(270) 506-5140 CONTACT US
Risk Assessment

What Do I Do If My Vendor Won’t Fill Out the Vendor Risk Assessment Questionnaire?

Aug 21, 2019 by Branan Cooper

You’re in a predicament. You recently sent your vendor the vendor risk assessment questionnaire not once, not twice but three times and they still haven’t filled it out. To make matters even worse, they’re a critical vendor.

It’s extremely important that you receive their responses. You can’t properly assess the risk the vendor relationship places on your organization without answers to this questionnaire. What do you do now?

5 Steps to Take When a Vendor Won’t Fill Out the Vendor Risk Assessment Questionnaire

I recommend taking the following five steps to approach the situation:

  1. Document your requests to gather the information. Log all emails, formal memos, meetings, phone calls, etc. This will help save you from being reprimanded by examiners/auditors as they’ll see you’ve been trying – and often!

  2. Ask your senior management team to help escalate with their senior management. They should have an action plan in place for situations like this. Ensure that your senior management team is willing to back you up in making waves with the senior management team at the vendor. Sometimes, it’s as easy as having someone else explain WHY you need it.

  3. Check and see if there are records of prior due diligence completed by the vendor. If so, perhaps you can just ask the vendor to note only what has changed.

  4. Remember, reports of examination can be obtained from your regional prudential regulator, but you’ll want to be ready to explain to the regulator WHY you need it. Obtain the report to help with filling out the vendor risk assessment questionnaire.

  5. You can, and should, get creative as needed. Some ways to do so include asking the vendor if they can host a WebEx meeting to discuss the vendor risk assessment questionnaire in detail or if they are able to provide something else.

If all this fails, you may even need to consider a site visit. What’s going on that is causing the delay or lack of responsiveness? A site visit may be your best course of action to find any risk that they’re trying to keep concealed, if any.  

However, with that, sometimes you’ll have exhausted all options with no luck. Due to that, be prepared in case you need to terminate the relationship. It may not be easy, but you may need to exercise those rights.

Does your vendor risk assessment questionnaire include the right components? Download the eBook.

risk assessment questionnaire

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog