Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.



FFIEC Appendix J and E

CPE Credit Eligible

FFIEC Appendix J and Appendix E.

Join us for Third Party Thursday to learn about Appendix J and Appendix E of the FFIEC guidance. We will go over what each of them are, what they mean and how your teams can stay informed on new guidance and regulations.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg

Podcast Transcript

Dana_Bowers_2017_circle.jpgWelcome to this week's Third Party Thursday. My name is Dana Bowers and I'm the CEO and Founder here at Venminder. Today we're going to be talking about FFIEC appendix J and appendix E.

Everyone in third party risk needs to pay close attention to the recent amendments to appendix J and appendix E in the FFIEC guidance, which spans across all the regulatory bodies. 

Appendix J can be found in the FFIEC IT examination handbook and addresses the importance of strengthening the resilience of outsourced technology services. So in other words, if your operations go down, when your third party goes down, both you and your vendor need a strong plan to prevent and remediate that unlikely but highly impactful event. I would strongly encourage you to read, understand and address that guidance as part of your vendor management program. Well after all, it's effectively the examination playbook.  

Now Appendix E talks about mobile banking and it's the first and best real attempt to set guidance specifically to mobile banking products. It's tough because the nature of the development of the technology is that it's certainly more nimble than the regulations can ever be. Appendix E calls out third parties in 18 different places. So, again, you know it's an area of real focus and concern.

The ability of financial institutions to keep up with new regulations, not to mention the ability to interpret them, in the context of some of these really innovative new products is quite the challenge and one that I think the industry is struggling with - just to keep up with all the developments in the fintech world. It will be interesting to see how heavily the fintech companies themselves are impacted by the regulatory environment. I know there have been numerous articles and conjectures on the topic but I think it's still a bit of a wait and see mode.

Incidentally, I would like to suggest a best practice in trying to grapple with all the changes and regulations and guidance - one that doesn't include trying to slog your way through hundreds of pages of very in-depth and often highly detailed reading. I like to follow the comprehensive and much more concise legal guidance that gets published soon after new or proposed regulations are released.

In particular, I really like some of the work done by Ballard Spahr, JD Supra, Bryan Cave and WilmerHale, just to name a few. They do a nice job of dissecting regulations, distilling points you need to be aware of and also discussing the possible impacts.

So I'm Dana, thanks for watching. And forget to subscribe for next week's Third Party Thursday video. 


Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.


New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo