Due Diligence and Ongoing Monitoring

What level of due-diligence do you do (if any) on Bitcoin processors? 
I have a hard time reaching two potential Bitcoin vendors.

We request the following from any and all Crypto;

NDA on File
Audited Financials Received
W8/W9 on file
Credit Score 
Agreement Review
Certificate Of Insurance
Business Continuity Plan
Pen Test
Security Policy
HR Policy
SOC
Shared Assessment (SIG) or CAIQ

Original Message:
Sent: 07-13-2022 04:17 PM
From: Natalia Weems
Subject: Bitcoin

What level of due-diligence do you do (if any) on Bitcoin processors? 
I have a hard time reaching two potential Bitcoin vendors.

Paul, thank you! 
Do they usually respond?
Original Message:
Sent: 07-14-2022 09:07 AM
From: PAUL PELLETIER
Subject: Bitcoin

We request the following from any and all Crypto;

NDA on File
Audited Financials Received
W8/W9 on file
Credit Score 
Agreement Review
Certificate Of Insurance
Business Continuity Plan
Pen Test
Security Policy
HR Policy
SOC
Shared Assessment (SIG) or CAIQ

Original Message:
Sent: 07-13-2022 04:17 PM
From: Natalia Weems
Subject: Bitcoin

What level of due-diligence do you do (if any) on Bitcoin processors? 
I have a hard time reaching two potential Bitcoin vendors.

Oh yes, absolutely. If these are prospective Vendors, I would request with themn to establish an NDA so they can share said materials.
Original Message:
Sent: 07-14-2022 09:08 AM
From: Natalia Weems
Subject: Bitcoin

Paul, thank you! 
Do they usually respond?
Original Message:
Sent: 07-14-2022 09:07 AM
From: PAUL PELLETIER
Subject: Bitcoin

We request the following from any and all Crypto;

NDA on File
Audited Financials Received
W8/W9 on file
Credit Score 
Agreement Review
Certificate Of Insurance
Business Continuity Plan
Pen Test
Security Policy
HR Policy
SOC
Shared Assessment (SIG) or CAIQ

Original Message:
Sent: 07-13-2022 04:17 PM
From: Natalia Weems
Subject: Bitcoin

What level of due-diligence do you do (if any) on Bitcoin processors? 
I have a hard time reaching two potential Bitcoin vendors.

We would request a full due diligence package especially if they're going to be a Critical/High Risk vendor.  

• Latest SOC report (SOC 2 is preferred) or equivalent third-party audit for applicable products/programs utilized by the bank
  • If another vendor is critical to support the delivery of your services/products, and you are providing due diligence for that vendor, please briefly describe the relationship between your company and the supporting critical vendor.)
• SOC Report Gap/Bridge Letter(s)
• Information Security Policies
• Cyber/Network Security Policies with Testing Requirements and Results (i.e., Vulnerability and/or Penetration Testing)
• Incident Response Policies with client notification protocols
• Disaster Recovery/Business Continuity Plan(s)
• Disaster Recovery Documentation and Testing Results
• Current Certificate of Insurance
• Red Flags Regulatory Compliance Policy
• Complaint Logs/Summary of any past complaints/customer satisfaction issues
• Compliance Management System Policy
• UDAAP Policy
• Reg E Policy
• AML/BSA/CIP/OFAC Policy
• Latest Annual Financial Statement with period end date 2021 (audited financial statements, including two comparative years of results, with notes preferred)
• W-9

Original Message:
Sent: 07-14-2022 09:21 AM
From: PAUL PELLETIER
Subject: Bitcoin

Oh yes, absolutely. If these are prospective Vendors, I would request with themn to establish an NDA so they can share said materials.
Original Message:
Sent: 07-14-2022 09:08 AM
From: Natalia Weems
Subject: Bitcoin

Paul, thank you! 
Do they usually respond?
Original Message:
Sent: 07-14-2022 09:07 AM
From: PAUL PELLETIER
Subject: Bitcoin

We request the following from any and all Crypto;

NDA on File
Audited Financials Received
W8/W9 on file
Credit Score 
Agreement Review
Certificate Of Insurance
Business Continuity Plan
Pen Test
Security Policy
HR Policy
SOC
Shared Assessment (SIG) or CAIQ

Original Message:
Sent: 07-13-2022 04:17 PM
From: Natalia Weems
Subject: Bitcoin

What level of due-diligence do you do (if any) on Bitcoin processors? 
I have a hard time reaching two potential Bitcoin vendors.