Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

About

Venminder is an industry recognized leader of third-party risk management solutions. 

Our Customers

900 organizations use Venminder today to proactively manage and mitigate vendor risks.

Get Engaged

We provide lots of ways for you to stay up-to-date on the latest best practices and trends.

Gartner 2020
Venminder received high scores in the Gartner Critical Capabilities for IT Vendor Risk Management Tools 2021 Report

READ REPORT

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resource-whitepaper-state-of-third-party-risk-management-2022
State of Third-Party Risk Management 2022

Venminder's sixth annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

podcast

What Should Be In Your Third-Party Risk Examination Preparation Handbook

CPE Credit Eligible

Are you prepared for third-party risk exams?

The best strategy for preparing for a third party risk examination is to constantly be ready – so what items should you have in your examination preparation playbook? Listen to learn 7 of those items.

 

Podcast Transcript

branan cooper chief risk officerWelcome to today’s Third Party Thursday! My name is Branan Cooper and I’m the Chief Risk Officer here at Venminder. Today we are going to talk a little bit about third-party risk exam preparation. 

The best strategy for preparing for an examination is to constantly be ready – that means preparing well ahead of time and keeping everything up to date. Ideally, this means several months before any potential exam, you’re already preparing as though it’s getting ready to happen and then staying at that levels of readiness.

So, what items should you have in your examination preparation playbook? Let’s take a look:

  1. A thoroughly documented set of policies and procedures describing your third party risk management program in detail. These documents should be board-approved, accurate in terms of outlining the actual work product and cite relevant regulatory guidance or consumer protection laws. Be sure they are updated regularly when guidance changes or when particular situations warrant. Stick to a schedule of having them reviewed and approved annually.

  2. A complete inventory of all your institution’s third parties, including robust due diligence, well-written risk assessments and records of ongoing monitoring activities. This should also be accompanied by a process for identifying new third parties prior to a contract being executed and also defined in terms of the scope of what third parties need to be actively managed.

  3. A risk-based approach to due diligence, complete with all of the relevant documentation. At a minimum, for your critical third parties, you should have up-to-date financials (with corresponding analysis), SSAE 18 reports with accompanying controls, a robust business continuity plan detailing the roles of the third party and the institution, complete information security analysis to safeguard your customers’ data, foundational documents (such as articles of incorporation, secretary of state check, insurance certificates, and any required licensing) and an accurate and actionable exit strategy.

  4. A complete set of risk assessments on your third parties demonstrating that you have carefully considered all of the potential risks associated with doing business with this particular third party and how those risks are addressed by your institution. Ideally, the description of these risks corresponds with your institution’s enterprise risk management strategy outlining the company’s appetite for risk.

  5. Ongoing monitoring activities appropriate to control the risks identified in the assessment – these could range from transaction testing, to social media and negative news searches, to call center listening, to mystery shopping. These should be tailored to the type of activities the third party is providing. If there are items (e.g., reporting, audit records) you need the third party to provide, be sure they are spelled out in the contract.

  6. A system and process for managing contracts to ensure they are well tracked (failing to recognize expiration dates and termination notifications periods is a common pitfall) and contain all of the required provisions to protect all parties involved in the business relationship.

  7. Evidence of regular reporting to senior management and your board of directors, in the form of the actual presentation and evidenced in minutes. Ideally, this reporting will touch on each of the activities listed above.

Hopefully, you’ve got all of these items in order – but if not, now’s the time to prepare. If you wait till the countdown is on to the opening of the exam, you’re going to be doing too little, too late. We’ve got lots of helpful content on our website and in our weekly information series and we’re always here to help. 

Again, I’m Branan and thank you for watching! Don’t forget to subscribe to the Third Party Thursday series.

38116-newsletter

Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources and more to your inbox.

 

New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo