Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.


Vendor Ongoing Monitoring Often Overlooked

3 min read
Featured Image

Vendor ongoing monitoring is required by all of the major regulators as a fundamental practice in third party risk management. So, why is it often overlooked? What happens if you fail to monitor one of your vendors? And, what does successful ongoing monitoring look like?

What Third Party Risk Regulation States

The OCC Bulletin 2013-29 on managing third party risk clearly states:

“Ongoing monitoring for the duration of the third party relationship is an essential component of the bank’s risk management process. More comprehensive monitoring is necessary when the third party relationship involves critical activities. Senior management should periodically assess existing third party relationships to determine whether the nature of the activity performed now constitutes a critical activity.” 

In January 2017, the OCC released Bulletin 2017-7, which restated and hammered into place the examination procedures associated with Bulletin 2013-29, as well as introducing new third parties which should be considered.

Not Followed

Yet, time and time again, you will find institutions lose interest or perspective after completing due diligence and doing the risk assessment.

I say that not as a casual assertion but if you review the numerous violations of UDAAP         (Unfair, Deceptive or Abusive Acts or Practices), you’ll often see that the institution is cited for failing to appropriately oversee the actions of a third party.

What Happens If You Fail at It

Easy to understand but tough to do consistently, ongoing monitoring must be consistent, lest you miss a significant problem at a third party that gives rise to a UDAAP claim, such as the introduction of a new product without your institution's approval.

How to NOT Fail at It

Ongoing monitoring can take many forms and should be both risk-based and appropriate for the activity the third party conducts. For example:

  • Customer listening might be appropriate for a call center, while retail mystery shopping would be more appropriate for a distributor of a prepaid card product. 
  • For your statement production company, you should have standards around accuracy and periodic testing to ensure they deliver. 
  • For your core processor, you need to look into system availability, reliable business processes and requirements to notify you of any outages.

Overall, monitoring must work seamlessly with the other pillars of third party risk.
 For example: 

  • Make sure you're collecting the right due diligence documents 
  • Make sure there are applicable controls and reports
  • Report ongoing monitoring results to senior management and board
  • Any identified weaknesses should be documented and promptly addressed 

Successful monitoring includes documentation, adequate staff and board and senior management support. It doesn’t have to be overly complicated, but it should be carefully documented and any concerns MUST be adequately addressed.

Don’t let your guard slip – keep monitoring those third parties. To learn more on oversight and ongoing monitoring, download our free infographic.

Vendor Management Oversight and Ongoing Monitoring

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo