The State of Third Party Risk Management 2019

Venminder’s State of Third Party Risk Management 2019 whitepaper provides insight into how financial services and financial technology companies manage third party risk management in today’s increasing regulatory and risky climate. Download the whitepaper today for insights, trends and more.
third party risk management survey

Commitment to Vendor Management

More than three-quarters (77%) of respondents have five or fewer FTEs committed to working in vendor management. This is an improvement from 90% last year, perhaps due to adding new company types across the surveyed financial services and financial technology industries. Given the challenges of third party risk management, particularly at smaller companies where vendor management may be an afterthought for the already overwhelmed compliance manager, it’s important that the function is appropriately staffed with people sufficiently trained to do the job.


believe there is ROI from efficient vendor risk management


say regulatory requirements is their primary reason for doing vendor risk management

number employees third party risk management program

Vendor Risk Management Processes

A majority (77%) of respondents, with the exception of wealth and asset management, require a pre-contract risk assessment, an improvement from last year’s 67%. The pre-contract risk assessment is not only a best practice and general industry standard, but informs management of the risks they are assuming, allows them to craft better contracts to address risk and highlights additional areas for due diligence and ongoing monitoring.


say they have updated their vendor management policy documents in the last year


say they use the centralized operating model for their vendor management program

Best Practices in Vendor Management

Keeping your vendor management policy documents up-to-date and consistent with regulatory guidance and best practices is incredibly vital to having a successful practice. This year, 76% say they update the policy at least yearly, a slight improvement from last year’s 74%. Just like an annual checkup that can catch a medical issue early, the longer you leave the vendor management policy in place without refreshing it, the longer a potential unseen concern can grow and get worse.

vendor risk management hurdles for 2019

Next Biggest Hurdles

Cybersecurity absolutely needs to be a front burner issue for the industry; in an era when it’s not a matter of “if” but “when” an incident will occur, companies need to be poised to react and the best way to do that is to prepare well in advance. Regarding fourth parties, while there has been very little mention in formal guidance, examiners are laser-focused on companies that have even tangential access to customer data and what the third party is doing to protect it.


say fourth party assessments are their next biggest hurdle


say cybersecurity assessments of third parties are their next biggest hurdle

About this Report 

This is Venminder’s third annual whitepaper. This year we expanded the survey to include respondents from the wider financial services and financial technology industries. We believe this year’s results provide a broader lens to look at the third party risk management industry as a whole and, on balance, acknowledge the shared challenges of managing a highly outsourced vendor model.

Venminder promoted the survey to both clients and non-clients through email and social media. Results were tabulated as of December 17, 2018. To increase confidence in the validity of responses, answers are anonymous and confidential.


Get more in the full whitepaper

Fill out the form for full access and download this complimentary whitepaper.