Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit


Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2021-cropped
State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.

DOWNLOAD NOW

Is Sr Management & Board Involved Enough In Vendor Management? Ask These Questions

4 min read
Featured Image

A few weeks ago we discussed the importance of senior management and board involvement regarding vendor management. How do you know if you're following the OCC Bulletin 29-2013 guidance and OCC Bulletin 7-2017 supplementary examination procedures correctly? Ask these questions to help.

Board of Directors Requirements

What guidance says: Ensure an effective process is in place to manage risks related to third party relationships in a manner consistent with the financial institution’s strategic goals, organizational objectives and risk appetite.
Ask yourself: Has your financial institution aligned your processes with an overall risk framework?

What guidance says: Approve the financial institution’s risk-based policies that govern the third party risk management process and identify critical activities.
Ask yourself: Are your policy and program documents up to date and consistent with the guidance? Are your policy and program approved annually by the board?

What guidance says: Review and approve management plans for using third parties that involve critical activities.
Ask yourself: Does the board have a plan for reviewing new and critical third parties?

What guidance says: Review summary of due diligence results and management’s recommendations to use third parties that involve critical activities.
Ask yourself: Does the board require updated due diligence on a recurring basis for all third parties?

What guidance says: Approve contracts with third parties that involve critical activities.
Ask yourself: Does the board have a process in place for reviewing and approving third party contracts?

What guidance says: Review the results of management’s ongoing monitoring of third party relationships involving critical activities.
Ask yourself: Does the board have a documented monitoring program?

What guidance says: Ensure management takes appropriate actions to remedy significant deterioration in performance or address changing risks or material issues identified through ongoing monitoring.
Ask yourself: Will the board notice and address, at a board level, significant concerns in your third parties?

What guidance says: Review results of periodic independent reviews of the financial institution’s third party risk management process.
Ask yourself: Is third party risk part of your audit program?

Senior Management Requirements

What guidance says: Develop and implement the financial institution's third party risk management process.
Ask yourself: Is senior management involved in the development and administration of third party risk?

What guidance says: Establish the financial institution's risk-based policies to govern the third party risk management process.
Ask yourself: Is there a process or an existing protocol for third party risk that has been approved by senior management and the board?

What guidance says: Develop plans for engaging third parties, identify those that involve critical activities and present plans to the board when critical activities are involved.
Ask yourself: Is there a documented set of steps to follow for boarding new third parties?

What guidance says: Ensure appropriate due diligence is conducted on potential third parties and present results to the board when making recommendations to use third parties that involve critical activities.
Ask yourself: Is due diligence required prior to contracting a new third party?

What guidance says: Review and approve contracts with third parties. Board approval should be obtained for contracts that involve critical activities.
Ask yourself: Are there contractual standards for third parties?

What guidance says: Ensure ongoing monitoring of third parties, respond to issues when identified and escalate significant issues to the board.
Ask yourself: Is there a documented set of guidelines for ongoing monitoring?

What guidance says: Ensure appropriate documentation and reporting throughout the lifecycle for all third party relationships.
Ask yourself: Is there clear adherence to the guidance to ensure that all third party activities are conducted continuously rather than a snapshot at a point in time?

What guidance says: Ensure periodic independent reviews of third party relationships that involve critical activities and of the financial institution’s third party risk management process. Analyze the results, take appropriate actions and report results to the board.
Ask yourself: Is senior management holding audit accountable for reviewing third party risk management program activities?

What guidance says: Hold accountable the financial insitution employees within business lines or functions who manage direct relationships with third parties.
Ask yourself: Is there sufficient training, particularly at the front line, to ensure everyone understands their role in third party risk management?

What guidance says: Terminate arrangements with third parties that do not meet expectations or no longer align with the financial institution’s strategic goals, objectives or risk appetite.
Ask yourself: Are there clear provisions in every contract to dictate what steps and mutual responsibilities there are to terminate third parties?  Equally important, what happens to the data post-termination?

What guidance says: Oversee enterprise-wide risk management and reporting of third party relationships.
Ask yourself: Is your third party risk management program a part of your institution’s overall enterprise risk program with fully developed standards?

You should be answering "yes" to all of these questions. If you have trouble responding to any of these, it’s time to give your third party risk program a full review and adjust where needed.

A lot of these points relate to your vendor management Policy, Program and Procedures. Check out our Vendor Management Umbrella infographic series for more tips on those documents.

Vendor Management Policy Program Procedures Umbrella Infographic Series

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo