This message was posted by a user wishing to remain anonymous
Hello All,
I work for a community bank, and recently we were notified by an email from FDICConnect that one of our Significant Service Providers had a number of Examination Concerns Requiring Attention (ECRAs).
We have inquired with the vendor, and they provided us with memos explaining what they have done with each ECRA. Many of them have been closed, some are in progress.
Currently we conduct the highest level of due diligence (inherent high risk) on this vendor, we also consider them critical vendor.
So, my question is:
How do we validate what they tell us?
We are also unable to mitigate some of these ECRA's, as they are beyond our control. Unfortunately ending our relationship with them would be very difficult, time consuming and expensive.
Any input about this situation would be appreciated.