Life Cycle Guidance for Service Provider Due Diligence

Engaging third-party service providers to perform key functions can offer an investment adviser access to state-of-the-art technology and solutions necessary to compete in today’s environment. Before entering into service provider relationships, advisers need to understand that while the function may be outsourced, the responsibility for the function still rests with the adviser.

Firms engaging service providers need to adopt a due diligence program to evaluate the effectiveness of service providers. At the recent Ascendant Compliance Solutions Strategies 2019 Spring Conference, Jake Fechter of Buckingham Asset Management and Allison Fraser of CSS offered guidance on building a due diligence program. In their session, they offered the following life cycle of the due diligence process:

  • Identify your service providers – Firms should evaluate who their current service providers are. Reviewing the firm’s disbursements can identify potential service providers
  • Assess the risks to the business – For each service provider, identify what services are being performed and the risks presented. For example, consider whether the service provider has personally identifiable information about your clients and how it is protected.
  • Define contract terms – In contracts, specifically identify the services to be performed, including a service level agreement identifying expected deliverables and service times.
  • Conduct monitoring and oversight – Maintaining an effective relationship with your service provider and putting oversight activities in place will enable an adviser to ensure that contracted services are delivered. “Trust but verify.”
  • Recordkeeping – As Allison said during the session, “document, document, document.” Maintaining records related to due diligence is critical to demonstrating that due diligence took place.

Ascendant, CSS’ compliance consulting team, provides all services necessary to meet compliance obligations, including due diligence reviews. For more information, click here


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

Time to Use the Bat Phone: Who to Call When a Compliance Officer Needs Help?

It seems that the burden of work continues to increase for compliance professionals in the investment management industry. While also ensuring that their compliance program is effective, compliance officers must also be aware of cybersecurity threats, business continuity plans, new regulations, changes in business strategy, and more – all while doing this under a work … Continued

Texas Outlaws and a Silver Bullet: Position Limits in the USA

In this first installment on position limits, Regulatory Guidance expert Greg Hotaling surveys the current landscape of position limits imposed for U.S.-listed commodity derivative holdings, which can affect investment firms and other speculative investors regardless of where they are based. Stay tuned for coverage of EU position limits in the next edition. “Who shot J.R.?!” … Continued

FAQs From the Cyber Desk

Cybersecurity is a fast-moving target, so it is not uncommon for firms to have questions when it comes to assessing and understanding their cybersecurity risks. Here at CSS we receive a lot of cybersecurity questions, so we thought we would take the time to answer 10 of the most common Frequently Asked Questions. (1) What … Continued