Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


March 2020 Vendor Management News

13 min read
Featured Image

Make sure you're not the last to know about key vendor management news and articles! We've compiled a list of the important information you need to know in the month of March. 

Recently Added Articles as of March 26

It’s a slower news week as we all adapt to “the new normal”. However, there's still some news to know. It’s primarily related to COVID-19.

CFPB’s response to COVID-19: The CFPB published several resources to educate consumers on how to protect their finances during the COVID-19 pandemic. It’s safe to say that during this time, as many resources as possible the better. Check them out.

SEC provides relief for agencies impacted by COVID-19: Registered investment companies will receive temporary flexibility and relief if impacted by the coronavirus. This is to help financial market participants in tackling the effects of the coronavirus.

$6.9 million in refunds to the victims of an office supply scam: The FTC will refund small businesses, non-profits and government agencies who were targeted. On average, $525 will be sent to each organization scammed. Remember, be on the lookout for suspicious emails and educate your employees on how to identify a phishing email.

Regulatory perspective on COVID-19: JD Supra shares their analysis on regulators’ requests for organizations to assist customers impacted by COVID-19. FDIC FIL-17-2020 specifically encourages financial institutions to do that. For example, they can waive late fees, increase credit limits to creditworthy customers and/or offer payment deferments. Many other regulators continue to give suggestions on how to assist customers during this challenging time, too.

Chinese data gives insight into what’s to come for the U.S. economy: Unfortunately, it’s not all positive. Due to the pandemic, from January to February, their industrial production dropped 13.5% year over year. A record decline in numbers. The U.S. hasn’t released their economic data for the current month yet; however, some poor numbers are predicted. Stay tuned.

Recently Added Articles as of March 19

The highlights from this week’s important news include the coronavirus and its impact on cybersecurity as employees go remote, cybersecurity and reputation risk, supply chain disruptions due to the coronavirus, a rare joint statement from the regulators and much more.

New York state regulated organizations must have operational risk preparedness plans in place: NYDFS is asking that New York state regulated organizations respond within 30 days of March 10, 2020 letting them know if they have a preparedness plan in place to address operational risk. This is in response to the COVID-19 outbreak. There are 9 specific elements that the plan should cover, and you should be aware of.

CCPA revisions are proposed: On July 1, 2020, CCPA will be enforced. In the meantime, many are reviewing the act and determining if there are areas that need modified. The California Attorney General has proposed modifications including removal of the opt-out button which has proven to be confusing, partial relief from notice of collection and more.

Cybersecurity and remote work: Looking for tips and tricks to manage cybersecurity risks of remote work? This article breaks down 3 considerations which include policy, communication and preparation and provides many remote work cybersecurity tips.  

A pandemic planning breakdown: This special edition report provides a quick overview of business continuity planning for a pandemic event, board and senior management responsibilities, communication and coordination with third parties and more.  

KPMG summarizes regulatory expectations for COVID-19: According to KPMG, pandemic plans must address resiliency to market volatility, technology, operations – which does include third parties – customer/investor protections and regulatory compliance. The firm says they’re ready to assist clients with their pandemic planning challenges and helps break some of it down further or you in their summarization.

Supply chains impacted by cybersecurity incidents: In 2019, around 300 cybersecurity incidents impacted supply chain entities. This year, they’re facing even more unfortunate supply chain risk with the COVID-19 outbreak.

Rent-a-Bank lending practices in the spotlight: Rent-a-Banks tend to focus on consumers with poor credit, giving them loans at extremely high rates. Consumers are urging federal banking regulators to investigate this and put a stop to it. This is sort of a reverse third-party risk issue, but well worth understanding as it’s a target for regulatory scrutiny.

Analysis on the clarifications around “Abusive” in UDAAP: In late January, the CFPB issued a policy statement to provide more clarity around the term “abusive”. According to the policy statement, principles considered when determining abusive include first, if it harms consumers or not; second, evaluating if it’s already found to be unfair or deceptive and third, determining if there was “good-faith effort” to comply with the abusiveness standard or not. (3-11)

The importance of considering cybersecurity and reputational risk: Did you know that according to Salesforce’s third edition of the State of The Connected Customer survey that 84% of customers stay loyal to companies with strong security controls? So, if you’re wondering how critical cybersecurity is on reputational risk, the answer is very much so. Learn more about monitoring and managing reputational risk.

OCC charged with stifling fintech innovation: The OCC goes from leading the charge on fintech charters to potentially stifling innovation with new guidance on data sharing. Kind of odd since they were the ones who proposed the fintech charter.

Wells Fargo shares updates regarding their compliance department: Wells Fargo is following third-party risk best practices. They’ve doubled down on compliance and added 3,300 to the compliance staff. And, they’re making it independent of the lines of business.

Growing need for compliance professionals: Compliance efforts have been in the spotlight at many companies for a while now. Last year, fines increased with the U.S. Treasury Department’s Office of Foreign Assets Control issuing about $1.29 billion in penalties – a decade high. Enforcement actions like this and regulatory scrutiny from the regulators has led to a need for more compliance professionals. CNH Industrial, a maker of agricultural and construction equipment and commercial vehicles, is one company that has been looking to add trade compliance staff to its 30-person global compliance group. Michael Going, the company’s chief compliance officer, observes: “Those third parties can also bring a bit of a benchmarking perspective on things. How are other companies dealing with that kind of situation?”

Jo Ann Barefoot on the legal impediments to fintech startups: Jo Ann Barefoot is committed to transforming the financial regulatory system. In 2019, she founded a nonprofit policy group, Alliance for Innovative Regulation (AIR), to do just that. The goal is to determine where laws prohibit or constrain regulators from promoting innovation.

Cybersecurity risks increase during the coronavirus pandemic: Thankfully, many companies are doing their part to keep their employees and customers as safe as possible. For many this means allows employees to work remotely. However, working remotely opens the doors to heightened cybersecurity risks. To manage this, Asher de Metz who is a security consulting senior management at Sungard Availability Services, recommends you verify that your business continuity plans incorporate cybersecurity rules and that your employees are properly trained.

Rare joint statement from the regulators: Regulators and state regulators are asking institutions to help those affected by the coronavirus. As customers are impacted financially, regulators would like institutions to respond appropriately.

Recently Added Articles as of March 12

This week, in industry news, most of it's covering pandemic planning and the updated guidance from major regulators like the FFIEC, OCC and FDIC. We also have the updated OCC guidance with a deeper dig on the FAQs presented in Bulletin 2017-7, FDIC staff buyouts, a former risk officer fined for weak AML oversight and more fallout in the Wells Fargo scandal as they head for a hearing in Congress.

OCC is encouraging member institutions to meet the needs of those affected by the coronavirus: By meeting the needs of those affected, the OCC means meet their financial needs. Regulators expect the institutions to work diligently with borrowers and other customers in communities that have been impacted.

Learn what big banks are doing during the coronavirus outbreak: Banks like JPMorgan Chase, Bank of America, Morgan Stanley and more are moving staff to their backup locations due to the coronavirus outbreak. This is to help minimize operational disruptions. Contingency plans are being implemented across the U.S.

FDIC’s statement on pandemic planning: Per the FDIC, “pandemic planning is an important part of financial institutions’ business continuity planning.” Check out the highlights from the FDIC’s statement on pandemic planning here.

Wells Fargo’s risk and compliance failures: Wells Fargo is in the headlines again. In this new report, you’ll find that many are blaming the board of directors and senior management for risk and compliance failures. Maybe this is what has led to two Wells Fargo board members resigning just days prior to their scheduled testimonies before Congress. We always say risk responsibility falls squarely on the board.

Selecting a vendor in the mortgage industry: The latest Dodd Frank update includes an interview about selecting a new vendor. Surprisingly, there are few mentions of compliance or true operational risk management. It’s more process oriented.

De novo activity at a halt: No new applications have been filed with the FDIC since end of last year. This is the longest dry spell in over two years. It’s likely due to a difficult operating environment and the coronavirus outbreak. It seems it’s too tough to launch a de novo bank in today’s regulatory environment.

Importance of pandemic plans: Here is a timely blog for you. Forrester finds only 43% of employees believe their company has a pandemic plan. Right now, knowing what you’ll do if most of your employees become ill due to the coronavirus is more important than ever. Take a look and confirm you have a plan in place.

FFIEC on pandemic planning: Curious about the differences between business continuity plans and pandemic plans? The FFIEC has you covered. And, the OCC mentions the FFIEC in their release on pandemic planning in OCC Bulletin 2020-13.

FDIC offers buyout to its staff: The regulator is offering buyouts to about 20% of its staff. According to the FDIC, 42% of their workforce will be eligible to retire within the next 5 years. The buyout is to assist the agency with reshaping their workforce and improving preparedness.

Lending and fintech updates in California:  Ongoing changes are occurring in California. Lending enforcements are increasing, but even more interesting to note, is California isn’t advocating for bank-fintech partnerships. In fact, they have a very negative view on it. Due to this, enhanced regulations may lead to fintechs leaving the state of California or cause extreme disadvantages to them.

Wells Fargo Acting General Counsel is announced: Wells Fargo announces Acting General Counsel. Douglas Edwards will hold the position until they find a permanent General Counsel. Given all that Wells Fargo seems to be involved in, interim counsel would be a very difficult job.

OCC Bulletin 2020-10 released: The OCC released Bulletin 2020-10 which includes frequently asked questions (FAQs) to supplement OCC Bulletin 2013-29.

T-Mobile announces a data breach: The mobile provider recently announced a data breach that revealed the personal information of employees and customers. At this time, T-Mobile has said the sophisticated account was identified and promptly shut down. They don’t believe the hackers gained access to social security numbers or credit card information. The hack is under investigation.

CUNA helps by launching a coronavirus resource page: In case you’re looking for another resource on the coronavirus, CUNA has now launched a page dedicated to information and other materials related to the virus. At this time, all live CUNA conferences and events are scheduled to continue.

Fintech acquiring a bank faces some regulatory headwinds: In recent news, it was announced that Lending Club, a fintech, will acquire Radius Bank. It turns out the deal may face some regulatory hurdles. And, it may pave the way for future fintech and bank deals.

The importance of maintaining strong AML standards: A former risk officer of a large bank was fined $450,000 for violating anti-money laundering laws. FinCEN says he violated the Bank Secrecy Act specifically. Maintaining comprehensive AML standards is a must.

Fifth Third Bank in a fake accounts scandal: The CFPB filed an enforcement action against Fifth Third Bank for allegedly opening unauthorized accounts. Fifth Third feels the allegations hold no weight and the bank will defend itself.

Recently Added Articles as of March 5

This week’s industry news is very interesting. The Fed is considering what to do about Coronavirus; the Supreme Court is agreeing to take up the case about the constitutionality of the CFPB; the NYDFS flexes its authority over an international merger and a CFPB symposium on customer data all make for noteworthy updates.

CFPB hearing will move forward: The Supreme Court has agreed to hear oral arguments regarding the CFPB’s structure. Is it unconstitutional? That’s been the debate for years. Stay tuned.

A glance at NAFUC’s week: This week, on NAFCU’s agenda, you’ll find they’ll be reviewing the Supreme Court hearing and giving their feedback regarding the CFPB’s structure, subcommittee meetings are underway, attendance at a Treasury Department forum, the Strategic Growth Conference and more. Also, just announced, NAFCU launched a resource page dedicated to credit unions which provides them with a centralized location for advocacy needs. It’s shaping up to be quite the eventful week for NAFCU.

FTC sends over $2 million to consumers defrauded by American Immigration Center: American Immigration Center misled consumers by falsely implying their websites were affiliated with the U.S. government. The center was selling immigration form preparation services, but many consumers simply wanted to renew their green cards or apply for naturalization – not seek preparation services. Now, American Immigration Center must be very clear and disclose that their websites aren’t affiliated with the U.S. government. And, each consumer affected will be refunded $42.71, totaling over $2 million.

New Jersey may jump into the privacy game: The state’s lawmakers proposed a bill to set data privacy guidelines. If the bill passes, tech companies will need to get permission from the state’s consumers prior to collecting and selling their information to third parties. This is going to get enormously complicated if many states pass their own standards, particularly if there’s some conflict.

CFBP addresses consumer access to financial records: At a recent CFPB symposium, the session focus was on consumer access to financial records and section 1033 of the Dodd-Frank Act. This symposium is part of their quest to help the bureau with its policy development process. 

Agreement in principle reached with the New York State Department of Financial Services: Looking for another example showing why NYDFS is generally known as the most stringent regulator. Look no further! Genworth Financial and China Oceanwide Holdings Group Co. Ltd. have reached an agreement with the New York regulator for the re-approval of the Genworth’s acquisition. Check out the many steps they must take to gain re-approval.

The Fed responds to the coronavirus epidemic: The Federal Reserve Chair said the bank is ready to support the economy as the coronavirus takes its toll. However, there is good news. He does say the economy is in overall good standing. With the emerging risks posed by the virus, the Fed plans to stay aware.

An understanding of the Washington Privacy Act SB 6281 : Invasion of consumer privacy is of top concerns these days. It’s not surprising given the many lawsuits constantly popping up against companies for invasion of privacy. Now, in progress, is the Washington Privacy Act. While many think the main concern is if this will be stronger than CCPA and similar regulation, it’s actually if the act will provide meaningful privacy protection. Unfortunately, it currently doesn't. Learn why.

California takes steps to help fintechs with in-state ILC charters: At this time, only 7 states allow industrial loan companies (ILC) charters. California is looking to make ILC charters easier in the state with a new proposed law. It’s their hope that it’ll encourage fintechs in California to remain there instead of moving to other states for ILCs.

Take steps to protecting your organization from vendor cybersecurity risks. Download the infographic.



Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo