A couple of weeks ago, Jessica Rodgers of DLA spoke on the topic of SEC due diligence demands for service providers at a webinar co hosted by MyComplianceOffice and DLA. You can view recordings of that webinar and download the slides here.
During the webinar and in the time that followed the event, Jessica received a number of follow up questions that primarily centered on the practical question of, “So now that I know what I’m supposed to do, how do I overcome the hurdles to actually get this process off the ground?” In this three part series Jessica will break this question down and address the three most common obstacles that her clients encounter when they first try implementing a critical service provider review program.
Hurdle 1) - Senior Management Support
Senior Management Support - Many of our clients and webinar listeners indicated that this is the biggest problem facing them when they try to get serious about formalizing vendor due diligence reviews. Senior management is oftentimes reluctant to allocate time and resources to something that they don’t see as necessary. It is important to emphasize that this is something the SEC has written guidance about and has even included as a requirement in its June 2016 proposed rule making on business continuity plans. In addition, as more and more firms implement vendor due diligence programs, it makes it the norm, increasing the expectation from regulators that an adviser will have this process in place likes its peers do.
But while compliance should focus on the increased regulatory scrutiny in this area, it is also essential to be respectful of management’s concerns about the allocation of time. This is where it is key to allocate resources efficiently - a Chief Compliance Officer ideally should be giving final approval of the vendor selection and reviewing the results and presenting them to senior management. Another resource should create the questionnaires and send out all of the follow-up emails to vendors. Good judgment should be used in appropriately risk rating the firm’s business and exposure, particularly with respect to technology. A two-man private fund that invests in real estate will have a very different risk exposure than a large adviser servicing tens of thousands of retail investors that relies heavily on technology for trading activities. As a result, the number of vendors that are reviewed on an annual basis, the content and level of detail of the questionnaires will differ significantly. It is important to let senior management know that these factors have been taken into account for the review process.
This is the first post in our three-part series titled “Overcoming the Vendor Due Diligence Hurdles". Subscribe to get notified of part 2, "Getting the Service Providers to Respond". Subcribe to get notified of part 2 and 3.
Content written by: Jessica Rodgers of DLA
DLA provides internal audit, forensic accounting, litigation support, compliance and advisory services to over 200 public and private companies in a wide-variety of industries. The compliance team has in-depth experience with financial firms, including broker-dealers, registered investment advisors, hedge funds and private equity funds. Our scope of services range from developing and implementing compliance programs, risk assessment and testing, including annual reviews and mock audits to ongoing advisory and monitoring.
Click to download your free copy of our white paper "Framework for a Third Party Risk Management Program"