Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


FDIC Highlights Third-Party Oversight Failures in Supervisory Report

4 min read
Featured Image

Each year, the Federal Deposit Insurance Corporation (FDIC) performs a series of regulatory examinations to ensure supervised institutions are maintaining compliance programs and mitigating consumer risk. The results of these examinations are outlined in an annual report known as the Consumer Compliance Supervisory Highlights.  

Since the FDIC played a key role in developing the Interagency Guidance on Third-Party Relationships: Risk Management, it’s not surprising to discover that this year’s Supervisory Highlights include deficiencies in bank oversight of its third-party relationships. By understanding these deficiencies, your financial institution can more easily identify potential compliance areas requiring mitigation and strengthen its third-party risk management (TPRM) program.

Note: Text taken directly from the Supervisory Highlights is in italics.

FDIC Supervisory Highlights Identify Third-Party Compliance Issues

The FDIC performed almost 900 consumer compliance examinations in 2023 and identified many issues related to inefficient third-party risk management practices.

Here are some of the significant compliance issues the FDIC identified:

  • Third-party issues – The report states that some compliance issues were caused by non-bank entities that provide products and services directly to a regulated bank’s customers. These third-party relationships created compliance issues through:
    • Misrepresentation – Some third parties created false or misleading representations about their products being FDIC-insured.
    • False advertising – The FDIC found issues related to false advertising on credit-building products. Third parties failed to conduct an analysis to support their claims and overstated their products’ abilities to perform as intended.
    • Mishandling disputes – Violations were issued because of a third party’s failures to investigate electronic fund transfers (EFTs) disputes, report the investigation to consumers, and correct issues. 
  • Bank issues – The FDIC also recognized other compliance issues that were solely caused by financial institutions. Those issues include: 
    • Unreasonable payments – Some financial institutions didn’t have processes to determine whether payments to mortgage brokers were reasonably related to the value of the services provided.
    • Poor third-party oversight – An institution was found to have failed to establish and maintain internal controls with its third-party lenders, which led to unsafe or unsound banking practices.

fdic highlights third-party oversight failures supervisory report

6 Tips for Third-Party Compliance With the FDIC

Each of the FDIC’s findings in the Supervisory Highlights is accompanied by a list of suggested activities to mitigate risk. Many of these activities are generally considered best practices and are likely already implemented in your third-party risk management program. It’s important for financial institutions to remember that they hold responsibility for third-party compliance.

Some of the activities to implement into your program include: 

  1. Board and senior management involvement – Financial institutions should ensure the board and senior management are involved throughout the entire third-party risk management lifecycle, specifically in relation to accepting a third party’s consumer compliance risk. 
  2. Governance documentation – Policies and procedures should be formally documented to address third-party compliance risk and guide third-party risk management activities.
  3. Risk assessments – Thorough and periodic risk assessments should identify and mitigate third-party risks, which may include legal and compliance considerations. 
  4. Pre-contract due diligenceComprehensive due diligence should be performed before entering the third-party relationship. If applicable, this should include verifying the third party’s advertising claims about its products or services. 
  5. Contract management – Third-party contracts should be structured to address areas such as compliance requirements, consequences for noncompliance, the right to audit, and performance expectations.
  6. Ongoing monitoring – Financial institutions should perform ongoing monitoring and oversight that is tailored to the level of risk in the relationship. This may include monitoring the third party’s performance, marketing activities, and compliance with consumer laws and regulations. 

Maintaining regulatory compliance in your third-party risk management program will continue to be an ongoing effort as new risks emerge and priorities evolve. Reading up on reports like the Supervisory Highlights can give you renewed focus on compliance issues that may impact your financial institution. 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo