On Episode 75 of the CCO Buzz, Tina Mitchell, Managing Director of Consultation Services, shares with us her tips for Performing Due Diligence on Service Providers during COVID-19.
CCO Buzz: Hello and welcome back to the CCO Buzz. Today we have an important episode of the buzz that you’ll want to pay close attention to, as we discuss due diligence in the COVID-19 era. We’re lucky to be joined by Core Compliance’s very own Managing Director of Consultation Services, Tina Mitchell. She’s here to discuss the effective inner workings of due diligence in regards to third-party service providers.
So, take it away, Tina!
Tina Mitchell: First let me say that I hope you are staying safe and healthy during this unprecedented time we are in.
One of the things we’re doing at Core Compliance is helping our clients understand what additional compliance considerations are needed during this pandemic and the worldwide shelter in place mandates. The good news is that it seems that most advisory firms have been able to pivot into a remote working environment without much trouble and are working full steam ahead!
And that’s great, but is that also true for your service providers? While it’s going to appear that there are no real issues or interruptions in services being provided, it’s always important in times like these to verify.
Performing due diligence falls under an adviser’s fiduciary duty and it’s an area that the SEC remains very focused on. In times such as this, it’s even more important. So I want to discuss with you what types of service providers you should focus on during COVID-19, as applicable to you, and discuss some of the important areas to review. For service providers, look at the ones that have access to client data and/or provide important services directly to clients. Some of these include:
- Third party advisers or sub-advisers;
- Accounting Firms; and
- IT Provider(s).
When you’re performing the due diligence, you want to be sure [to] focus on areas that are applicable to the current COVID-19 environment. Let me give you an example:
- Business continuity plan – has the service provider had to implement their plan and was there any material issue(s) that arose?
- Privacy and cybersecurity protocols pertaining to personnel working remotely – what additional safeguards were implemented and have there been any recent breaches?
- Supervision of remote personnel – what additional procedures have been implemented to ensure oversight?
You’ll also want to ask about whether there have been any material changes to business practices, and/or if any are anticipated for the reminder of the year. Last but not least, inquire if there have been any material financial issues that came up that would affect the firm’s financial stability, or whether any are anticipated.
Based on the answers you receive you want to determine whether you have a reasonable belief that the service provider has and can continue providing services without material disruption or financial hardship. Also, based on your results, you need to determine whether any follow-up will be needed to confirm their continued ability to perform services.
Performing due diligence can be done in a number of ways. But start by asking the service provider if they have due diligence packages already set-up that address questions pertaining to COVID-19. You also can send questionnaires, have interviews with key personnel, request applicable documents and review them - very similar to when you’re performing regular due diligence.
We’re definitely in unchartered territory, so it’s extremely critical to perform this focused due diligence now to ensure your key service providers can continue services without material issues.
Core Compliance can provide assistance in performing your due diligence, so please contact us at firstname.lastname@example.org or at 619-278-0020, if you have any questions or need further assistance. Thanks, and be safe.
CCO Buzz: Well that’s it for this week’s episode. If you’d like additional information, please check out our website at www.corecls.com. You can also follow us on Facebook, LinkedIn, or Twitter @CoreCls. Thank you, and we hope you tune-in to next week's episode of the CCO Buzz.