Software

Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

Managed Services

Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

Overview
Document Collection
Policy/Program Template/Consulting
Virtual Vendor Management Office
Vendor Site Audit

Ongoing Monitoring

Let us handle the manual labor of third-party risk management by collaborating with our experts.

VX LP Sequence USE FOR CORPORATE SITE-thumb
Venminder Exchange

As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

CREATE FREE ACCOUNT

Use Cases

Learn more on how customers are using Venminder to transform their third-party risk management programs. 

Industries

Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

Why Venminder

We focus on the needs of our customers by working closely and creating a collaborative partnership

1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
Sample Vendor Risk Assessments

Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

DOWNLOAD SAMPLES

Resources

Trends, best practices and insights to keep you current in your knowledge of third-party risk.

Webinars

Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

See Upcoming Webinars

On-Demand Webinars

 

Community

Join a free community dedicated to third-party risk professionals where you can network with your peers. 

Weekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

Subscribe

 

Venminder Samples

Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

resources-whitepaper-state-of-third-party-risk-management-2023
State of Third-Party Risk Management 2023!

Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

DOWNLOAD NOW

Budget Time. Take an Examiners Advice - Remember Vendor Management

4 min read
Featured Image

While talking to a prospect recently, he shared a comment that his examiner made from a recent exam. It went something like this:

You need to put away the manual spreadsheets and look into a robust software that will help you combine the contract area and the accounting area for a more centralized vendor management program. The excel spreadsheet of yesteryear will no longer cut it.”

So, if your bank or credit union's vendor management program is still being done manually with spreadsheets, here are a few tips to keep in your back pocket when you ask for vendor management budget dollars. 

How do you place a dollar value on risk?

Vendor management is all about managing risk. Allocate too few dollars to it and you may regret it at some point in time. Here are a few possible unintended consequences:

  • Your data has been breached at your vendor. (think Target) Don’t be naïve and hope it doesn’t happen. Most experts agree these days that it’s not a matter of if, it’s a matter of when. Is your vendor doing penetration testing? If so, what were the results? Do you know what your vendors incident response plan is? How does their incident response plan tie into your own? Translate: what the heck will you do when it happens? Could you have anticipated the risk by reviewing your vendors cybersecurity preparedness, determining it was inadequate therefore allowing you to make the decision to move to a more secure vendor? 
  • Do you know who your vendors vendor’s are? Are they held to the same standard as you and your primary vendor? Where is your data? How many vendors vendors vendors does it pass through? Appendix J is no joke. Yes, it focuses on disaster recovery primarily but don’t miss the reference to your vendors vendor’s. While you’re trying to get your arms wrapped around your own primary vendors, beware: the next wave is coming. If you aren’t already doing proper oversight on the critical vendors to your critical vendors you will be asked to do so. Soon. 
  • Findings in your next exam. Ouch!  For many of you, you’ve been doing vendor management the same way for a very long time and your examiners have been satisfied. Those days are likely over. Whether you read the tea leaves, take our advice or hear it from your peers, vendor management is a hot button for the examiners and you should expect bigger demands in regards to your vendor management program. And rightfully so, really. Risk has a whole new meaning these days and you need to demonstrate you understand it and have taken all reasonable measures to mitigate it. That can’t be an exercise in checking boxes any longer. 

Effective Contract Management – It’s a win win!

Chances are your vendor contracts represent the lion’s share of your non-interest expense. If you haven’t been faithfully negotiating your contracts at each renewal period you likely have some savings opportunities laying around just waiting for you to ask for them.   

  • First, look at all of your high dollar technology contracts. Do any of them have auto price increases built in? And are any of those going to kick in next year? Don’t forget to budget for those! 
  • On those same contracts, do any of them have an approaching maturity date? Be sure you start your negotiations way ahead of time. For example, you should start re-negotiating your core contract 18 to 24 months ahead of the maturity date.   
  • Are you due a loyalty discount on any of your technology contracts? In other words, how long have you been doing business with this vendor and when was the last time price was negotiated? Technology prices tend to come down over time. Don’t continue to pay the same price you contracted for 10, 5 or even 3 years ago. Remember, it’s much cheaper for your vendor to keep you than it is to replace you. Even a modest loyalty discount will add real dollars back to your bottom line. Negotiate enough of them and you’ll MORE than pay for your vendor management expense. 
  • Have you reviewed your contracts for compliance with FFIEC guidance? You may have had an attorney review your contracts but was their expertise on contract law, regulatory guidelines or both? Chances are some of your older contracts are not in compliance with the most recent guidelines. While compliance issues may not directly save you dollars, having the right terms and conditions in your contracts can certainly reduce your risk and save you grief down the road.   

Take what you can get and then build on it each year.

If you have never outsourced any part of your vendor management in years past, then this will be a new line item in next year’s budget. Let’s face it, there’s never enough dollars in a budget to get everything you need or want. 

So, don’t shoot for the moon. Lay out a plan over a 3 year period that will get you where you need to be one step at a time. Don’t misunderstand. We’re not suggesting you can take 3 years to develop a proper vendor management program.

That needs to happen right away. But you can slowly grow your budget over time and off-set in the early years with a lot of hard work. As we mentioned in part 3 of this series, understand your strengths and weakness and ask for a budget in the first year to cover your most critical weaknesses.  

Vendor Management Policy Program Procedures Umbrella Infographic Series

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo