Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2020 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

Vendor Oversight is all about Risk Management

3 min read
Featured Image

Bankers have been evaluating, selecting, contracting, partnering and un-partnering with third parties as a matter of normal course of business at least since the beginning of modern banking. Getting the “best deal” at contract time should not be the only objective. Making sure your institution gets the right contractual provisions can save you trouble and money in the long run.

All bankers are familiar with the basic risk management process – identify, assess, mitigate and monitor. Apply that process to working with vendors and you have a good start to an oversight program. While vendor cost and capabilities are crucial factors, they are not the only factors when evaluating and selecting a partner.

Outsourcing Risk

Outsourcing risk includes:

Operational – risk of improper or incorrect service; data information security or loss; technology or service disruption; or intellectual property infringement.

Strategic – ability to execute strategies through availability of products and services; ability for vendor to keep current with the market; prohibitive vendor service costs; or lack of control over resources.

Financial – locking in pricing for the agreed upon services; managing inflationary terms typical to such agreements; and being aware of contract relationship changes and termination provisions which can have large financial ramifications.

Regulatory – vendor agreements are subject to the FFIEC IT Examination Handbook, Interagency Guidance on Risk Management of Outsourced Technology Services and Interagency Guidelines Establishing Standards for Safety and Soundness.

Compliance – Gramm-Leach-Bliley “Safeguards Rule” and state data security laws, each institution must exercise appropriate due diligence when selecting its vendors; require its vendors by contract to implement appropriate measures as required by law; and set up ongoing vendor monitoring.

A proper risk assessment process allows bank management the opportunity to more thoroughly identify and consider threats to the bank’s business before entering into long term vendor relationships. An in-depth vendor due diligence process will greatly enhance your risk assessment process.

Due Diligence

Due diligence regarding a potential vendor relationship includes fully understanding and assessing the type of relationship being considered. Some points to consider:

  • Vendors may be new companies to the business/industry/service area
  • Niche providers and specialization often results in needing multiple vendor relationships
  • What are the ramifications to your business if the vendor is not able to deliver as promised
  • Who owns the vendor and what type of ownership exists

Assessing The Risk

In assessing the ability of potential vendors to meet your business requirements, we recommend using tools for evaluating vendor responses against your requirements and criteria. This requires documenting your requirements and mapping the vendor’s abilities to meet those requirements.

This will also help you assess risks involved with moving to a potential vendor. Beyond system requirements, information should also be obtained so that you may assess transparency of vendor internal controls, vendor’s capabilities and constraints, as well as vendor’s financial condition and trends.

The contract with the vendor is your principal risk mitigation tool. Before a contract is signed it should be thoroughly reviewed to make sure contractual provisions are included to help your institution manage risk in most every conceivable business situation. At a minimum, your vendor agreements should include:

  • Service Level Agreements for performance
  • Defined term and end of term responsibilities
  • Ownership and access to your data and information
  • Confidentiality, privacy and data security
  • Disaster Recovery and Business Resumption
  • Deconversion terms, requirements and costs
  • Implementation milestones
  • Third party reviews and audit rights
  • Early termination conditions, costs and responsibilities

If you find your time is constrained and you are unable to perform proper due diligence and risk mitigation, you may want to consider the help of experienced professionals to guide you through, or take responsibility for this process. An experienced professional will have the tools and experience to work through the process while you continue to run your bank.

Vendor Monitoring 

Once your new vendor is in place you’ll want to continue with ongoing oversight and monitoring to make sure that the terms of your contract are met, and the product or service continues to meet your needs. Build your ongoing oversight program from the due diligence done prior to the execution of the agreement.

Assign a bank officer to the vendor who will be responsible for documenting performance issues, hold regular meetings with the vendor account manager and report regularly to the appropriate senior officer. Additionally, the vendor should be incorporated into your overall vendor management program which should include a regular review of their third party audits, financial statements and performance against service level agreements.

And remember, don’t get caught without enough time to fully negotiate and discuss issues with your vendor prior to contract renewal. Plan to evaluate your vendor relationship well ahead of expiration so that you leave time to negotiate new terms, or consider other vendors, and possibly even change systems, if you are not happy.

Vendor Due Diligence Guide

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo