Blog

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Take a look at the latest third-party risk updates and articles our experts recommend during the month of May to make sure you're staying on top of the latest vendor management news.
  • With a rise in data breaches, both cybersecurity and data protection should be top of mind for every organization. Additionally, as concerns around data protection continue, privacy initiatives will be a focus and expectations and requirements will only increase. If you’re in one of the states considering legislation like the CCPA, or a subset of it, what steps should you take?
  • COSO 2013 was way ahead of its time. Given that, it’s even more interesting to note that it took until 2019 for the COSO 2013 Principles to be applied to SOC 2 audits. For those of us that have been in the vendor management world for many years, we have had a front row seat in watching the development and maturity of third-party risk management, what it means to us and what our regulatory agencies expect of us.
  • I spent 28 years in banking. While I was exclusively a banker, I dealt with a wide range of industries — particularly in my MBNA America days when I helped to manage our operations centers as well as our consumer finance and business lending areas. As I moved further into risk management and compliance, in the latter portions of my banking career, I realized how often (and how easy) it is to overlook risk.
  • While vendor cybersecurity preparedness has always been important, it's an especially hot topic in our current pandemic environment. With a massive shift to remote work environments, better understanding of our vendors’ cybersecurity has never been so crucial. It's also a non-negotiable part of any holistic third-party risk management program .
  • There’s no way around it. Risk assessments are work. There are a lot of moving parts and a lot of pieces of information to take into consideration. Like much of life today, it’s good to take a step back and understand the full scope of the endeavor. It can be helpful to take a phased approach to the vendor risk assessment process.
  • By now, chances are most organizations have reached out to critical third-party service providers to gather up all the information they (the vendors) have on file about their pandemic planning. You may have already noticed that some of these vendors are already showing signs of stress. With limited capacity, inadequate pandemic planning, weak execution, under-capitalization and a lack of staff, it’d be an understatement to say that tensions are running high.
  • Much plays into a successful vendor risk management program . The time devoted, the subject matter experts involved and a thorough understanding of the evolving regulations are all considerations to take into account. At times it can become a laborious task to fully understand all facets that should be part of your organization’s vendor risk management in order to be a thriving program.
  • We know all too well the stress of an upcoming vendor management exam. We’ve been there — many times, and if we’ve learned anything about making the process a little less anxiety-inducing it’s keeping one age-old adage top of mind: by failing to prepare, you are preparing to fail. The real secret is all in doing your homework… well ahead of time.
  • When it comes to your vendors and your vendors’ financial health, there’s one thing you must keep in mind: financial performance is not an event of default. What do we mean by that? In a post-pandemic world, poor financial performance on the part of your vendors is not a “get-out-of-jail-free card” — for either party, and it’s certainly not an accurate predictor when it comes to financial health. Organizations need to perform an analysis in order to properly forecast what steps to take next. That means a focus on financial health, rather than performance.
  • Staying on top of the latest vendor management news and resources is more important than ever. Take a look at the latest third-party risk updates and articles our experts recommend during the month of April.
  • Let’s face it, automation really helps drive efficiency. It speeds up processes, allows full-time employees (FTEs) to focus on strategic business initiatives and helps catch errors, but it’s certainly not perfect. The truth is, we can’t just cut human review out of the due diligence process altogether. When I managed fraud automation a dozen or so years ago, we had these glorious dreams that somehow, we could simply turn it over to the machines and rest easy at night. Easy enough, right? Wrong.
  • Earlier this year, Venminder released our annual State of Third-Party Risk Management whitepaper, based on a survey distributed at the end of 2019. It covered respondent data and analysis from a wide variety of organizations across multiple industries. The additional perspectives allowed us to learn a great deal of valuable third-party risk information from a very wide spectrum.
  • During our recent three-day Third-Party Risk Management Bootcamp , we had a lot of GREAT questions come in and wanted to compile and share the answers. Below you will find third-party risk management questions and answers posed during Day 1, Day 2 and Day 3 sessions.
  • As you review your vendor’s financial health, here are six tips to an accurate vendor financial performance assessment.