Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Raising the Bar In Third-Party Risk: CFPB Formally Enters Technology Vendor Oversight

3 min read
Featured Image

In the CFPB May release (Issue 15), the Consumer Financial Protection Bureau referenced updated guidance on third party oversight initiatives. We'll go through what it says, what it means and next steps.

What The May 2017 Summary - Issue 15 Says

On page 25 they state that:

The CFPB recognizes the potential risks to consumers posed by large service providers, which provide technological support to facilitate compliance with Federal consumer financial law, including software packages, electronic system platforms, and other types of technological tools.

These compliance tools are often provided to thousands of participants in a market. As such, compliance risks in an entire market may be heightened when regulatory compliance is not considered and integrated throughout the development lifecycle, change, and configuration of these compliance systems. 

Because a single service provider might affect consumer risk at many institutions, the CFPB has begun to develop and implement a program to supervise these service providers directly. Direct examination of key service providers will provide the CFPB the opportunity to monitor and potentially reduce risks to consumers at their source.

In its initial work, the CFPB is conducting baseline reviews of some service providers to learn about the structure of these companies, their operations, their compliance systems, and their CMS.

In more targeted work, the CFPB is focusing on service providers that directly affect the mortgage origination and servicing markets.

The CFPB will shape its future service provider supervisory activities based on what it learns through its initial work. As with all new examination programs, service provider supervision is folded into the Bureau’s overall risk-based prioritization process.

What could this mean?

There are several considerations to keep in mind with this initiative. However, while it's speculation, it would seem to have some plausibility.

  • The CFPB is taking up Vendor Oversight to create its own baseline of risk assessments on vendors who may impact consumer transactions.

  • This oversight seems broader than simply targeting complaint data on the CFPB website. While complaint data was instrumental in identifying key concerns; this initiative takes an approach based on the potential impact of the many tech enabled compliance software systems used in the mortgage origination and servicing process.

  • Given the recent events of a servicing software and operation described by one industry executive as a train wreck, could imply that this effort is aimed at ensuring systems are adequately managed and updated by appropriate compliance expertise.

  • Recognizes the importance that compliance management systems and expertise play throughout the software development lifecycle.

How could this impact vendor risk management?

In many ways, this could raise the bar in the requirements of vendor oversight and examination process but also in a financial institution's own vendor reporting.

After all, if the CFPB has examined a third party vendor and has a baseline of findings, issues and remediation data, how would your organization's own results stand up when presented to the CFPB examiner?    

Your oversight report is only as good as the questions you ask and validate. Given the CFPB mandate of consumer protection, it would be wise to make sure your reviews are thorough and leverage the expertise of internal stakeholders over and above a vendor management team.

As we have discussed in prior commentaries, vendor oversight should not be a check the box type exercise. Without a thoughtful approach of reviewing policy and procedures, SOC reports, audited financials, etc...anything less could be deemed as sub-par.

Next Steps

If you're a vendor active in this space, then I’d suggest that you have been put on notice.

  1. Review that you have a strong compliance management system in place. This should include compliance leadership, change management process for SDLC, quality assurance for testing during UAT and production along with thorough testing records including remediation.

  2. If you are a Mortgage Originator or Servicer, it would be prudent to review your compliance management systems and your vendor oversight process and ensure that you have the full expertise to fully manage your tech focused vendors.

Issue 15 contains a lot of valuable information and over and above this one section regarding tech vendor oversight, there is information regarding the recent public and non-public enforcement actions and some timely insight on spike and trend analysis regarding complaint data. All worthy of your attention. 

To read up on vendor oversight on a contract mortgage underwriter, download our infographic.

Download Now

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo