Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Ballard Spahr Attorney’s Perspective on Third Party Risk

4 min read
Featured Image

As part of our Venminder Thought Leadership series where we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best practices, trends, and more, I had the opportunity to speak with Glen Trudel of Ballard Spahr LLP.

Glen is the consumer financial services banking and business attorney at Ballard Spahr. He counsels financial institutions, marketplace lenders, fintech entities and other companies on both regulatory and transactional matters. He also advises state and federal financial institutions on regulatory, operational and vendor outsourcing matters, debt, sales and collection agreements and other transactions. You can listen to the full interview here.

Glen Trudel Interview Highlights

During our time, we covered:
  • Third-party risk struggles financial institutions are facing
  • Ongoing vendor risk management
  • Cybersecurity and industry expectations
  • Senior management and board level involvement

When asked how financial institutions are doing with regards to third party risk management, Glen shared that while it’s difficult to make pronouncements for the industry as a whole that is meaningful, he does think everyone is dealing with similar issues and it’s a job that never ends.

He said it’s a continuing process in which you are trying to establish a workable and compliant process and a structure that allows you to consistently do what your procedures say you’re doing. With the release of OCC Bulletin 2013-29, it’s safe to say the expectations have been raised and that financial institutions need to be doing this continuously. 

3 Common Third-Party Risk Management Struggles 

A few areas came to Glen’s mind when thinking about the struggles in the industry:

  1. Cooperation from the third party service vendors. This seems to be the most major issue. Particularly, it’s difficult to get third party vendors who are providing critical functions to help meet regulator expectations and requests, such as level of access, the level of information or auditing to be provided. This is something most institutions understand all too well at this point.

    Solution: Glen thinks there is a potential solution to this issue. Take into consideration regulatory guidance OCC Bulletin 2017-21 which discusses collaboration when using the same service provider. This can lead to additional benefits like gaining access to other institution’s reporting that you may not be receiving from the provider and overall more negotiating opportunities.
  1. Ongoing monitoring and maintenance of vendors. It’s often easy to lose sight of the ongoing monitoring requirements. After all, it’s said to be the most forgotten pillar of vendor management. This can be a huge issue when regulators are on-site and requesting documentation showing XYZ and the documentation is lost in the shuffle, or worse, not available because the due diligence wasn’t done.
  1. Not having a robust enough system in place. Without a robust vendor management system, regulators may pick up on your vendor’s regulatory or service deficiencies before the system does, which can be an issue.

Cybersecurity – How Hot Is the Topic Really?

Glen thinks cybersecurity is a very hot topic and will only continue to be. So why exactly is this? Well, the industry is always evolving, and new systems are constantly being introduced into the marketplace which means additional regulations and requirements becoming necessary and industry best practices emerging again.

“Institutions really need to have their fingers on the pulse of this,” Glen said.

At Ballard Spahr, they are constantly getting requests from clients who are asking for pre-incident counseling, post-incident counseling, table top procedures and all kinds of related cybersecurity material. Cybersecurity is going to take additional resources to properly manage at institutions of all sizes.

As a quick tip, Glen gave some expert insight regarding cybersecurity within agreements: It’s important to avoid unrealistic incident reporting obligations. When an agreement says, for example, that an incident’s root cause with an additional list of requirements must be reported within a short timeframe, like 24 hours of the breach, it’s simply unrealistic and probably not going to happen. The standard is unsustainable as often times it can take months to know all systems that have been affected.

Senior Management and the Board – Demonstrating Their Level of Involvement in Risk Management

There are some ways that senior management and the board can best demonstrate their level of involvement. These include:

  • Having retrievable documentation of all the efforts being made by senior management and the board.
  • Taking into consideration regulatory feedback. If the regulator gives feedback regarding senior management or the board’s level of involvement, whether it be positive or negative, regarding the program, go ahead and document it so that it’s available for all to reference.

In order to show senior management and the board’s level of involvement effectively, it all comes back to documentation that outlines their involvement. People leave companies, they are promoted or even change departments which means that you may no longer be able to go directly to the source with questions so it’s important that everything senior management and the board are doing is documented well.

In Summary

Glen touched on a lot of great areas in third party risk management during our short time together. I look forward to seeing how each of these evolve and would like to extend a thank you to Glen and Ballard Spahr for their time. Be sure to subscribe to our Thought Leadership interview series to be notified as more informative interviews are released.  

As Glen said, it's important to communicate to your board and senior management their involvement in third-party risk management - download our infographic now to help guide you through this task.

Regulatory Developments Impact Your Next Vendor Management Exam eBook

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo