Unanswered Questions

This message was posted by a user wishing to remain anonymous As part of our TPRM process, vendors provide due diligence documentation that is typically designated as confidential and not to be shared externally. If we store this information in ... More

This message was posted by a user wishing to remain anonymous Recently we had an external auditor, write up a finding in regard to Escrow and Title companies Due Diligence. They said that because of Regulatory guidance from 2023, we should include ... More

Hi all – As a Vendor Management function led by a department of one, I'm working to better define roles and responsibilities as the program continues to mature. If anyone is open to sharing sample job descriptions for vendor management or third-party ... More

Our third‑party questionnaires have been updated to incorporate new AI‑focused questions, including inquiries about AI usage and any use of our data in model training. We've also identified several third‑party vendors we plan to onboard whose offerings ... More

This message was posted by a user wishing to remain anonymous Hi Everyone, at my company (large global insurance company) we are looking in to broadening processes and controls around data sent to third parties. I'm wondering if anyone as any processes ... More

Good afternoon, I am trying to gain some insight into what Tier other Credit Unions have their auto refinance vendors placed at and why. We seem to have a difference of opinion whether they should be a Tier 2 GLBA or a Tier 6 Moderate, only reviewing ... More

This message was posted by a user wishing to remain anonymous Hi Everyone, We've just completed a TPRM framework and are now focused on operationalizing it. This is not a new program as the framework represents a future state designed to further ... More

This message was posted by a user wishing to remain anonymous Our bank sells originated mortgages to Freddie Mac. Freddie Mac has provided vendor due diligence documents since our Vendor Management program started. We recently received an email from ... More

I wanted to reach out to get your perspective on how others are addressing third-party service provider referral processes and whether you have a similar framework in place. We are working through an issue involving a department within a financial ... More

There was another post on this back in 2021 with no feedback, so I'm hoping this can get some traction. We have a CDC that we use for SBA loan packaging. Over the past few years, it's been a struggle to get their due diligence and what we do get shows ... More

This message was posted by a user wishing to remain anonymous Our company is composed of multiple divisions and organizations that utilize the same vendors. TPRM usually takes time, and since we handle multiple engagement assessments, there are several ... More

This message was posted by a user wishing to remain anonymous What insurance are you all asking of your marketing firms that are posting on social media for your FI? More

Good Morning I am seeking information from other financial institutions regarding the provision of performance feedback to title companies involved in loan origination. Our internal efforts include a Lean Six Sigma Green Belt in Title Defect ... More

This message was posted by a user wishing to remain anonymous Hi everyone, does anyone have a list of questions or checklist, I can use to evaluate a Forensic vendor? Thanks. More

This message was posted by a user wishing to remain anonymous Hi, For small/medium sized businesses in Europe with very immature TPRM program in place, and no or limited resources/automation, I'd be interested in understanding how you perform due ... More

This message was posted by a user wishing to remain anonymous Has anyone worked on centralizing third-party inventory across multiple systems of record-especially in preparation for a regulatory data inventory request? How did you approach it, and what ... More

This message was posted by a user wishing to remain anonymous Please is anyone willing to share the Key Risk Indicators (KRIs) they use-particularly those reported to leadership-to evaluate the effectiveness of their Third Party Risk Management (TPRM) ... More

This message was posted by a user wishing to remain anonymous Is anyone willing to share their ongoing monitoring procedures. I am in the process of creating them, I started with Initiate the review by retrieving ongoing monitoring schedule and filtering ... More

This message was posted by a user wishing to remain anonymous Would anyone be willing to share their ongoing monitoring template for third parties? More

Good afternoon, We are launching a new program where we partner with various types of merchants to offer financing to their customers. Most are home-related (roofers, flooring, pools, HVAC) but we could expand to other areas over time. Is anyone ... More