Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Third Party Risk Management Interview with Ballard Spahr Attorney

5 min read
Featured Image

As part of Venminder’s Thought Leadership series, I recently had the opportunity to speak with Glen Trudel, Partner at Ballard Spahr. In this series, we speak with the industry’s sought-after thought leaders for their perspective and advice on third parties, mitigating risk, best practices, trends and more.

Glen’s a consumer financial services, banking and business attorney who counsels financial institutions, marketplace lenders, fintech entities and other companies on both regulatory and transactional matters. He has significant experience with the documentation and creation of marketplace lender platforms and structures and the acquisition and divestiture of consumer and business credit card and other loan portfolios. He also advises state and federal financial institutions and other entities on regulatory, operational and vendor outsourcing matters, debt sales and collection agreements, other transactions and assists clients in the structure and documentation of new credit products and on formation and licensing issues in Delaware.

Glen Trudel Interview Highlights

During our time, we covered:

  • Predictions for the rest of the year from a regulatory compliance perspective
  • The OCC Fintech Charter and how fintechs are doing overall with third party risk management
  • Third party risk struggles and how to conquer them
  • Third party risk best practices

A Regulatory Breakdown: What to Expect

There have been a number of changes at the prudential regulators this year. It’s been exciting to watch and is leading to much change, but with change also comes a lot of looming, unanswered questions. Glen is an expert in the industry, so I wanted to hear his perspective on the changes and what this means for us for the rest of the year from a regulatory compliance perspective. Glen really gave me an in-depth overview breaking it down by regulator, their 2019 focal points thus far and how he sees this impacting vendor risk management the rest of the year:


  1. Chairman of the FDIC, Jelena McWilliams, has shared that the agency is reviewing their guidance and that they want to do better with the de novo bank process; she’s working hard to give insight regarding the FDIC’s processes and why they do what they do and more
  2. Since the agency was finding many technology service provider contracts to be inadequate, they issued new guidance – FIL-19-2019 – to remind financial institutions to review and implement strong contractual provisions and other specific requirements in their third party technology service provider agreements

FDIC Prediction: All of these changes at the FDIC don’t mean there’s going to be an immediate change to vendor risk management per se, Glen shares. However, it does mean the FDIC is keeping a close eye on the industry and they do still feel they’re at the forefront and responsible for advising banks – who they primarily regulate – and ensuring they’re following regulatory guidance.


  1. No radical departures from prior guidance and no major changes this year

OCC Prediction: No radical changes at the OCC  is likely due to the agency’s guidance being considered by many to be the most comprehensive vendor risk management guidance available. Therefore, there are no real significant vendor risk management changes predicted for the rest of the year as far as the OCC goes.


  1. All five commissioners have started within the last year
  2. They continue to be an aggressive regulator
  3. There have been efforts to eliminate robocalls and a lot of focus around debt collection, debt repair schemes, identity theft, privacy and data security and more

FTC Prediction: The agency’s approach to vendor risk management and the direction they take can all change rapidly as the commissioners become more and more comfortable in their roles


  1. Have shared their focus on preventing consumer harm rather than merely handing out fines
  2. A symposium to discuss the term “abusive” in more detail
  3. Active on the supervision and enforcement side of things

CFPB Prediction: As far as the rest of this year goes, Glen sees the CFPB continuing to place a strong focus on prevention and education.

Fintechs: Are They Progressing in Third Party Risk Management?

Respectfully, Glen shares that he can’t state collectively how all fintechs are doing as he doesn’t feel it would be of particular value. However, like with any industry, some fintechs will be significantly better at identifying and controlling risk as compared to some of their peers. Glen says in order for a fintech to progress and be successful in third party risk management, they need to make third party risk a priority and work diligently to do it correctly. Fintechs and their approach to third party risk will continue to be a regulatory focus.

As far as the charter is concerned, Glen doesn’t foresee an application for the charter that will come to the fore as long as the OCC Fintech Charter litigations are in place. In his opinion, being the first fintech to seek a charter would certainly draw scrutiny and would potentially put itself into the current litigation efforts.

Maintaining a Vendor Management Program Is Not an Easy Feat

Glen and I chatted briefly about the biggest vendor management struggles. According to Venminder’s 2019 State of Third Party Risk Management survey, fourth party risk assessments and third party cyber security assessments were found to be the next biggest hurdles in vendor management.

Although Glen agrees those are definitely struggles, he thinks the biggest struggle is hard to pinpoint as it will always vary from company to company and industry to industry. He proposes the biggest struggle is really, put simply, keeping your vendor management program in order at all times. You may have a strong program, but can you keep it that way. That’s a struggle and true feat in itself.

Your Vendors’ Vendors: Why Fourth Parties Matter

Another challenge can certainly be having to rely to some degree on your vendors to adequately monitor their vendors. These are considered your fourth party vendors and is in line with Venminder’s survey as a common industry challenge. Glen gives us some sound advice that everyone should follow.

He says, “These fourth party issues can be something that can be identified in an organization’s initial vendor due diligence and perhaps watched over as part of the organization’s ongoing monitoring to identify these gaps that may inhibit or prevent them from adequately monitoring their important vendors. And, identifying those gaps early on and also enlisting the vendor's aid in getting those better handled on such downstream providers is an important area.”

It really all comes back to the basics of third party risk management and identifying issues through the due diligence and risk assessment process to make sure you’re not missing any gaps and risk.

Wrap Up

Glen wraps up the conversation with a quick mention that it’s important to verify the resources you have in-house to manage your third party risk management program are adequate. If they’re not, because you don’t have enough people or maybe you just don’t have the someone with the expertise, then it’s perfectly acceptable to bring in third party resources to assist. It can often be the most cost-effective solution that reaps results in a quick manner, instead of playing catch-up in an area where you don’t want to be behind.

On behalf of myself and Venminder, thank you to Glen for taking the time to participate in this podcast. Be sure to check it out here  to hear more insight and perspective.

Understand more about the current State of Third Party Risk Management. Download the whitepaper.



Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo