Every critical and high-risk vendor must have their fundamental business information gathered. Community financial institutions can use this information to assess if the vendor complies with any relevant local laws and regulations, as well as to spot any potential future performance problems.
An essential element in the vendor risk management lifecycle is due diligence. In many businesses, conducting due diligence on each vendor is not just a good business practice but also regulated by the law. There are baseline or foundational documents that should be gathered to further examine the majority of vendor engagements, even though not all vendor relationships pose the same risks to a financial institution.
Collecting, reviewing and storing vendors’ due diligence materials is a vital part of the vendor management process. Vendors are required to present certain documents as proof of their internal risk management as part of the due diligence procedure. The vendor should be able to provide documents that are a crucial part of evaluating the vendor’s risk and the controls they have in place. Whether it’s a SOC report to confirm information security processes, internal compliance guidelines, or even a business continuity plan and testing.
After collecting and reviewing the vendor’s due diligence material, the financial institution should have a central location to store these documents securely and also receive notification when due diligence material needs to be collected again or is missing. Strunk’s vendor management software, Vendor Manager, can assist with your financial institution’s vendor due diligence process and provide a streamlined process. Visit https://strunkaccess.com/vendor-manager/ to learn more.