Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Third-Party Risk Management - How Does the Vendor Perceive It?

4 min read
Featured Image

As part of our Venminder Thought Leadership interview series where we speak to experts in-housing finance and vendor service providers, we recently had the opportunity to sit down with Suresh Ramakrishnan of Ascendum Solutions.

Ascendum is a mortgage fulfillment provider of IT technical expertise along with specific mortgage process outsourcing services. Venminder has spoken at length regarding the regulatory requirements of third-party risk management, so we thought it would be interesting to go deeper into the subject and explore third-party risk management from the vendor perspective who not only provides services to financial institutions but also must manage the numerous and varied vendor management requests. You can listen to the full interview here.

Suresh Ramakrishnan Interview Highlights

During our time, we covered:

  • Outsourcing opportunities and benefits
  • Outsourcing risk
  • The perception of outsourcing to offshore vendors
  • Due diligence and the differences between maturity levels

Outsourcing Opportunities, Benefits and Risk

Suresh shared that not every executive will see the outsourcing solution as a valuable addition to the organization, but he's beginning to see a shift in opinion. As interest rates appear to be on the rise and we approach the historically robust housing season, you might experience a seesaw of having to quickly ramp up the full-time employee (FTE) headcount and manage the volume through turn-time service levels while not impacting efficiencies. Outsourcing can certainly help manage those risks by helping to control costs and leverage different labor markets.

As with anything, early adopters of technology or services see the value add for the long term and for the late adopters of the outsource mentality, there remains challenges that need to be overcome such as:

  1. A loss of control and disconnect between the client/provider relationship
  2. A fear of a lack of data security

Both are valid concerns, but as part of the pillars of third-party risk management, the first line of defense is managing Service Level Agreements (SLAs) and frequent, regular communication and robust due diligence, which helps address these concerns. While outsourcing provides numerous value adds, no one is suggesting that it doesn’t require oversight.

As reflected in our Venminder survey and whitepaper, The State of Vendor Management, which can be found here, there are many different sized institutions who all have various levels of maturity in their approach to third-party risk management. Suresh also validated this information with his own observations. He noted that raising awareness was a key factor in helping clients mature their vendor management process and practices and highlighted that in terms specific to the vendor oversight process, which includes assessments of financials, SOC, BCP and DR plans, he sees a mix of the third-party risk management outsourced and managed internally.

This wasn’t a surprise, but what was a cautionary note was that some institutions may still have an adhoc approach and may only focus on a primary vendor, such as a loan origination system. I've certainly seen this approach in my early career, but given the intensity that regulatory agencies have highlighted, these days may be numbered. The importance of validating information cannot be overstated here. Bottom line is if you have an adhoc approach to third-party risk management and discount other vendor services, you will unlikely pass muster with the OCC, SEC, CFPB and your state regulator come examination time. And make no mistake, the examiners are coming.

Outsourcing to Offshore Vendors

Ascendum operates both from within the US and offshore in India, so this was an appropriate time to ask about offshoring. Specifically, does the offshoring of a service get a bad rap? Suresh offered up some crucial factors which are often overlooked by US firms who outsource. We’ve participated in many onsite audits of vendors and to this day we have only witnessed one vendor in the US which had similar security protocols that Suresh described.

These data security protocols included:

  • A true paperless environment.
  • No pens or pencils. After all, there’s no paper!
  • USB ports removed on computers. No downloading.
  • Cell phones are required to be stored in lockers outside of the main working area. Social media scrolling can wait.

If you take a minute to look at your own institution or vendor service, consider if you have these controls in place. The concept of BYOD (Bring Your Own Device) certainly raises an additional concern where staff may have access to NPPI and snap a picture to capture data. Verifying this type of security control is a good practice to add to your assessment.

Trust But Verify - Why Is This So Important?

Traditionally, due diligence has been an annual assessment activity but, increasingly, we are seeing a lot of institutions request a vetting of a potential new vendor up front. Finally, it would seem that before you commit to a legally binding contract, you may want to confirm if the vendor is your perfect match.

Suresh expressed the same perspective as he's seeing an increase in this type of request both from potential clients and vendor management firms who perform this service. A key takeaway was the concept of trust but verify.

Collecting due diligence documents is often reported as one of the most difficult and time-consuming activities faced by a vendor management department. It struck us as odd that after such a colossal effort that simple items such as a reference check, by calling other clients who currently use the vendor to confirm their experience, hear potential concerns and any other feedback they’d like to share, would be an activity which is put on the back burner. Remember to always verify, verify, verify!

Outsourcing, if managed correctly, can provide strategic advantages and greater efficiencies to your organization. Thank you to Suresh Ramakrishnan of Ascendum Solutions for sharing his insight and expertise with Venminder.

A way to protect yourself in the contract phase of a vendor relationship is by using SLAs. Learn more by downloading our infographic. 

how to write a third party policy

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo