Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Bitcoin

    Posted 07-13-2022 04:18 PM
    What level of due-diligence do you do (if any) on Bitcoin processors? 
    I have a hard time reaching two potential Bitcoin vendors.

  • 2.  RE: Bitcoin

    Posted 07-14-2022 09:07 AM
    We request the following from any and all Crypto;

    NDA on File
    Audited Financials Received
    W8/W9 on file
    Credit Score 
    Agreement Review
    Certificate Of Insurance
    Business Continuity Plan
    Pen Test
    Security Policy
    HR Policy
    Shared Assessment (SIG) or CAIQ

  • 3.  RE: Bitcoin

    Posted 07-14-2022 09:09 AM
    Paul, thank you! 
    Do they usually respond?

  • 4.  RE: Bitcoin

    Posted 07-14-2022 09:22 AM
    Oh yes, absolutely. If these are prospective Vendors, I would request with themn to establish an NDA so they can share said materials.

  • 5.  RE: Bitcoin

    Posted 07-14-2022 10:58 AM
    We would request a full due diligence package especially if they're going to be a Critical/High Risk vendor.  

    • Latest SOC report (SOC 2 is preferred) or equivalent third-party audit for applicable products/programs utilized by the bank
      • If another vendor is critical to support the delivery of your services/products, and you are providing due diligence for that vendor, please briefly describe the relationship between your company and the supporting critical vendor.)
    • SOC Report Gap/Bridge Letter(s)
    • Information Security Policies
    • Cyber/Network Security Policies with Testing Requirements and Results (i.e., Vulnerability and/or Penetration Testing)
    • Incident Response Policies with client notification protocols
    • Disaster Recovery/Business Continuity Plan(s)
    • Disaster Recovery Documentation and Testing Results
    • Current Certificate of Insurance
    • Red Flags Regulatory Compliance Policy
    • Complaint Logs/Summary of any past complaints/customer satisfaction issues
    • Compliance Management System Policy
    • UDAAP Policy
    • Reg E Policy
    • AML/BSA/CIP/OFAC Policy
    • Latest Annual Financial Statement with period end date 2021 (audited financial statements, including two comparative years of results, with notes preferred)
    • W-9