Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.


Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 


Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.



Trends, best practices and insights to keep you current in your knowledge of third-party risk.


Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars



Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.



Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.



Third-Party Oversight Implications of FDIC FIL-44-2008 Performance Monitoring Guidance

CPE Credit Eligible

Implementing your own third-party oversight strategy.

Venminder's third party risk experts simplify points from one of the industry's best checklists and most prescriptive set of vendor oversight standards - the FDIC's FIL-44-2008. We'll discuss guidance on performance monitoring, and explain how to implement them into your own vendor oversight strategy.

Video Transcript

Welcome to this week’s Third Party Thursday! My name is Branan Cooper and I’m the Chief Risk Officer here at Venminder. 

Let’s talk a bit about third party oversight. What exactly does that mean?

Well, if you were to Google it, I’m betting you’ll first see the NCUA guidance from 2007 that perhaps began the notion that financial institutions needed to do some ongoing review of the companies with whom they have an outsourcing arrangement.

Little did I know at the time, but the need for oversight would later be baked into much more thorough expectations in regulatory guidance.  The nature of the oversight should be dictated by the product or service provided. 

Perhaps the best checklist or most prescriptive set of oversight standards was laid out in the FDIC’s FIL 44 2008  - though please note, if you’re doing business with a payment processor or merchant there are also some specific transaction monitoring standards identified in FIL 3 of 2012 but before we narrow the lens too much, let’s go back to 44 of 2008 and touch on each of the bullets, quoting directly from the guidance.

Performance monitoring should include, as appropriate, the following:

  • Evaluate the overall effectiveness of the third-party relationship and the consistency of the relationship with the financial institution's strategic goals.
  • Review any licensing or registrations to ensure the third party can legally perform its services.
  • Evaluate the third party's financial condition at least annually. Financial review should be as comprehensive as the credit risk analysis performed on the institution's borrowing relationships. Audited financial statements should be required for significant third-party relationships.
  • Review the adequacy of the third party's insurance coverage.
  • Ensure that the third party's financial obligations to others are being met.
  • Review audit reports or other reports of the third party, and follow up on any needed corrective actions.
  • Review the adequacy and adherence to the third party's policies relating to internal controls and security issues.
  • Monitor for compliance with applicable laws, rules, and regulations.
  • Review the third party's business resumption contingency planning and testing.
  • Assess the effect of any changes in key third party personnel involved in the relationship with the financial institution.
  • Review reports relating to the third party's performance in the context of contractual requirements and performance standards, with appropriate follow-up as needed.
  • Determine the adequacy of any training provided to employees of the financial institution and the third party.
  • Administer any testing programs for third parties with direct interaction with customers.

So, there you have it, a perfect recipe, which you can customize as needed, for oversight of your third parties. Again, I’m Branan and thank you for watching! Don’t forget to subscribe to the Third Party Thursday series.


Subscribe to our Third Party Thursday Newsletter

Receive weekly third-party risk management news, resources, and more to your inbox.


New Call-to-action

Ready to Get Started?

Schedule a personalized solution demonstration to see how Venminder can transform your vendor risk management processes.

Request a Demo