Latest Discussions

Hannah, Thank you for the thoughtful response. Vendor attestations are not something I had considered before, so I really appreciate the recommendation. We can absolutely incorporate language into our onboarding platform, Zip, through the vendor ...

Hi, we do assessments based on the inherent risk rating of High every year, medium every 2 years and low every 3 years. The category managers are responsible for going in an initiating the assessment. I like to provide my category managers a risk assessment ...

How are you all doing your ongoing Risk Assessments within Venminder? Are you just having product managers go in and do new Risk Assessments every year/two years/etc. based on the risk rating? We are wanting to implement ongoing reviews, but we have a ...

Good afternoon, I am trying to gain some insight into what Tier other Credit Unions have their auto refinance vendors placed at and why. We seem to have a difference of opinion whether they should be a Tier 2 GLBA or a Tier 6 Moderate, only reviewing ...

This message was posted by a user wishing to remain anonymous Hi Everyone, We've just completed a TPRM framework and are now focused on operationalizing it. This is not a new program as the framework represents a future state designed to further ...

This message was posted by a user wishing to remain anonymous Our bank sells originated mortgages to Freddie Mac. Freddie Mac has provided vendor due diligence documents since our Vendor Management program started. We recently received an email from ...

Hi Tiffany, Great question! We recently updated our Risk Classification Questionnaire (RCQ), which by the way is a stand-alone Excel. We added 2 questions to address the issues you ask about. Whenever there is a new agreement for review, whether it ...

I wanted to reach out to get your perspective on how others are addressing third-party service provider referral processes and whether you have a similar framework in place. We are working through an issue involving a department within a financial ...

How are your teams managing vendors with AI capabilities? I work at a financial institution regulated by the OCC, for context. We have a GenAI review group and a somewhat half-baked process for approving AI capabilities. It works reasonably well for ...

We assess law firms annually based on risk using the volume of records and the annual spend from the previous year.

Yes, Law Firms should be assessed. We have several Default Law firms, and our investors, FNMA and FHLMC, have clear directions in their servicing guide on firm management that we have used as a guideline. ------------------------------ Rachel Kenyon ...

There was another post on this back in 2021 with no feedback, so I'm hoping this can get some traction. We have a CDC that we use for SBA loan packaging. Over the past few years, it's been a struggle to get their due diligence and what we do get shows ...

Hello - I'm wondering if anyone has rules around required documents being tardy and having to keep asking for? Do you wait 1-week, 2 weeks any penalties? How do you escalate?

It's a risk-based decision for us. The easiest and most common categories that are out of scope are memberships, dues, sponsorships, conferences, professional associations. Our exempt providers are on a case-by-case basis, whereas the out-of-scope categories ...

This message was posted by a user wishing to remain anonymous Our company is composed of multiple divisions and organizations that utilize the same vendors. TPRM usually takes time, and since we handle multiple engagement assessments, there are several ...

This message was posted by a user wishing to remain anonymous Venminder has a policy template that details what vendors to be exempt from oversight. I believe you can find it on this site.

This message was posted by a user wishing to remain anonymous What insurance are you all asking of your marketing firms that are posting on social media for your FI?

This message was posted by a user wishing to remain anonymous We are currently FDIC regulated but going through the process to become OCC Chartered.

This message was posted by a user wishing to remain anonymous May I please ask who your regulator is?

This message was posted by a user wishing to remain anonymous Both Title companies and Appraisers are excluded from Third Party Risk inventory. This is how we document our reasoning in policy. • Title Companies. The customer and the seller (if ...