Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


OCC Issues Bulletin 2020-65 to Help Understand UDAP/UDAAP Enforcements

4 min read
Featured Image

Very recently, on June 29, 2020, the Office of the Comptroller of the Currency (OCC) issued Bulletin 2020-65, the Comptroller’s Handbook Booklet: Unfair or Deceptive Acts or Practices and Unfair, Deceptive or Abusive Acts or Practices.

First, let’s set aside the fact that the title may constitute a UDAAP violation or something in and of itself – kidding, but only slightly… wow, that was a mouthful. The bulletin is really aimed to inform examiners on what to look for in reviewing national and community banks for potential UDAP/UDAAP violations. As a reminder, the extra “A” in UDAAP stands for abusive and was added with the creation of the Consumer Financial Protection Bureau (CFPB) under the Dodd Frank Act. Abusive has never been fully defined, though the current director, Kathy Kraninger, has pledged to do so.

UDAP/UDAAP is a common violation for organizations, especially because of their vendors. You’re still responsible for what a third or fourth party does on your behalf. This is because third party relationships are often acting on behalf of your organization in offering a product or service to customers.

What to Know About the Bulletin?

Here are 4 key takeaways:

  1. CFPB is the only agency to wield full authority to enforce UDAAP. The bulletin reminds us of this. Meanwhile, in UDAP, as put in place by section 5 of the Federal Trade Commission Act, it’s made clear that several agencies do own authority to enforce it – just not full authority. So, don’t fall victim to thinking that the CPFB is the only one who can slap a fine for violation.
  2. UDAP guidance issued by the now defunct Office of Thrift Supervision is rescinded and it reasserts previous UDAP guidance and authority issued under other agencies. The bulletin goes on here to provide clear definition of the terms “Unfair” and “Deceptive”.

    Per the bulletin:

    Unfair – “The practice causes substantial consumer injury. Generally, monetary harm, such as when a consumer pays a fee or interest charge or incurs other similar costs to obtain a bank product or service as a result of an unfair practice, will be deemed to involve substantial injury. An injury may be substantial if it does a small harm to a large number of consumers or if it raises a significant risk of specific harm. The injury is not outweighed by benefits to the consumer or to competition. To be unfair, a practice must be injurious in its net effects. Generally, an analysis of the net effects includes not only the costs and harm to the consumer, but also consideration of the costs and regulatory burdens to banks, and the potential restrictions on competition and the availability of credit that may result from a finding of unfairness. The injury caused by the practice is one that consumers could not reasonably have avoided.”

    Deceptive – “Practices that can be misleading or deceptive include false oral and written representations; misleading claims about costs of services or products; use of bait-and-switch techniques; and failure to provide promised services or products. For example, there is an implied representation that a product or service is fit for the purposes for which it is being sold or marketed. In addition, the focus of this inquiry is on whether a practice is likely to mislead, rather than whether it actually misleads. The OCC will consider the entire advertisement, transaction or course of dealing in determining whether practices are misleading. The act or practice would be deceptive from the perspective of a reasonable consumer. The totality of the circumstances and the net impression that is made will be evaluated in making this determination. A bank’s failure to provide information also may be a deceptive act or practice and will be evaluated from the perspective of whether a reasonable consumer is likely to have been misled by the omission. A consumer’s reaction to an act or practice may be reasonable even if it is not the only reaction that a consumer might have.”
  3. Examiners  are provided examples and guidance to assist them when examining banks under UDAP and UDAAP. This is the real meat of the guidance. It cites specific examples of potential violations, including consumer complaints. Most of us know consumer complaints have been a common theme as well for how the CFPB has mined its own database for investigating potential enforcement actions. The bulletin goes on to cite specific examples of products and services that may give rise to potential concerns – citing many of the same items we have discussed in recent years – heavily fee laden products, products of questionable value, products with confusing terms or terms that haven’t been adequately reviewed by management, debt cancellation products, refund anticipation loans, etc.
  4. Reinforces the need for active board and senior management involvement. This is to prevent issues that may lead to UPAP/UPDAAP violations – continuing a drumbeat we’ve heard since at least 2013.

In short, while aimed at examiners, OCC Bulletin 2020-65 is well worth reading so you can understand what the examiners will expect from a UDAP/UDAAP perspective in your next examination. It never hurts to walk in the shoes of others and better understand their point of view, especially when that group is your examiner. 

Use this resource to learn more about what examiners expect. Download the eBook.

Vendor Risk Management Examination or Audit Preparation Guidebook

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo