Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Why Third-Party Risk Discussions Belong at Sr Management & Board Meetings

2 min read
Featured Image

I know it seems like third-party risk management is getting more attention than it needs. I say that having been involved with various facets of vendor management for much of my 28 years in banking. I’ve seen it pulled from the sleepy shadows of being a “necessary evil” to the headlines of everyone’s concerns.

Ever more so, third-party risk management discussions are now necessary within senior management and board meetings to ensure everyone is on the same page. 

3 Reasons Why Third-Party Risk Discussions Needed In Meetings

  1. Regulators Require It - In short, particularly for the national institutions and investment community, the regulators demand that third party risk responsibility sits with senior management and the board. The bulletins from the Office of the Comptroller of the Currency (OCC) – which are gold standard for third party risk guidance – are pretty explicit in these expectations. Reference Bulletins 29-2013, 7-2017, and 21-2017 for specifics.
  2. Examiners Expect It - At one of my prior institutions, in this case, one that was an FDIC bank rather than OCC regulated, the examiners specifically sought proof that third party risk management was getting adequate discussion at the board and senior management level. Fortunately, we had a rigorous practice of providing monthly updates at risk committee meetings and quarterly written and oral reports to the audit committee of the board.
  3. It’s a Best Practice - Over and above the regulatory expectations, it simply makes good business sense to keep the board and senior management informed. After all, as a very practical matter, you need their help in setting 'tone from the top' when it comes to compliance expectations. You also need their help when matters need to be escalated with third parties and certainly, if you need to quickly take action to sever a relationship with a third party, you’ll need their approval and involvement.

Best Practices in Keeping Senior Management and the Board Informed

Here are a few best practices for your mission of keeping senior management and the board informed:

  • Ideally, you want the head of third-party risk management to work closely with senior management and the board to establish a recurring set of meetings so they know what to expect and when.
  • There should be written submission of what is to be covered in the meeting, following an agreed upon format, accompanied by an oral report – that way it can easily be evidenced in the senior management and board meeting minutes and with accompanying documentation.
  • Be certain to call out any particular areas of concern during meetings or just in written format, such as third parties upcoming for contract renewal or third parties with drastic changes in their risk level.
  • Seek their review and approval of any proposed third-party risk management policy or program changes.

Keeping your board and senior management team informed helps you do your job more efficiently and helps to protect your institution and your consumers.

Want to learn more third-party risk management best practices? Download our infographic to learn 10 best practices of good vendor managers. 

10 Best Practices of Really Good Vendor Managers Infographic

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo