This week, on episode 25, we discuss the intricacies of Due Diligence performance, as well as best practices when it comes to Due Diligence Investigations.
CCO Buzz: Hello and welcome back to the CCO Buzz Podcast! Wow, I just noticed that we are a quarter into our 100-episode goal. Well, this week, on episode 25, we are joined by Core Compliance’s Senior Compliance Consultant. With his 17 plus years of extensive experience in the securities industry, he discusses the intricacies of Due Diligence performance, as well as best practices when it comes to Due Diligence Investigations.
As a consultant is there any particular regulatory requirement that is consistently missed by RIA firms?
Sr. Compliance Consultant: Yes, I actually have. Many firms that I have been working with are either not performing or don’t understand their requirements to perform Due Diligence Investigations on third-party service providers.
CCO Buzz: What is that requirement?
Sr. Compliance Consultant: Well, in general all types of financial services firms whether they’re investment advisors, Broker-Dealers, or investment companies, are required to perform an initial and annual due diligence investigation on the third-party service providers they use to help them, you know, service their clients and customers.
CCO Buzz: Hmm, so what exactly is Due Diligence Investigation?
Sr. Compliance Consultant: Well, a due diligence investigation can take on many forms but in general, it is an inquiry as to whether or not a third-party service provider has the adequate capabilities, protections and capacity to perform their assigned functions for your clients in a safe and effective manner.
CCO Buzz: That seems like a lot of work. If you are performing this on your service providers, that could be dozens of companies or firms.
Sr. Compliance Consultant: You know, I’m actually glad you brought that up. I get that feedback quite a bit. And what I tell CCOs who ask me this is the intent of due diligence is to protect your clients and customers. Firms should prioritize due diligence investigations to third-party service providers that have the ability to “touch” for want of a better word, their clients’ funds or non-public information.
So, for example your IT provider is a prime example of a firm that can “touch” your clients’ information and you should do due diligence investigations on them. Your custodian would be a prime example of a third-party service provider that could touch your clients’ funds.
CCO Buzz: Ok, you mentioned that a due diligence investigation can take on many forms, what did you mean by that?
Sr. Compliance Consultant: Well, from a high-level, a due diligence investigation can be internal and performed by a firm itself. It also can be outsourced to a firm that specializes in performing these types of investigations. It can also be a very thorough initial investigation which may or may not include an onsite visit, or a less intensive annual follow-up investigation.
CCO Buzz: What kind of things should a firm be looking for when conducting a due diligence investigation?
Sr. Compliance Consultant: Well, it will certainly depend on the type of firm and the services being performed, but in general you would want to inquire as to:
- Background information on the Firm
- The Firm’s qualifications
- Any previous or current litigations
- Any conflicts of interest
- The Firm’s privacy and cybersecurity policies
- The Firm’s Business Continuity Plans
- The Firm’s insurance coverage; among other things like that.
CCO Buzz: That’s a lot to consider, any best practices you can recommend?
Sr. Compliance Consultant: Sure, one is for Firms to create a due diligence provider checklist. This way you have a pre-planned method of performing due diligence with all essential information noted. Another thing, many firms that provide services to financial services firms have pre-made due diligence binders that they can provide for you on request. Having a service provider send one cuts down on the time spent on investigation.
Lastly, I would recommend keeping records of any firms that you reject based on due diligence investigation. This s a good way of demonstrating to regulators the thoroughness of your program. Having due diligence reports on only firms that you work with can seem a little bit like cheerleading.
CCO Buzz: Ok, thanks. Do you have any other closing thoughts?
Sr. Compliance Consultant: Uh, yes. Vendor due diligence is not just a regulatory requirement. Its good business, its taking care of your clients’ or customers’ interests, and it is something that you would want companies that have access to your funds or information to do as well.
If you have further request for information or questions, can feel free to contact us at Core Compliance & Legal Services. Our number is (619) 278-0020.
CCO Buzz: Well that’s it for this week’s episode. If you’d like additional information, please check out our website at www.corecls.com. You can also follow us on Facebook, LinkedIn or Twitter @CoreCLS. Thank you and we hope you tune into next week’s episode of the CCO Buzz.