1 (888) 836-6463 CONTACT US

What Vendor Management Information Should I Be Reporting?

Jun 25, 2019 by Branan Cooper

Reporting to senior management and/or the board is not just a best practice; it’s actually a requirement of regulatory guidance. Review guidance like OCC Bulletin 2013-29 or FDIC FIL-44-2008 to learn more.

So, what should you prepare in terms of a report?

Frequency & Format of Your Vendor Reporting

Typically, reports should be provided on a regularly scheduled recurring basis – perhaps monthly to your risk or compliance committee and quarterly to your audit committee or board. Make sure this is all shown in minutes!

The typical report is in an easy-to-follow PowerPoint or Word narrative. I recommend you dedicate a page of the report to each of the fundamental activities, and particularly to highlight any significant matters involving your critical or high risk third parties.

Types of Information to Include in Vendor Reporting

The report might start out with a cover page on your total inventory of actively managed third parties, followed by the following 7 pages:

  • A page on the overall inventory of third party vendors

  • A page on the overall status of assessing risk (e.g., perhaps a pie chart showing how many critical and non-critical or high, medium and low third party vendors)

  • A page on due diligence (e.g., how many documents, upcoming due diligence and any overdue or missing items)

  • A page detailing the ongoing monitoring activities (e.g., what your team is doing to meet this critical expectation)

  • A page on contracts (e.g., upcoming renewals or terminations, any notable problems with critical or high risk third party vendors)

  • A page on any major changes with high-risk and/or critical third party vendors

  • A calendar showing upcoming updates to various committees, helping to demonstrate keeping management adequately informed in an ongoing manner

As the shampoo bottle says, repeat as needed. This also goes for your vendor risk management reporting.

Take a deeper dive into the different due diligence reports. Download the eBook now.

New call-to-action

Branan Cooper

Written by Branan Cooper

Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog