Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Challenges and Tips for Collecting Financial Information on Private Vendors

4 min read
Featured Image

Performing a financial health analysis and assessment should be on your recurring due diligence checklist for your third-party and vendor risk management program. With the varying business relationships your organization manages, the challenges of collecting sufficient financial information arise quite often when dealing with private entities.

To address these challenges, it’s important to understand why private entities are reluctant to share information with your organization. From there, your team can work to simplify and streamline your requests to these parties, which may improve your process for collecting necessary financial information for your financial health reviews.

Common Reasons Why Private Vendors Don’t Provide Financial Information

Private vendors vary in sophistication, size, and maturity. Some may be in remote locations, others may be small and employ only a few people, while others still may be extremely cautious in providing any external information to parties outside of their investors, board of directors, and the required regulatory/government organizations, like the IRS.

It’s important to understand that, unless there is a contractual requirement, a private vendor has no obligation to provide financial information to the companies they provide solutions, products, or services to.

Despite these nuances with private vendors, your organization must collect enough financial information to assess and mitigate any risks they may pose. It’s also important to determine whether a private vendor has the sufficient financial viability to perform the services they provide to your organization.

Here are a few common challenges and reasons why private vendors don’t provide your organization with sufficient financial information:

  • The vendor doesn’t have a requirement or commitment to share financials with any organization
  • The vendor doesn’t want to share due to confidentiality reasons
  • The vendor is too small and doesn’t have prepared financial information
  • The vendor is non-responsive
  • The vendor feels that preparing and sharing financial information for organizations is too time-consuming and arduous

4 Tips to Overcome These Common Challenges with Private Vendors and Financial Information

As part of your third-party and vendor risk management program, your organization should clearly define a strategy for collecting financial information from private vendors. This includes a “multi-pronged” approach with four clearly defined goals that you should strive to implement and achieve.

Here are four key goals your organization should work on to overcome the challenges of collecting adequate financial information from private vendors:

  1. Simplify the approach and the asks
    From your organization’s perspective, it’s important to define what vendors you want to collect financial information from and perform your financial health assessments on. You should split vendors into representative categories (such as critical, high risk, moderate risk, low risk) and assign types of due diligence documents and information you’d like to collect from each type of vendor.

    It may be important (or even required) to collect additional financial information from critical or high-risk vendors, but your requirements may not be the same for low-risk vendors. You should create a streamlined and consistent way of interaction between your vendor categories of vendors as well as an easy-to-follow list of information to collect.

    You can start by asking for any prepared financial information, such as an audit report (2 years minimum), internally prepared financial statements (income statement, balance sheet, cash flow statement), a financial viability letter from the vendor’s executive team (CEO or CFO), or a call to discuss financial viability with the vendor. This optionality allows the vendor to pick between simple options and give you the information for your financial reviews.

  2. Understand and explain the “why”
    By defining your program’s financial health review process, your team will better understand why collecting private vendor financial information is important.

    When explaining the “why” to private vendors, you can give context to explain and reinforce your need for financial information. This helps eliminate any miscommunication or confusion and will help alleviate their potential concerns regarding their financial information’s confidentiality. You can even sign non-disclosure agreements (NDAs) and ensure that your data handling processes are communicated to your vendor as well.
  3. Add compliance requirements in your contracts
    Before entering any agreements with new vendors, it’s a best practice to include language in your contracts that will require the vendor to provide financial information to your organization on a regular cadence (at a minimum, before signing the contract and then on an annual basis).

    From there, your organization can even choose to add service level agreements that speak to specific financial metrics, such as the vendor’s ability to prove that they have at least 12 months of liquidity/capital to sustain its operations and perform its agreed-upon services to your organization.
  4. Have a backup plan and a failsafe
    Your goal to collect financial information shouldn’t be solely reliant on the vendor to provide your organization with the necessary documents. Instead, you need to have simple backup plans and a failsafe that allows your organization to evaluate the financial health risk that may exist with your key private vendor relationships.

    These backup plans include using widely available third-party data resources (credit reports as an example) that have some indication of financial health that you can utilize.

Sufficient financial information is necessary to perform adequate financial health reviews and understand the risks a private vendor may pose to your organization. As your organization considers how to improve your collection rate and success with private vendors and their financial information, be sure to consider the tips covered in this blog.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo