Life Cycle Guidance for Service Provider Due Diligence

Engaging third-party service providers to perform key functions can offer an investment adviser access to state-of-the-art technology and solutions necessary to compete in today’s environment. Before entering into service provider relationships, advisers need to understand that while the function may be outsourced, the responsibility for the function still rests with the adviser.

Firms engaging service providers need to adopt a due diligence program to evaluate the effectiveness of service providers. At the recent Ascendant Compliance Solutions Strategies 2019 Spring Conference, Jake Fechter of Buckingham Asset Management and Allison Fraser of CSS offered guidance on building a due diligence program. In their session, they offered the following life cycle of the due diligence process:

  • Identify your service providers – Firms should evaluate who their current service providers are. Reviewing the firm’s disbursements can identify potential service providers
  • Assess the risks to the business – For each service provider, identify what services are being performed and the risks presented. For example, consider whether the service provider has personally identifiable information about your clients and how it is protected.
  • Define contract terms – In contracts, specifically identify the services to be performed, including a service level agreement identifying expected deliverables and service times.
  • Conduct monitoring and oversight – Maintaining an effective relationship with your service provider and putting oversight activities in place will enable an adviser to ensure that contracted services are delivered. “Trust but verify.”
  • Recordkeeping – As Allison said during the session, “document, document, document.” Maintaining records related to due diligence is critical to demonstrating that due diligence took place.

Ascendant, CSS’ compliance consulting team, provides all services necessary to meet compliance obligations, including due diligence reviews. For more information, click here


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

Cayman Islands Data Protection Law Nears Taking Effect

Cybersecurity regulations have landed ashore on the islands, and life is about to become anything but a beach for firms forced to comply with the Cayman Islands’ new Data Protection Law (DPL), slated to take effect September 30, 2019. With provisions largely mirroring the EU’s General Data Protection Regulation (GDPR), entities with a presence or … Continued

SEC Risk Alert Puts Spotlight on Principal Trading, Agency Cross Trades

On September 4, 2019, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued another risk alert, this time on “Investment Adviser Principal and Agency Cross Trading Compliance Issues.” While not wildly informative, the Risk Alert summarizes several issues identified during examinations of the last three years and reminds us of … Continued

SEC Issues Guidance to Investment Advisers on Proxy Voting

At its August 21, 2019 Open Meeting, the Securities and Exchange Commission (“SEC”) voted 3-2 to issue guidance to assist registered investment advisers (“RIAs”) in carrying out their proxy voting responsibilities. While the guidance didn’t break a lot of new ground, it clarified the SEC’s expectations for investment advisers in voting client proxies and engaging … Continued