]

Read More

Regulations

The OCC Isn’t My Regulator - BUT They Still Matter to You

Apr 5, 2017

The OCC came out with new guidance on January 24, 2017 - they published the supplemental examination guide for third party risk management, titled OCC Bulletin 2017-7. So, if you’re at a credit [...]

Read More

Regulations

How mature is your vendor management program?

Mar 29, 2017

A topic we hear a lot at industry conferences and webinars is the maturity of your vendor management program. What exactly does this mean? Let's go through that now...

Read More

Best Practices

UDAAP Violations Show Vendor Management Programs Still Need Work

Mar 22, 2017

If you don’t read anything else this week on vendor management, read this! Recent studies by Protiviti and Crowe Horwath show that vendor risk management maturity has improved significantly, but [...]

Read More

Examination Preparation

Your vendor just got acquired so now what?

Mar 15, 2017

On March 13, 2017, as the East Coast of the US was awaiting the latest snowpocalypse or snowmageddon, really big news broke related to vendor management – D+H was acquired and will be merged with [...]

Read More

Due Diligence

Good & Bad News About the State of Vendor Management In 2017

Feb 22, 2017

How are financial institutions handling vendor management for 2017? After surveying over one hundred people, we have good and bad news to share, data to back it up and how to make the bad news [...]

Read More

Examination Preparation

10 Signs That a Third Party Relationship Is Going Sour

Feb 15, 2017

There are times when even the best of relationships fall apart. But, there's also usually plenty of early warning signs. So, let's look at a few of them related to your vendors – these are just a [...]

Read More

Contract Management

Actions Required to Comply with OCC Bulletin 2017-7

Feb 8, 2017

On Tuesday, January 24, 2017, the Office of the Comptroller of the Currency issued new regulation - Bulletin 2017-7. It's supplemental guidance on the approach examiners must take when reviewing [...]

Read More

Regulations

Why Vendor Document Management Is Essential to Your Third Party Risk Program

Feb 1, 2017

How often do you check your oil in your car? The air pressure in your tires? Do you take your car in for routine maintenance? Or do you ignore everything until a warning light appears on the [...]

Read More

Due Diligence

Exam Preparation: Have These 8 Vendor Management Items Ready

Jan 25, 2017

You should prepare for an exam before you're officially given notice of it. There are items to have ready ideally 3 or 4 months before any potential exam window.

Read More

Examination Preparation

Creating A Culture of Compliance for Third Party Risk Management

Jan 11, 2017

With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.

I was recently at a [...]

Read More

Due Diligence

Is Sr Management & Board Involved Enough In Vendor Management? Ask These Questions

Jan 4, 2017

A few weeks ago we discussed the importance of senior management and board involvement regarding vendor management. How do you know if you're following the OCC Bulletin 29-2013 guidance and OCC [...]

Read More

Best Practices

Vendor Management 2017 - What's In Store?

Dec 28, 2016

I anticipate that there will be quite a few changes looming in the new year - 2017. Some examples include change of Dodd-Frank, increased pro-bank feel, change of examination cycle and [...]

Read More

Regulations

Vendor Management 2016 Review

Dec 21, 2016

2016 – the year of third party risk and cybersecurity. As 2016 winds down, we should look back and think about what we’ve seen this year. There have been many extraordinary events in the world of [...]

Read More

Regulations

In Vendor Management, What's a MRA?

Dec 14, 2016

I was recently asked what a MRA is and what it really means. Well, if you’re a compliance officer at a financial institution, that acronym is enough to send a shiver down your spine.

Read More

Regulations

Watch for Changes At Your Third Party Companies

Dec 7, 2016

Just as the leaves changing or the geese migrating herald the change of seasons, things change for companies as well. And, if those companies are a critical third party of yours, you need to be [...]

Read More

Due Diligence

Board Vendor Management Involvement Is Needed & Required

Nov 30, 2016

If you’re a senior manager or a member of a board of a financial institution, you must be directly involved in many things, including vendor management. If there was any doubt about that, the OCC [...]

Read More

Examination Preparation

Thankful for Vendor Management Technology

Nov 23, 2016

While I may not be entirely thankful for the heightened state of today’s regulatory environment, I am thankful that we live in a time of innovation and, therefore, have helpful tools to assist in [...]

Read More

Outsourcing

What vendor management information should I be reporting?

Nov 16, 2016

Reporting to senior management and/or the board is not just a good practice; it’s actually a requirement of regulatory guidance. So, what should you prepare in terms of a report?

Read More

Reporting

Am I supposed to risk rate EVERY vendor?

Nov 9, 2016

The simple answer is “yes”. If they fall within the scope of your third party risk management program – and remember, your scope should be well documented on who is included and, just as [...]

Read More

Risk Assessment

What Do I Do If a Vendor Won't Provide a Document?

Nov 2, 2016

Here's a classic dilemma – what happens when a vendor simply won’t give you the documents you need to complete due diligence? Do you stand up and walk out on them? Usually not... but you do need [...]

Read More

Due Diligence

17 Vendor Management Horror Stories

Oct 26, 2016

Vendor management doesn't always go smoothly, and sometimes can get quite frightening. In the spirit of Halloween, check out these 17 vendor management horror stories followed by ways to stop or [...]

Read More

Examination Preparation

New Video Series Third Party Thursdays Launched

Oct 21, 2016

We have exciting news! Have you heard? Yesterday, we launched our new educational video series - Third Party Thursdays. Every Thursday, we will post a new video that will focus on a different area [...]

Read More

Best Practices

Staying On Top of Vendor Management News

Oct 12, 2016

One of the most important and challenging parts of working in risk management is staying out of the news – that’s always a good goal, not to be in the news in a negative way. But equally [...]

Read More

Best Practices

A Well-Known Vendor Doesn’t Mean It's a Safe Vendor

Oct 5, 2016

You’re getting ready to do business with a huge industry leader. Why, there’s no need to try to do the usual due diligence, is there? They have to be safe.

I mean, they’re never going to give us [...]

Read More

Due Diligence

The Importance of Explaining Your Vendor Management Team’s Qualifications

Sep 28, 2016

You’ve probably updated your organization chart for your bank or credit union's compliance and third party risk management teams. You’ve likely had to explain it to Human Resources or go to senior [...]

Read More

Best Practices

Vendor Management Procedures and the Job Swap

Sep 21, 2016

Anyone who knows me knows I have a few obsessions – I’m cyclelogically obsessed with my bicycle and I am an absolute NASA-nut (thanks to Twitter and NASA Social for taking me to some really great [...]

Read More

Best Practices

Mic Cue FDIC: Matters Requiring Board (and your) Attention

Sep 14, 2016

On Aug 22, 2016, the FDIC released the Summer edition of its Supervisory Insights Journal. Okay, officially, it was FDIC Financial Institution Letter 57-2016, but that’s too much of a mouthful, so [...]

Read More

Regulations

7 Ways to Stay in Tune with Vendor Management Best Practices

Sep 7, 2016

Unfortunately, there’s no magical solution to getting your staff up to speed and keeping them there. There’s no handbook or vendor management Bible, and even the best guidance only gets somewhat [...]

Read More

Regulations

5 Key Considerations to Outsourcing Vendor Management Tasks

Aug 31, 2016

We were recently asked if there is a certain size threshold at which an institution should or should not consider outsourcing. The discussion led to a lot of thoughts – but when it came down to [...]

Read More

Outsourcing

Put a Helmet on Your Financial Institution's Vendor Management

Aug 24, 2016

No serious cyclist would ever dream of riding their bicycle without wearing a helmet. Personally, having been hit by a car twice while cycling, I probably should wear a helmet every time I talk [...]

Read More

Contract Management

Planning for next year? Don’t forget vendor management!

Aug 17, 2016

I was very fortunate when I worked in a bank; I generally always got the support and investment that I needed to run a third party risk management program.

Talking to my colleagues throughout the [...]

Read More

Budget

How you should treat 4th party vendors

Aug 3, 2016

Dealing with third parties is a lot to have on your plate, however examiners think you can still handle more. They will ask you about your fourth parties too!

What in the world is a fourth party [...]

Read More

Fourth Party Vendors

The Importance of an Exit Strategy

Jul 20, 2016

Why do I want to go into a relationship thinking about the exit?

It does seem counter-intuitive, I suppose. You're all excited about signing up this great new provider who is going to help solve [...]

Read More

Contract Management

Why SLA’s are so important

Jul 6, 2016

You’re excited to be working with a terrific new vendor. Let's go through the process.

You’ve done your due diligence, written a thorough risk assessment, gotten it approved by your risk committee [...]

Read More

Contract Management

Due diligence - regulation or just good business practice?

Jun 22, 2016

Why do we do due diligence?

There is always the natural tension between wanting to get to market with a good idea or new service provider and the need to do your homework and make sure the [...]

Read More

Due Diligence

Characteristics of a Good Vendor Relationship

Jun 15, 2016

Okay, I’ll admit it – there are always certain companies that I admire and are my favorites to do business with. 

I won’t name names, but as you read this, hopefully you can identify ones of your [...]

Read More

Contract Management

Creating an Effective Vendor Contract Management System

Jun 10, 2016

Of all of the areas of third party risk management, perhaps the most difficult is handling contracts effectively. Whether it’s negotiating, tracking or simply finding all of them, contracts can be [...]

Read More

Contract Management

Your Vendor List - The Creation, Managing and Ongoing Maintenance

Jun 3, 2016

Anywhere your company is spending money for a product or service, well, that’s a vendor of some sort. As part of your vendor management, you need to start by knowing who exactly your vendors are

Read More

Due Diligence

Let’s talk about financials…

May 25, 2016

Not all due diligence should be rated equal

Due diligence should always be risk-based and tailored to the appropriate risks represented by the third party relationship. Lots of the items collected [...]

Read More

Financials

Prince ...and what it means to keep your vendor management practices up with the times

May 11, 2016

Since Prince’s passing, the lyrics to his song “1999” kept coming to mind, which then triggered me to think about how vendor management has changed from then to now.

Read More

Regulations

The ADP breach is a good reminder to always be on the lookout!

May 4, 2016

You may have seen the news, reported in Krebs On Security and elsewhere, that payroll processing giant, ADP, was compromised by identity thieves, resulting in the loss of tax and salary data. 

Read More

Information Security

Why Due Diligence Is So Important - Some of the best advice I ever received

Apr 27, 2016

A little over ten years ago, I was leaving MBNA America following an acquisition by Bank of America. 

I really hadn’t searched for a job in nearly 20 years, so I wasn’t quite sure where to start.

[...]

Read More

Due Diligence

Spreadsheets for Vendor Management Just Don’t Cut It Anymore

Apr 13, 2016

Using Excel for your vendor management can make the data cumbersome for you to manage and difficult for your examiner to read. So why are you still using those spreadsheets?

It's time to move on! [...]

Read More

Outsourcing

Back to Basics: 5 Core Elements for your Vendor Management Program

Mar 30, 2016

Vendor management has been around for years. Having a firm grasp on the companies with whom you are doing business is not new, but the regulatory expectations continue to evolve and grow.

Whether [...]

Read More

Due Diligence

Written by

Follow