Skip to content
BOL Conferences Top Gun 23
Thread Options
#2013257 - 05/11/15 03:57 PM Lack of Vendor Response
Mari Keller Offline
Member
Joined: Nov 2013
Posts: 55
I have compiled a list of vendors from accounts payable and with the help of a Vendor Management Committee, determined our critical, medium and non-critical vendors. The condition of our vendors files is very poor, with missing signed contracts, etc and I have been reaching out to our current vendors to ask for updated information/documentation. That has not been successful and has turned into a nightmare of babysitting and begging. Management hesitates to produce stronger worded letters soooo I am wondering if anyone has 1) advice 2) experience from their regulators ie: if making an attempt to collect information from a current vendor is enough. I don't know what else to do. Any feedback would be appreciated, as usual.

Return to Top
Risk Management
#2013282 - 05/11/15 05:16 PM Re: Lack of Vendor Response Mari Keller
ComplianceNerd Offline
Gold Star
Joined: Nov 2011
Posts: 378
Texas ...
following...
_________________________
Can't is not an option.

Return to Top
#2013492 - 05/12/15 02:28 PM Re: Lack of Vendor Response Mari Keller
Russ Horn Offline
100 Club
Russ Horn
Joined: May 2008
Posts: 139
This is a tricky problem – and one I think a lot of community banks face. I don’t have “the answer” (not sure there is one), but I do have some thoughts/comments…

I think most service providers (at least those that service financial institutions) understand the need for vendor due diligence and want (or at least are willing) to help. Some of the issues I have seen causing delays include:
  • Finding the right person to ask. Sometimes, particularly with larger providers, we are asking the wrong person for the information. It may help to ask each vendor who the person/department is who helps bank’s with their vendor due diligence – if they service a lot of financial institutions, they likely have someone designated to this role. Also, I find many companies “publish” a due diligence packet for their customers – if you can find this packet, you can document the location and return there periodically to obtain updated information (bypassing the need to ask).
  • Asking for too much. Sometimes I have seen a bank compile a list of every possible document and send it to all vendors rather than only asking for the specific items needed to evaluate the vendor. This can cause delays in getting the items you really need.
  • Getting lost in the shuffle. I think all bankers understand being overwhelmed by requests – bankers wear a number of hats – it is similar with many service providers. So, one letter may not be enough – we might have to send a couple of letters and emails and even call – this is more burden on the bank, but may be required to make sure we get what we need.

Reminder: key critical vendors that service a lot of institutions may be examined. If so, you can ask your examiner for a copy of their last exam – this is good material to review as part of your due diligence process.

Hope this helps some – good luck!

Thanks,
Russ
_________________________
Russ Horn, CISA, CISSP, CRISC
CoNetrix
rhorn@conetrix.com

Return to Top
#2013622 - 05/12/15 07:38 PM Re: Lack of Vendor Response Mari Keller
Mari Keller Offline
Member
Joined: Nov 2013
Posts: 55
Russ, thank you for your help. I think we've considered everything you've mentioned and feel better because of that. I'll just keep plowing along. smile

Return to Top
#2015893 - 05/25/15 03:15 PM Re: Lack of Vendor Response Mari Keller
Sisyphus Offline
100 Club
Sisyphus
Joined: Jun 2008
Posts: 222
I would add to be sure you retain documentation of your efforts to obtain what is needed in case the bank is questioned by examiners or by auditors about missing due diligence.

Return to Top

Moderator:  Andy_Z