Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Suggested Actions to Comply With OCC Bulletin 2017-7

3 min read
Featured Image

If you’re in a regulated industry, you know it can be challenging to stay informed of different third-party risk management (TPRM) rules and guidance. Agencies will often update their existing guidance with supplemental information, such as the case with OCC Bulletin 2017-7.

This blog will cover some helpful tips that you can use to keep you in compliance with this guidance.

About Bulletin 2017-7

In early 2017, the Office of the Comptroller of the Currency (OCC) released this guidance as a follow up to Bulletin 2013-29, which is considered the gold standard for TPRM practices. Bulletin 2017-7 specifically addresses how examiners must review TPRM at federal banks and federal savings associations. The document is a highly detailed playbook of items that examiners should consider in a TPRM program. 

Unlike some regulatory guidance that exempts certain financial institutions based on asset size, this guidance applies to all organizations regulated by the OCC.

6 Actions to Comply with OCC Bulletin 2017-7

So, what do you need to do to make sure you’re in compliance with 2017-7? Here are six recommended actions:

  1. Compare it with your TPRM program: Try making a side-by-side comparison of this exam procedure guideline with your existing TPRM program. Make a note of anything your program is missing. 
  2. Inform your team: Senior leadership and the board should be informed of this updated guidance, so they understand the expectations.
  3. Involve your legal and audit teams: Make sure to bring in your legal and audit teams to perform a review of your policy, program, and procedures alongside the updated guidance. Having extra eyes on the guidance will help you avoid missing any critical details.
  4. Look for weaknesses: Consider if your program has any areas that need additional attention, staffing, or resources. 
  5. Test the procedures: The procedures contain a list of questions that examiners are expected to ask banks about their third-party relationships. Review the questions to make sure you have adequate and well-documented answers. 
  6. Report your findings: Document this all carefully and report the results to your senior leadership team and the board.

The procedures are sweeping and detailed and require great attention. When your next examination rolls into town, you’ll need to be prepared to meet these heightened expectations.

OCC bulletin 2017-7 third-party risk management

Going Beyond Compliance

Meeting regulatory compliance is of course an important goal to consider with your TPRM activities. However, it’s important to consider the other benefits of an effective program:

  • Risk mitigation – One of the fundamental objectives in TPRM is detecting a vendor’s risk and mitigating it through proper controls. Due diligence and risk assessments are just two activities that help achieve this goal. 
  • Quality control – TPRM involves many activities, some of which are directly related to the quality of your vendor’s products and services. Things like performance monitoring and contract management help ensure that your vendors are providing the benefits you expect to your organization and customers. 
  • Operational resilience – Business-disrupting events can occur at any time, but TPRM activities can help you prevent significant impacts to your operations. Reviewing your critical vendors’ business continuity and disaster recovery plans and making sure they’re fully tested will help support resiliency in your organization.

Even if you’re not regulated by the OCC, it’s a smart business decision to implement these guidelines within your own TPRM program. Doing so will help mature your program and prove that you’re using best in class practices.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo