(270) 506-5140 CONTACT US
Best Practices

14 Key Components of an Effective Vendor Risk Management Program

Jul 11, 2018 by Branan Cooper

I’m often asked to discuss what comprises an effective vendor management program. While there are numerous things to consider, below I've listed 14 of the most important elements.

14 Key Components of an Effective Vendor Risk Management Program

  1. Ensure the entire vendor management system is described in detail in a set of policy and program documents.

  2. Develop a rigor around the processes to drive consistency and an easy to follow set of procedures. This way management is more likely to embrace the procedures and not work around the process.

  3. Establish a clear line of communication to senior management and the board; the regulatory guidance mandates this. Review OCC Bulletin 2013-29 for more information.

  4. Obtain adequate staffing and budget to support the size and complexity of your vendor management processes.

  5. Utilize subject matter experts from around your organization or even outside your organization when needed – an expert independent review can provide an additional perspective.

  6. Provide regular reporting to your management team, particularly as risk issues arise.

  7. Hold managers accountable for their actions in communicating vendor management requests to your third parties.

  8. Ensure, and test, adequate coverage of each pillar of vendor risk management. Everything in the vendor management lifecycle should get equal and periodic attention. This begins with planning and continues until contract termination.

  9. Along with rigor, there will always need to be some level of flexibility for things like emerging technologies, start-up vendors or the exceptions to the process. Document these well so it doesn’t appear inconsistent.

  10. As regulations change or situations arise, update your documentation accordingly and always involve subject matter experts from around the organization.

  11. Consider the best model vendor management framework for your institution – centralized, decentralized or hybrid – but ensure there is consistency in form and practice. This is particularly important from a due diligence and contract perspective.

  12. Don’t overlook the importance of ongoing monitoring or consumer complaints. Ongoing monitoring can protect your organization from unwanted risk while consumer complaint monitoring can really protect the organization’s reputation risk.

  13. Periodically test the work product as part of your regular audit schedule. Verify the work product matches your policy and program guidelines.

  14. Invite and encourage feedback from your management team and vendors as to what is going well and what can be improved.

Vendor management is both a science and an art. Doing these steps well will help you create a masterpiece of a program. 

Policy and procedure documents usually accompany your program. Download our infographic series to learn the key components of each.

Vendor Management Policy Program Procedures Umbrella Infographic Series

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog