Configuring routing fail-over (MPLS to VPN)

I am trying to get my head around if a scenario is possible, I will try and describe:

I have 4 sites, site A, B C and D, all connected via MPLS network, all internal networking is on the 10.0.0.0/8 subnet. I have static routes on the Fortigate devices pointing 10.0.0.0/8 towards MPLS for all sites - actual routing over the MPLS (BGP) is handled via service provider routers that I have no access to. Site A and B are head office sites, also have ISP links (direct to internet), default route 0.0.0.0 obviously points out to internet, site C and D only have MPLS. The MPLS link between site A and B is a SPOF that causes service issues. I need some sort of resilience. Putting in an IPSEC VPN between sites A and B over the internet is an option, but I am stuck with creating any automatic failover.

To complicate the matter, if we have a service interruption between site A and B over MPLS, I can't just use a link monitor to disable the port or static routes, because I cannot cause service issues to sites C and D, could be an issue where the issue is link to site A, so sites C and D are still working happily as they can still access site B.

What I really need is a link monitor where I can disable only specific static routes, so in the case of the failure above, site B still routes traffic to C and D over MPLS, but the traffic to site A is diverted to VPN tunnel.

Hope my ramble makes sense to someone. :)

Ta

J