Unanswered Questions

I wanted to reach out to get your perspective on how others are addressing third-party service provider referral processes and whether you have a similar framework in place. We are working through an issue involving a department within a financial ... More

How are your teams managing vendors with AI capabilities? I work at a financial institution regulated by the OCC, for context. We have a GenAI review group and a somewhat half-baked process for approving AI capabilities. It works reasonably well for ... More

There was another post on this back in 2021 with no feedback, so I'm hoping this can get some traction. We have a CDC that we use for SBA loan packaging. Over the past few years, it's been a struggle to get their due diligence and what we do get shows ... More

This message was posted by a user wishing to remain anonymous Our company is composed of multiple divisions and organizations that utilize the same vendors. TPRM usually takes time, and since we handle multiple engagement assessments, there are several ... More

This message was posted by a user wishing to remain anonymous What insurance are you all asking of your marketing firms that are posting on social media for your FI? More

Good Morning I am seeking information from other financial institutions regarding the provision of performance feedback to title companies involved in loan origination. Our internal efforts include a Lean Six Sigma Green Belt in Title Defect ... More

This message was posted by a user wishing to remain anonymous Hi everyone, does anyone have a list of questions or checklist, I can use to evaluate a Forensic vendor? Thanks. More

This message was posted by a user wishing to remain anonymous Hi, For small/medium sized businesses in Europe with very immature TPRM program in place, and no or limited resources/automation, I'd be interested in understanding how you perform due ... More

This message was posted by a user wishing to remain anonymous Has anyone worked on centralizing third-party inventory across multiple systems of record-especially in preparation for a regulatory data inventory request? How did you approach it, and what ... More

This message was posted by a user wishing to remain anonymous Please is anyone willing to share the Key Risk Indicators (KRIs) they use-particularly those reported to leadership-to evaluate the effectiveness of their Third Party Risk Management (TPRM) ... More

This message was posted by a user wishing to remain anonymous Is anyone willing to share their ongoing monitoring procedures. I am in the process of creating them, I started with Initiate the review by retrieving ongoing monitoring schedule and filtering ... More

This message was posted by a user wishing to remain anonymous Would anyone be willing to share their ongoing monitoring template for third parties? More

Good afternoon, We are launching a new program where we partner with various types of merchants to offer financing to their customers. Most are home-related (roofers, flooring, pools, HVAC) but we could expand to other areas over time. Is anyone ... More

This message was posted by a user wishing to remain anonymous We currently use Permission Assist (formerly a Sycorr product but they were recently acquired by SMA Technology/Continuous) for user access reviews. I found out today that starting at our ... More

With the many individual state privacy laws enacted that we need to ensure vendors are abiding by, I am looking for any best practices that anyone is using within the venminder platform to track their vendors to confirm they are abiding by them. In the ... More

This message was posted by a user wishing to remain anonymous Is anyone willing to share their ongoing monitoring list of documentation for consumer compliance risk? More

This message was posted by a user wishing to remain anonymous My company is expanding their current services to include banking services that would benefit our client base. (think HELOC pool purchases and portfolio lending) My TPRM program is geared ... More

Hello everyone - As a TPRM team we have always performed our own search via Secretary of State for the applicable state of each of our vendors. This cost is beginning to add up as most are registered in Delaware plus the added time it takes to search ... More

This message was posted by a user wishing to remain anonymous For those in the mortgage lending space, how do you handle due diligence for Third Party Service Providers & Leadshare Agreements. Does it roll up to Vendor Mgt team or a different team? ... More

This message was posted by a user wishing to remain anonymous We're moving to a new TPRM tool and taking the time to adjust our risk questionnaire. We prefer if a third-party provides SOC 2 Type II or ISO 27001, but for those who do not have either, ... More