Your regulators will expect you to have a robust policy and program documents
The policy is usually a 5 or 6-page document that establishes standards, provides guidance as to the inherent and residual risks with a third party and the overall framework of the vendor management program. If vendor management is included in your audit or examination, likely the third party risk management policy will be one of the first documents requested.
Additionally, a thorough program document is essential for expanding on the foundation that your policy created. The program is much more in-depth and outlines the concepts laid out in the policy.