Engaging third-party service providers to perform key functions can offer an investment adviser access to state-of-the-art technology and solutions necessary to compete in today’s environment. Before entering into service provider relationships, advisers need to understand that while the function may be outsourced, the responsibility for the function still rests with the adviser.
Firms engaging service providers need to adopt a due diligence program to evaluate the effectiveness of service providers. At the recent Ascendant Compliance Solutions Strategies 2019 Spring Conference, Jake Fechter of Buckingham Asset Management and Allison Fraser of CSS offered guidance on building a due diligence program. In their session, they offered the following life cycle of the due diligence process:
- Identify your service providers – Firms should evaluate who their current service providers are. Reviewing the firm’s disbursements can identify potential service providers
- Assess the risks to the business – For each service provider, identify what services are being performed and the risks presented. For example, consider whether the service provider has personally identifiable information about your clients and how it is protected.
- Define contract terms – In contracts, specifically identify the services to be performed, including a service level agreement identifying expected deliverables and service times.
- Conduct monitoring and oversight – Maintaining an effective relationship with your service provider and putting oversight activities in place will enable an adviser to ensure that contracted services are delivered. “Trust but verify.”
- Recordkeeping – As Allison said during the session, “document, document, document.” Maintaining records related to due diligence is critical to demonstrating that due diligence took place.
Ascendant, CSS’ compliance consulting team, provides all services necessary to meet compliance obligations, including due diligence reviews. For more information, click here.
Subscribe to CSS Blog
CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.