Due Diligence and Ongoing Monitoring

 View Only

  • 1.  Business Continuity and Disaster Recovery Testing Results

    Posted 05-02-2024 02:34 PM

    It is becoming more difficult for the bank to get due diligence documents from our Critical and Moderate rated vendors specifically the BCP/DR reports.  I currently have three vendors that will not send any reports covering BCP/DR and some of my other vendors do not share enough details, so we receive a poor rating from Venminder's BCP review which causes me to have to file a Risk Acceptance form (RAF) on an annual basis as per the bank's regulators.  Last year we filed 14 RAFs due to poor BCP ratings and the bank's board has asked me to investigate alternatives.  Please advise if anyone is experiencing the same issue and if yes what is your company doing as an alternative.



  • 2.  RE: Business Continuity and Disaster Recovery Testing Results

    Posted 05-02-2024 03:49 PM

    Yes, it can be a challenge. I conduct BC/DR assessments of our critical vendors and would be happy to discuss alternatives if you would like to reach out to me?

    Thanks

    Melissa




  • 3.  RE: Business Continuity and Disaster Recovery Testing Results

    Posted 05-02-2024 07:12 PM

    Hi, I would also be interested in what alternatives you use in lieu of a BCP


    Original Message


  • 4.  RE: Business Continuity and Disaster Recovery Testing Results

    Posted 05-03-2024 09:43 AM

    Melissa, I would be interested in discussing alternatives with you please advise if you would like to schedule a call - if yes please send me some dates/times when you are available thanks.  My email address is [Email has been removed by the Community Manager for privacy reasons. You can reach out to the member directly by clicking on their name, which redirects you to their member profile. You'll find contact information and the option to send a direct message.]


    Original Message


  • 5.  RE: Business Continuity and Disaster Recovery Testing Results

    Posted 05-02-2024 07:14 PM

    No vendor is indispensable.   However, ability to critical vendors can be time consuming and expensive.   Suggest you assiduously manage contract expiration dates and include compliance standards along with SLAs in all renewals and, of course, on new vendors.   In addition, suggest consider the following:

    • Reach out to other users 
    • Use social media like LinkedIn to raise concerns
    • For requirements such as BCP/DR financials, consider filing formal complaints and notice of contract default if provisions can support that action.  
    • Consider vendor may react differently to notice from CRO or legal counsel.



    ------------------------------
    Tony Schweiger

    ------------------------------