Due Diligence and Ongoing Monitoring

  • 1.  Vendor Onboarding

    This message was posted by a user wishing to remain anonymous
    Posted 08-10-2021 08:26 AM
    This message was posted by a user wishing to remain anonymous

    Hello everyone!

    Hope everyone is doing well!

    I handle Third party risk management for a Bank.Also due diligence while onboarding vendors.Can any1 suggest how to treat "After the fact" cases where in the vendor is on boarded after the services are provided by the vendor and invoices have come for payment processing.As these are Breach cases,what is the best way to treat them and raise it to the senior management with a solution?

    Thanks in advance!


  • 2.  RE: Vendor Onboarding

    This message was posted by a user wishing to remain anonymous
    Posted 08-10-2021 08:53 AM
    This message was posted by a user wishing to remain anonymous

    What do you mean by 'Breach cases"? Just that the vendors were used before they were assessed?


  • 3.  RE: Vendor Onboarding

    This message was posted by a user wishing to remain anonymous
    Posted 08-10-2021 09:14 AM
    This message was posted by a user wishing to remain anonymous

    ​At my bank we would consider this a policy violation.  The business unit needs to obtain sign off from senior management regarding the violation and it is counted as a high risk finding.  All high findings are reported to the risk committee as part of our KRI.  The remediation plan is getting the vendor through our TPRM process.