Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Knowing Your Vendor Is More Than Just Doing an Annual Risk Assessment

4 min read
Featured Image

We’ve seen what we call the square peg syndrome. It’s the mindset that all vendors and the oversight required is the same. In some cases, that could be true, after all, a business continuity or disaster recovery plan is extremely important on a critical vendor.

However, the issue arises when the oversight activity skims the surface of the real nuts and bolts of a specific vendor operation. This is where the risk of the square peg and round hole becomes apparent.

Work Through Issues in Obtaining Information

A common issue in oversight practices is assuming that the vendor will have the standard information on hand or even cares about your long list of audit requirements. For example, the contractor who receives the lawn cutting order from a property preservation is extremely unlikely to have a SOC report.

Believe it or not, these vendors do receive such requests. For any property preservation lawn guy or gal out there, please send the name of the vendor manager. We’ll have a chat!

Think of your vendors individually and ask for documents/information that makes sense for them. And, if it’s a document that you really do need from them that they won’t give you, figure out other methods of obtaining the information.

CFPB Now Involved in Vendor Oversight

In 2017, the CFPB announced that they too would be reviewing vendor internal operations, adherence to policy and procedures. You can read more about this piece here.

It’s likely that the CFPB has the advantage with the army of compliance attorneys on hand to perform such oversight of vendors. And because of this, if you haven’t already familiarized yourself with the actual regulatory compliance requirements which your vendors must follow…the time is now.

Regulations Broken Down by Vendor Type 

Here’s a list of regulation notes to be aware of. Note that some regulations are broad and cross over multiple vendor services or products. Others may be vendor specific. 

  •   FCRA - Fair Credit Reporting Act - The Fair Credit Reporting Act, 15 U.S.C. § 1681 (“FCRA”) is U.S. Federal Government legislation enacted to promote the accuracy, fairness and privacy of consumer information contained in the files of consumer reporting agencies.

  • Credit Reporting Agencies should be encouraged to have an intense training and compliance program dedicated to the adherence of FCRA.

  •   UDAAP  Unfair, Deceptive or Abusive Acts or Practices – UDAAP is a provision of Title X of the Dodd-Frank Act. This provision is broad in the sense that guidance is relatively vague and has been known to be used by the CFPB as explanation for non-compliance in enforcement actions. At a high level, its aim is to protect consumers from harm by unfair marketing, misleading representation and causing the consumer the inability to make informed decisions to the material risks, costs of the product or service. 

Recent enforcement actions for UDAAP violations include high-cost loans originated through a tribal lender, servicing misconduct and deceptive sales practices, deceptive debt collection, deceptive marketing, servicing errors, servicing misconduct, processing improper transactions and illegal collection of fees.  

  • Regulators have levied many enforcement actions against organizations, resulting in multi-million-dollar settlements. The potential to suffer from reputational risk could be detrimental in your business operation and the financial impact on your consumer could be equally as severe.
  • All vendor products and services who interact or offer financial services to the consumer are subject to UDAAP review. It’s imperative that oversight includes UDAAP complaints, enforcement actions and training and testing of UDAAP compliance is in place.

  • AIR – Appraisal Independence Requirements – Often misinterpreted by lenders on how AIR applies, the Appraisal Independence Requirements (AIR) were developed by Fannie Mae, the Federal Housing Finance Agency (FHFA) and Freddie Mac. As of April 2017, only Fannie and Freddie have adopted the AIR regulations. It applies only to 1-4 residential units which are sold to Fannie or Freddie. Loans insured by VA or FHA do not fall under this regulation. 

While the regulation is aimed at limiting any undue pressure on appraisers and appraisal management companies (AMCs), it’s important that lenders understand the AIR rule and the oversight requirements. AMCs and independent fee appraisers must understand the importance of the AIR regulation and have policies and procedures in place to remain compliant. It’s worth mentioning that AIR can very easily be broken by lender in-house appraisal departments. It’s highly encouraged that executive risk managers perform AIR audits of their internal process.

Remember, not all vendors are created equal and the regulations covering vendor services do vary as we have demonstrated above. While this is not an exhaustive list of federal consumer regulatory compliance requirements, it should demonstrate that a good understanding of the regulations which dictate your vendor partners is key in ensuring that you’re performing an adequate oversight program.

See the due diligence items that are critical to perform for your vendors. Download our checklist.


Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo