Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2021

Venminder’s State of Third-Party Risk Management 2021 survey provides insight into how organizations are managing third-party risk management in today’s increasing regulatory and risky climate.


Performing Vendor Due Diligence on Fintechs: What Regulators Recommend for Community Banks

3 min read
Featured Image

As banking customers demand more innovative products and services, community banks continue to see the value of utilizing financial technology (fintech) providers to increase efficiency and reduce costs. In response to this evolving financial landscape, the FDIC, the Federal Reserve Board and the OCC recently released Conducting Due Diligence on Financial Technology Companies - A Guide for Community Banks. Although community banks aren’t required to use this guide, it provides helpful suggestions and the six areas of due diligence to review for fintech companies.

6 Areas of Vendor Due Diligence to Review

  1. Business Experience and Qualifications: It's essential to review the vendor's experience, goals, strategies and qualifications to ensure they can support your organization's needs. Verify all client references and/or complaints. This information can often be obtained from some of the following sources:
    • Company overview or organizational charts
    • Public records of legal or regulatory actions
    • Social media or news reports
    • Summary of operational failures
    • Employment policies
    • Professional information on board of directors or executive directors
  2. Financial Condition: Financial records and funding sources should always be evaluated to ensure that the vendor will be financially stable enough to provide the outsourced activity well beyond the length of your contract. Organizations should also consider the scope of the vendor's client base, as the loss of a critical client may be significant enough to prevent the vendor's ability to maintain its obligations. Learning about the financial condition of your vendor can be accomplished by reviewing the following items:
    • Financial statements
    • Auditor opinions
    • U.S. Securities filings
    • Sources of funding
  3. Legal and Regulatory Compliance: You should evaluate the vendor's legal standing and knowledge about legal and regulatory requirements. An inexperienced vendor will pose a significant risk should it fail to comply with applicable regulations. Request the vendor provide a five-year legal history, including any material litigation and judgments. And, research if the vendor has had any regulatory enforcement actions. Here are some resources that may help in evaluating your vendor's legal and regulatory standing:
    • Internal policies, procedures, training and controls related to industry regulations
    • Articles of incorporation, certificates of good standing and applicable state licenses
    • Form 10-K and/or 10-Q filing
    • Information related to lawsuits, settlements, customer complaints or enforcement actions
    • Proposed marketing materials
  4. Risk Management and Controls: Your vendor's risk management program and controls should be thoroughly reviewed to ensure they're effective and consistent with your organization's risk appetite. Their risk management processes should provide details on responsibilities, reporting practices, testing results and how employees are trained to comply with procedures. Review the following vendor items:
    • Internal control and issue management policies
    • Training materials and schedules
    • Self-assessments
    • Results of control reviews and audit reports
    • Sample reports detailing key risk indicators and key performance indicators
  5. Information Security: Protecting sensitive consumer information should be at the core of any information security program. It's essential to ensure the vendor's cybersecurity practices effectively prevent or identify and mitigate any vulnerabilities. Organizations are also encouraged to evaluate whether the outsourced function can be performed with an existing system or if additional IT investments would be needed. Consider reviewing the following information:
    • Information security policies and control assessments
    • Security awareness training for employees
    • Incident management policies
    • Overview of technology and processes that support the outsourced activity
  6. Operational Resilience: Business disrupting events can occur at any time, so make sure you understand how well your vendor is prepared to continue its operations. Identifying and responding to these events is critical, as is recovering and learning from them. The vendor's tolerance for downtime and data loss and service level agreements should also be assessed to ensure they align with your organization's standards. The vendor's reliance on subcontractors (your fourth parties) is another important consideration. You can obtain this information from the following sources:
    • Business continuity and disaster recovery plans
    • Cybersecurity reports
    • Insurance information
    • Suggested service level agreements
    • Outsourcing and subcontracting policies
    • List of third parties

Fintech providers can strengthen an organization's competitive advantage through innovative technology. Still, it's crucial to recognize the risks that can come with these rewards. The due diligence process can be a complex and lengthy step within the third-party risk management lifecycle, but it's a critical activity that protects your organization.

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo