Vendor Risk Assessment
The regulations governing operational resilience will impose higher due diligence standards on a chain of suppliers to a regulated business deemed as ‘critical’. Clients currently operating outside of the regulatory sphere will be required to meet these standards. ARA has the experience to support clients either in undertaking or undergoing that due diligence; ensuring they meet the regulatory standards and achieve their strategic goals.​
Due Diligence of Critical Providers ​
-
Initial Vendor Due Diligence Service covering:​
-
Business Model​
-
Financial standing and scale​
-
Technology resources​
-
ICT controls and security​
-
Relevant authorisations or registrations​
-
Management capability, expertise and reputation​
-
-
Risk rating opinion​
-
Periodic review and assessment​
-
Management reporting​
Operational Resilience Assessments​
-
Preparation for assessment as a critical provider​
-
Support in the design and implementation of a control and governance framework in line with regulatory expectations​
-
Advice on the quality and nature of the documentation required to demonstrate strong operational resilience​
Regulation
-
Advise on understanding the impact of regulation governing operational resilience​
-
Advise on any direct or indirect engagement with regulators​
-
Monitoring changes to that regulation and advising on any necessary action or changes to governance and control frameworks​
Other Services