Due Diligence and Ongoing Monitoring

Hello,

As part of our vendor due diligence program we include our corporate banks as critical vendors. We have corporate banks in the US, UK, Netherlands, Australia, and Singapore. When performing due diligence inquiries we receive responses from banks in all locations aside from the UK and Netherlands. The banks in these locations are global institutions with headquarters in either the UK or Netherlands. These banks refuse to answer our questionnaires and only point us to the publicly available information on their websites. The public information is very high level and does not get into the details we are looking to gather around business continuity, information security, and cyber risk.

Do others have similar experiences when requesting due diligence of banks in the EU/UK? Have you been able to obtain any due diligence information outside of the publicly available websites? We are looking to see if there are any other ways we can obtain vendor due diligence information on these types of banks. Any insight or experiences are welcomed.

Thanks for your help

Hi, Garrett:

Thanks for your question.  Best practice is to refer to the particular institution's website where many policies are published in order to obtain information you are seeking.  Additionally, you may try performing a web search by using the terms "financial institution's name security policy".

There are a number of companies online that perform financials and other due diligence capabilities online which would accomplish what you are seeking; they are not publicly available.  They do offer services in exchange for a fee for performing such functionality on financial institutions like the foreign ones to which you have referred.

Hope this helps.  I would be interested in what other are doing!