Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


December Vendor Management News

9 min read
Featured Image

It's the last month of the decade! Stay updated each week with important vendor management news and resources. You can find key articles here.

Recently Added Articles as of December 26

To wrap up December, it’s a shorter news week. It’s likely this is because of the holiday season. Nonetheless, there are some events worth sharing like the massive $1.4 billion Equifax settlement and three data breaches in one day.

Equifax 2017 data breach reaches final settlement of $1.4 billion: Recently, final settlement approval was given in a lawsuit between Equifax and 147 million consumers who were impacted by the 2017 data breach. Equifax will settle for $1.4 billion. However, given there is no cap on the settlement, the creditor could pay as much as $2 billion, or even more, if the entire group of consumers affected sign up for 10 years of free credit monitoring. Yes, you read those numbers right.

Three separate data breaches in one day impacts consumers: This holiday season, many may be screaming “ho ho NO!” as three separate credit card data breaches happened in one day this last week. ‘Tis the season. Remember, data breaches are impacting more and more these days and are especially heightened around the holidays so, as a best practice, monitor your accounts and remain as aware as possible.

GreenDot CEO retiring: The prepaid card and banking services provider, GreenDot, announced their founder and CEO is retiring. He’ll become the Chief Innovation Officer and continue to advise at the company for two more years. Also announced, the provider’s CFO is retiring.  

Recently Added Articles as of December 19

In this week’s news, we see the rise of the fintechs as PayPal takes on the CFPB over the prepaid rule and Google provides advice to the Federal Reserve. Also, more analysis on the constitutionality of the CFPB and some remarks by the director of FinCEN.

Google advises the Federal Reserve on FedNow: You may be wondering if you read that right. Google gives The Fed advice? That’s right! Google sent a letter to The Fed requesting they consider mirroring India’s Unified Payments Interface (UPI) as they develop FedNow, a faster digital payments service.

Banks have learned from the past on risk management: Earlier this year, US banking agencies became less restrictive on large banks that had been established after the 2008 financial crisis. This is part of the deregulation trend that sparks a lot of controversy. These days, loosening up regulations may be less critical as risk management in banks has transformed through the year. Now, risk officers give their input and have a large say in how to balance risk. Developments like this benefit banks by helping provide protection from future crises. Read more to learn about the developments and how they’ve impacted the banking industry and risk management

Fintech Ratings in 2019: There’s a lot of competition in the fintech world. Curious to learn who the fintech shark tank considers to be winning and losing? Here’s a preview. Goldman Sachs is on the winning side, while Robinhood is on the losing side.

CUNA challenges CFPB leadership structure: More challenges to the CFPB’s structure are brought forward as CUNA agrees with Seila Law and feels the structure violates the separation of powers. CUNA has wanted to replace the CFPB’s single-director leadership structure since the bureau’s creation.

Former Goldman Sachs executive is slapped with a FCPA violation: The SEC charges a former Goldman Sachs executive, Tim Leissner, for violating the Foreign Corrupt Practices Act (FCPA) by engaging in a corruptive scheme. The former executive received lucrative contracts for Goldman Sachs by paying unlawful bribes to government officials. Leissner will pay $43.7 million. A stark reminder for all of us to watch our overseas practices.

PayPal takes on the CFPB over the prepaid rule: PayPal is suing the CFPB because of the Prepaid Account Rule which they find violates the Administrative Procedures Act as well as PayPal’s First Amendment right. In addition, along with a few other complaints, PayPal doesn’t like that the Prepaid Account Rule mandates their consumers go through a 30-day waiting period after opening an account before they can link a credit card to it. The company feels this shouldn’t be the case for digital wallets. Will PayPal win this argument?

Director of FinCEN speaks at Financial Crimes Enforcement Conference: At the conference, Kenneth A. Blanco, Director of FinCEN, addressed FinCEN’s usages of BSA data, the status on their BSA Value Project, the importance of beneficial ownership and more.

Risk checklists help you know the steps to take to prevent holiday scams: Tis’ the season! These risk checklists may help you manage holiday scams and prevention for your organization and consumers.

Recently Added Articles as of December 12

This week, there’s a lot of focus on rulemaking efforts and upcoming laws and regulations such as CCPA. UDAAP is in the news a couple of times, the FTC settles a large deceptive advertising lawsuit with a for-profit university, first party fraud is discussed and more.

NAFCU and the CFPB discuss innovation and upcoming rules: NAFCU recently shared the credit union perspective regarding the CFPB’s innovation policies and rulemaking. Some of the discussion surrounded unfair, deceptive, or abusive acts or practices (UDAAP), payday lending, debt collection and more. NAFCU also addressed some of their concerns around the possible expiration of the temporary government-sponsored enterprises (GSEs) qualified mortgage (QM) patch. NAFCU and the CFPB will continue to work together to tackle issues.

NAFCU and NCUA discuss exam issues: NAFCU’s president, Dan Berger, and NCUA board member, Todd Harper, met earlier this week to discuss examination issues. The NCUA has proposed adding a new examination program for large credit unions. This is known as the consumer compliance examination program. NAFCU is concerned as they feel this will add more regulatory burdens. Credit unions want exam consistency; therefore, NAFCU and NCUA are working together to improve the examination process. Regulatory burdens are real for credit unions. Do you agree?

Google makes changes to its financial products and services policy: The policy will now restrict the advertisement of three areas: debt settlement, debt management services and credit repair services. The policy is global. It appears Google is bowing to UDAAP pressures.

FTC and University of Phoenix settle a deceptive advertising lawsuit for $191 million: The FTC settlement will resolve the deceptive advertising charges against Apollo Education Group, parent company of University of Phoenix, and the university. According to the lawsuit, the university engaged in deceptive advertising by falsely advertising relationships with companies like AT&T, Microsoft and Twitter and fabricating job opportunities that will be available because of those relationships. Remember, UDAAP compliance is important. Consumer deception leads to hefty fines.  

CCPA is on the horizon: Compliance with the California Consumer Privacy Act (CCPA) is rapidly approaching. On January 1, 2020, the new data privacy law will become effective. Many organizations seem to be frantically scrambling to get everything in order for CCPA compliance. In this article, three key CCPA takeaways are shared to help you develop your approach. These include data mapping, service provider agreements and data governance.

First party fraud is happening, and you need to fight back: Criminals make a career of trying to steal from all of us. Tina Grigio, President and CEO of ICBA Bancard, says fight back. So, what is first party fraud? According to the article, it’s committed by individuals who have no intent to pay and that use both authentic and fabricated identity information to intentionally defraud. It’s a growing area of concern. Companies like Visa are fighting back and implementing chargeback and fraud monitoring rules as well as new technology solutions to assist with these concerns. ICBA Bancard announced that they will be incorporating these technologies into their offerings, too. This is all in an attempt to help community banks continue to grow. Are you aware and preventing first party fraud?

The FDIC to discuss the Community Reinvestment Act: Today, the FDIC’s board will gather to discuss the proposed revisions to the Community Reinvestment Act (CRA) regulations and the brokered deposit rule. This could change how the banking industry serves lower-income communities. So, will CRA change? That’s actually a big concern for banks and this could be an important day in the industry.

Recently Added Articles as of December 5

Happy December! 2019 has almost come to an end, but in vendor management this isn’t a time to slow down. This week, we have news regarding Congress and their upcoming plans now that they’re back in session, fintech predictions, an update on cyber-attacks, some valuable vendor management lessons and more.

Comptroller of the Currency’s written statement on the condition of the federal banking system: In addition to submitting a written statement of the condition of the federal banking system, Comptroller of the Currency, Joseph Otting, shares the OCC’s regulatory priorities. Within the statement, he mentions risks associated with cybersecurity and third party outsourcing.  

Reviews in progress as Congress is back in session: Congress returns to session. With only three weeks left of government funding, they’re putting a lot of focus on fiscal year 2020 spending bills in an effort to avoid a shutdown. And, NCUA’s board chairman Rodney Hood is expected to testify before the House Financial Services Committee and Senate Banking Community as they’re reviewing regulators’ processes to ensure safety and soundness. FDIC and Federal Reserve representatives will also testify. It’s expected to be a jam-packed week.

Supreme Court provides an update on the case regarding the CFBP’s leadership structure: Oral arguments will be held in March 2020. The case continues. Now, we’re just waiting to see what happens next year.

Fintech predictions for the 2020s: Interested in what will shape fintechs in the next decade? This article shares 5 debates. The first one on the list is the following question: Are branches dead or alive? Check out this article for some interesting perspective and predictions.

Healthcare breaches teach some valuable lessons in vendor management: Major healthcare breaches this year have taught the industry some valuable lessons. Three of the top lessons include vendor risk management is more important than ever – we agree, data recovery is no guarantee and business continuity plans, IT infrastructures, software patching, etc. should be kept up-to-date. Do you always keep these considerations in mind at your organization?  

A financial services startup pulls their application for national bank charter: Robinhood, an electronic trading platform, has pulled its national bank charter application. The company shares that they don’t currently have any sights on pursuing another charter. Something tells us this may be the first bank charter application withdraw of many.

It’s the time of year for cyber attacks: The FBI sends out a warning about targeted cyber attacks. Given the holiday season, like previous years, cyber attacks are on the rise. So, what can you do? A few of their recommendations to mitigate risk include personnel training, enhanced authentication, separate backups, updating and patching your computer systems and observing least-access principles for all accounts.

Serving the unbanked creates competition: Some financial institutions, credit unions and small community banks in particular, are facing competition with organizations who are catering to “unbanked” individuals. Unbanked means someone who doesn’t have an account. These institutions often work with who the industry considers the underserved, meaning poor credit for example. However, they’re not necessarily focused on the unbanked. This is creating some new competition. Is it time for credit unions and small community banks to slightly shift their focus?

CUNA expresses TCPA concerns: CUNA files a brief with the Supreme Court that shares their Telephone Consumer Privacy Act (TCPA) concerns. According to CUNA, the TCPA hinders credit unions by affecting the flow of information. It also requires them to pay the costs of lawsuits. CUNA feels this is a flawed act.

Ballard Spahr analyzes what the Fed’s proposed entry into the real-time payment system really means: FedNow is the Fed’s real-time payment and settlement service that is under development. There’s a lot to know. This article breaks down what it is, why it’s significant and provides a deeper understanding of an RTP.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo