Depends on your industry, for banking as a starting point I would refer you to the OCC Bulletin 2013-2, Reliance on Subcontractors:
Reliance on Subcontractors
Evaluate the volume and types of subcontracted activities and the
subcontractors' geographic locations. Evaluate the third party's ability to
assess, monitor, and mitigate risks from its use of subcontractors and to
ensure that the same level of quality and controls exists no matter
where the subcontractors' operations reside. Evaluate whether
additional concentration-related risks may arise from the third party's
reliance on subcontractors and, if necessary, conduct similar due
diligence on the third party's critical subcontractors.
------------------------------
Shelly Chase
VP Operational Risk
------------------------------
Original Message:
Sent: 04-24-2023 05:00 PM
From: Anonymous Member
Subject: 4th Parties
This message was posted by a user wishing to remain anonymous
Is there regulatory guidance that REQUIRES us to monitor and conduct due diligence on 4th party vendors? Thanks!