1 (888) 836-6463 CONTACT US

Subscribe for Third Party Thursday Newsletter

Best Practices

Bring Your "A" Game to Vendor Risk Management

View this online webinar to listen to Venminder’s CRO, Branan Cooper as he is joined by guest speaker Renee Murphy of Forrester where they discuss what you need to know for vendor management in 2020.


9 Tips for Successful Vendor Contract Management

Improving how your organization manages the process will help you clearly define vendor expectations and responsibilities. Watch this 90-second video to get a fast overview and best practices for vendor contract management.


Pre and Post-Contract Vendor Due Diligence

Throughout your vendor risk management process, you should be conducting due diligence both pre and post-contract. In this 90-second video, learn the different due diligence items you should be requesting from your third party vendors.

Best Practices

3 Questions to Determine Critical Vendors in Third Party Risk Management

Determining who your critical vendors are is an important part of the process. Watch this 90-second video, and hear important questions to ask yourself in order to figure out which of your vendors are critical.

Best Practices

9 Steps to Creating an Effective Third Party Risk Program in 90 Seconds

An effective third party risk management program is key to protecting your organization. Watch this 90-second video to learn the 9 steps that you should take in order to create a third party risk program. 

Due Diligence

Third Party Document Collection Best Practices in 90 Seconds

Due diligence is another term for third party document collection. It is one of the most critical activities in third party risk management. Watch this quick overview of best practices for third party document collection.

THUMB-Video1 - Managing Third Party Risk
Best Practices

Managing Third Party Risk in 90 Seconds

Effective third party risk management can protect your organization by managing the risks you are taking by outsourcing a product or service. In this 90 second video, you will learn about the different phases involved in vendor management. 

2018 Vendor Contract Service Level Agreement Best Practices - Video

Vendor Contract Service Level Agreement Best Practices

Service level agreements (SLA) are written into the contract to define the expectations of vendor performance. In today's Third Party Thursday, we'll go through some SLA best practices to help you better manage your vendor risk.

Due Diligence

6 Hazards of Incomplete or Ineffective Vendor Due Diligence

Sometimes it's important to point out where pitfalls in third party risk management can occur and how to prevent them from happening. Today we're going to cover specifically six hazards on an incomplete or inefficient due diligence process. 

fourth parties and third party contracts

Fourth Parties and Third Party Contracts

Even though you don't have a direct contractual relationship with your fourth parties, you still need to conduct proper due diligence on each and every vendor. In this video, we'll cover how to go about that by using your third party and what to include in vendor contracts.

third party thursday 6 third party due diligence best practices
Due Diligence

6 Third Party Due Diligence Best Practices

Due diligence is a critical step in a successful third party vendor relationship. In this video, we will cover six best practices for vendor due diligence to help you master this portion of third party risk management. View this video now.

how to recognize vendor fraud
Due Diligence

Recognizing Vendor Fraud

Even if you have the best contract that allows you an easy "out" if vendor fraud occurs, protect your company and customers by learning how to recognize vendor fraud, symptoms and indications of a situation to investigate.

third party risk audit
Best Practices

External Third Party Risk Management Audits

There are a few scenarios that would warrant an external review of your vendor management program. Watch to learn when you should seek an external review of your third party risk audit.

third party risk enforcement actions

Improve VRM by Using Enforcement Actions

New enforcement actions usually come in the form of a CFPB action surrounding UDAAP - use them to your advantage. Watch to learn how to use one to make your vendor risk management program more efficient.

vendor management program
Best Practices

3 Components of a Vendor Risk Management Program

There are a number of vendor management related disciplines you need to do really well to have a strong vendor management program, but there are 3 elements in particular that create a strong foundation.

vendor contract risk

7 Items to Cover within a Vendor Contract or SLA

A SLA is a written contract between your company & a third party that describes the level of service required. A model SLA should include these 7 items, watch Third Party Thursday to learn what they are.

vendor due diligence
Due Diligence

Streamline Vendor Due Diligence Checklist

Creating a basic checklist is the key to streamlining your third party due diligence process. Listen to learn the items that should be obtained from EVERY vendor, tips for customizing your approach and more.

third party risk management best practices
Best Practices

Third Party Risk Isn’t Just for Financial Institutions

Third party risk management is a focus for financial institutions. However, they're not the only ones that should be concerned with it. Third party risk management can positively impact any company's resources, cost, etc. 

vendor contract management best practices
Contract Management

10 Vendor Contract Management Best Practices

Regardless of how mature your current contract management system is, these 10 vendor contract management best practices can help mitigate third party risk. Ensure you're doing them.

Contract Management

What Examiners Expect in Managing Contracts

Learn what examiners expect regarding vendor contract management straight from third party risk guidance on contract negotiation. Watch as we cover OCC Bulletin 2013-29 & 2017-7.

Due Diligence

Third Party Oversight

Key points from one of the industry's most prescriptive set of vendor oversight standards. Learn guidance on performance monitoring, and how to implement it all into your own vendor oversight strategy for third party risk management.

Due Diligence

Basics of Vendor Due Diligence

Watch this video on six vendor due diligence facets to help as you mitigate vendor risk. We guide you through the process and provide expert tips and advice for implementing each facet into your due diligence process.

Contract Management

Vendor Contract Management Regulatory Guidance

Watch this video to learn about vendor contract management regulation, tips and ideas. Standardize and improve your contract approach for third party risk.

Third Party  Thursday 7 Key Components of a Good Vendor Management Program
Best Practices

7 Key Components of a Good Vendor Management Program

Learn the 7 key components you need for a good vendor management program. Do you have these in yours yet? If not, it's time to consider some changes.

10 best practices of good vendor managers
Best Practices

10 Best Practices of Good Vendor Managers

Learn 10 best practices that good vendor managers use to take care of their institution's third party risk and stay compliant. You should incorporate these into your program.

vendor cybersecurity in 2017

Vendor Cybersecurity In 2017

Watch this third party risk video to learn about the timeline of vendor cybersecurity becoming a focus for examiners, cybersecurity issues at play and different ways your institution can comply as well as stay safe from cyber threat.

how when and why to use a vendor information security questionnaire
Information Security

How, When and Why to Use an InfoSec Questionnaire

Learn the how, when and why of using vendor information security questionnaires for your third party risk management and how your due diligence process can benefit from it.

CIA Triad Within Vendor Management
Information Security

CIA Triad Within Vendor Management

In this video, you'll learn how your vendor's approach to the CIA triad of information security impacts you and your customers. Being aware will help you against third party risk.

Third Party Due Diligence
Due Diligence

Third Party Due Diligence

In this short vendor management video, you will learn four key points you need to know regarding third party due diligence and what items your due diligence checklist should contain to keep your institution safe from third party risk. 

Understanding Vendor SOC Scope, Time and Narrative
SOC Reports

Understanding Vendor SOC Scope, Time and Narrative

Learn what the scope of a vendor's SOC report means and where to find it along with what typical audit periods are and a few questions to ask yourself while reviewing the narrative.

7 Steps of Vendor Vetting Vendor Management Video
Due Diligence

7 Steps of Vendor Vetting

Learn the 7 key things you should do with every new vendor. These steps are essential to the vendor vetting process and determining how much you know about the company with whom are you planning to do business.

Analyzing SOC Controls vendor management video
SOC Reports

Analyzing SOC Controls

In this vendor management video, you will learn where to find the controls section within a vendor SOC report along with what the control objectives and activities are and what to look out for in the findings and exceptions.

Vendor Management Critical Vendors
Best Practices

Critical Vendors: What to Review

We cover the key questions you need to ask yourself to determine if your vendors are critical. Then, we dive deeper and talk about what you should review on your critical risk vendors.

What is SSAE 18? Vendor Management
SOC Reports

What is SSAE 18?

As of Monday, May 1, SSAE 18 is now in effect. Are you familiar with SSAE 18 yet? Join us now as we talk about SSAE 18 - what it is and how it affects how you do vendor management at your institution. Let's get started.

vendor management risk assessments
Risk Assessment

Vendor Management Risk Assessments

We’re going to talk through a few key things you need to know about vendor management risk assessments for your institution's third party risk management program. 

10 steps to create your vendor list
Best Practices

10 Steps to Creating Your Vendor List

We’re going to talk through the 10 main steps you need to take to create your proper vendor list for your third party risk management program at your institution. Let's get started.

third party risk vendor management errors video
Best Practices

10 Common Vendor Management Errors

It’s easy to get so deep in the weeds of your vendor management program that you make some pretty basic errors. Sometimes you need to take a step back and evaluate. Here are some of the ones that we see most often.


3 Lines of Vendor Management Defense

You may have heard the term “three lines of defense”. But, what is a three lines of defense strategy? We'll go through those three lines of defense you have for vendor management at your financial institution.

ERM vs Vendor Management
Best Practices

Enterprise Risk Management vs Vendor Management

We often get asked, "Is there a difference between an ERM and VM?" The answer is “YES” – they are different, but there are some areas of overlap as well. Learn about what some of the differences are.

Lifecycle Approach to Third Party Risk Management
Best Practices

Lifecycle Approach to Third Party Risk Management

Third party risk management must flow in a lifecycle. We'll discuss how it's a constant evolutionary process rather than an annual static event - a core aspect that you should incorporate into your program.

Best Practices

Fundamental Third Party Risk Management Best Practices

We'll discuss fundamental best practices of third party risk management that you need to implement such as education, tailored ongoing monitoring, outsourcing and not cutting corners.

Best Practices

Why Is There So Much Focus On Third Party Risk?

You have to do a lot for your third party risk management now... but why? We'll go through a few reasons for the increased third party risk management regulation and concern. 

Best Practices

How to Write a Third Party Program

It should cite relevant regulations and guidance; it should describe its relationship to other parts of your compliance program and establish its importance as a foundational document for your institution.

Best Practices

How to Write a Third Party Policy

A policy is the first main foundational third party risk management document you should have on file. Learn about key aspects in writing a proper third party policy for your financial institution.


FFIEC Cybersecurity Assessment Tool

The FFIEC released a Cybersecurity Assessment Tool. We'll go over in depth the benefits of it and why your financial institution should use it for your vendor management. 


Security & Confidentiality Provisions Which Should Be Addressed

Even though each vendor agreement includes different contractual terms, 5 security and confidentiality provisions should always be addressed. Let's go through them.


When a Vendor Refuses to Provide Financials

When a third party company doesn't provide financial documents we tend to think there's nothing we can do. But actually, there is and we'll show you that alternate path in this video.

SOC Reports

Importance of Complementary User Entity Controls

Learn what Complementary User Entity Controls are, how they're related to SOC reports, what you do with them, why they're important and more.


Mitigating Vendor Contract Risk

In order to have vendor management control, you must have a firm understanding or knowledge of third party vendor contracts. Learn the 3 pillars in managing them and other points about mitigating contract risk.  

SOC Reports

5 Types of Vendor SOC Reports

So, what are the types of service organization control (SOC) reports and which type of SOC report did your vendors have performed? It can be confusing to keep track of them. To help, we'll briefly go through all 5 of them in this video.

Due Diligence

Fourth Parties

So you're asking yourself right now, "What is a fourth party? I've just gotten my head around the whole concept of having third parties. And why are they important to my financial institution's vendor management program?" Let's discuss.

Vendors Bank Credit Union cloud Computing
Information Security

Your Vendors and Cloud Computing

The Cloud has many benefits, but like everything, there are risks you need to consider. Protecting your institution’s data is ultimately your responsibility so you should know how your vendor safeguards it.


Evolution of Third Party Risk

In this video we’re going to talk a little about the evolution of third party risk management and the increased regulatory expectations on financial institutions. This will be helpful to know as you expand your third party risk knowledge.

Third Party Thursday BCP and DR.jpg
Business Continuity

Vendor Business Continuity and Disaster Recovery Plans

Ensuring your critical vendors can survive in disaster helps ensure your financial institution can also survive. Learn what Business Continuity & Disaster Recovery plans are & how our team reviews them. 

SOC Reports

3 Key Points to Review In SOC Reports

Learn the 3 key points to review in service organization control reports, SOC reports for short, as you begin assessing your vendor's environment. Meet examiner requests and gain strategic business advantages.

Third Party Thursday Video 5 Key Provisions Bank Credit Union Critical Vendor Contract

5 Key Provisions to look for in your Critical Vendor Contracts

When reviewing and negotiating critical vendor contracts, consider many elements. Here's 5 key provisions to give special attention.


Consequences of a Vendor's Poor Financial Performance

You report the vendor's financial health to senior management and board. What happens when the financial health is poor? We will go over the domino effect, the issue in the industry and what you can do about it.


FFIEC Appendix J and E

You should be familiar with Appendix J and Appendix E of the FFIEC guidance. We will go over what each of them are, what they mean and how your teams can stay informed on new vendor management guidance and regulations.

Due Diligence

Defining Critical Vs. Non Critical Vendors

Do you know the difference between a critical and non critical vendor? Learn about defining them for your financial institution. We'll cover why it's important, the business impact, exit strategies and more.

Best Practices

Defining the Scope of your Third Party Risk Management Program

You must define specifically who will be a part of your third party risk management program and also, equally important, who is out

Third Party Thursdays what you can do now for next year
Best Practices

What you can do now to prepare for 2017

So, what can you do right now in preparation for next year? There’s actually quite a lot, depending on the maturity of your third party program. Watch this video to learn what you can do now to prepare for 2017.

Best Practices

Best Practices in Vendor Management

With all the vendor management industry changes and guidance updates, it's easy to get overwhelmed. In this video, we will talk about basic vendor management best practices to implement.

Pillars of Bank Credit Union Third Party Risk Third Party Thursday Video
Best Practices


Regulatory guidance sets out fundamental expectations. It’s important for the day to day management and exam standpoint that these pillars are in place and functioning in your institution. Learn more about these pillars.


What's In the News Matters

Vendor management is covered a lot more in industry news now. It's hard to keep up, and sometimes tempting not to try. This video mentions recent examples of important items covered.

Third Party Thursday Video Series
Best Practices


We're very excited to announce this new video series. Join Branan as he explains what Third Party Thursday is, why we started this video series and how to stay up-to-date with the latest videos.