Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

We’re a Credit Union - Why Worry About the OCC and FDIC?

4 min read
Featured Image

As a credit union employee, you may wonder if OCC and FDIC guidance regarding third-party risk management is relevant to your organization. After all, the National Credit Union Administration (NCUA) already offers third-party risk management (TPRM) guidance such as Letter 07-CU-13. Is it necessary to stay informed of other regulations that may not apply directly to your specific type of financial institution? The short answer is yes!

When managing third-party risk, it's always a good idea to keep up with regulatory guidance. Many regulators look to each other for best practices, and if the guidance of a specific regulatory agency changes, the others often follow their lead. Even though credit unions are unique and operate differently than traditional consumer banking institutions, the risks presented by third-party relationships are often the same. Since NCUA's guidance letter was issued a decade ago, the risk landscape has dramatically changed, and updated guidance is likely on the horizon. 

An Increased Focus on Third-Party Risk Management

Over the past several years, regulators have emphasized the importance of properly managing third-party risk. Incidents like vendor data breaches are becoming increasingly frequent and complex, so, understandably, regulators are trying to address these issues with more guidance and enforcement actions. Here are a few regulations worth knowing:

These regulations and guidelines generally fall into one of two categories. They either answer the question, "How should our organization manage third-party risk?" or "How should examiners evaluate an organization's TPRM program?" Both questions are important for organizations to understand, as these two concepts can help your organization be better prepared to manage third-party risk.

Examiners Do Cross Paths

Regulatory examiners like the OCC, FDIC, and more rarely work in a vacuum. Although they hold different responsibilities, they often compare notes and assist one another with determining industry best practices. The Federal Financial Institutions Examination Council (FFIEC) is one good example of multiple agencies, including the NCUA, that set regulatory standards together.

credit union

3 Compliance Tips for Credit Unions

Ensuring that you and your third parties maintain regulatory compliance isn't always easy, but it's an absolute must. Doing so helps avoid negative consequences like fines, enforcement actions, or other criminal penalties. 
Here are some tips that can help your organization stay in compliance:

  • Stay informed of current regulations. Subscribe to news alerts from individual regulatory agencies, which can be accomplished by visiting the regulators' websites. You can also stay informed of regulatory changes by subscribing to risk alerts and monitoring services. Alternatively, a basic internet news alert can be helpful as well.
  • Formalize your documentation & reporting. Your TPRM program should contain formal governance documents, such as a policy, program, and procedures. By defining and formalizing your TPRM program's rules and requirements, these documents can help evidence your TPRM program's regulatory compliance. And regular TPRM compliance reporting ensures your stakeholders can drive action and make informed decisions.
  • Establish good contract management. Work closely with your contracting or legal team to ensure that your vendor contracts are effectively written. Regulatory compliance must be built into your contracts, which may include details such as a right to audit, service level agreements (SLAs), and indemnification and insurance. 

Although credit unions and traditional banking institutions are regulated by different agencies, don't assume that OCC and FDIC guidelines are irrelevant to your organization. And regulatory changes will undoubtedly occur as the third-party risk landscape evolves and changes. Third-party risk management is an important practice that every organization should prioritize, regardless of who's making the laws. 

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo