SEC Due Diligence Demands -

Identifying Your Critical Service Providers

Identifying Your Critical Service Providers

The SEC requires that you conduct due diligence on your service providers to protect yourself from exposure to risk and your organization from potential regulatory fines. This webinar was hosted with Jessica Ruby of David Landau & Associates, LLC on Oct 27th.

 You can download a full copy of the slides from this webinar.


Full video transcript available below:

Okay. Step number one, identify your critical service providers. The SEC does not have a formal definition of critical service providers. However, in the proposed Advisor Business Continuity and Transition Plan rule making, the SEC gives guidance as to who is a critical service provider. They say, "We would generally consider critical service providers to at least include those providing services related to portfolio management, the custody of clients assets, trade execution, and related processing, pricing, client servicing, and, or record keeping, and financial and regulatory reporting." Next slide.

What does this mean in practical terms? We recommend asking the following questions when determining whether or not a service provider is critical. Do they touch client assets? Do they have direct, daily contact with clients? Do they have access to client personal information? Would their failure cause a significant business disruption to the operations of the advisor or clients? Does the client spend a significant amount of money on their services? Are there ready backups or alternatives to the service provider? Next slide.

Depending on your firm's business model, these could typically be any or all of the following. Attorneys, brokers, custodian banks, administrators, pricing services, technology vendors, IT service providers, compliance consultants. You do not need to do any formal reviews on lunch delivery, or office supply vendors, or those types of service providers. Next slide.

Next we need to develop as a second step, a process for conducting initial and ongoing due diligence. Ideally this should formalized as written policy and procedures in your firm's compliance manual. Next, you would need to determine the frequency, for this review. You should always conduct an initial due diligence review prior to entering into a relationship with a vendor. We then recommend doing a review of critical service providers on an annual basis. However, you don't need to review every service provider, every year. You should determine the risk associated with each service provider, as well as the date the service provider was last reviewed. Whether there was anything negative uncovered in this review, or whether there have been any significant staffing, ownership, or procedural changes to the service provider in the last year.

A tool, like MyComplianceOffice is great for setting up a reminder for this assignment on your compliance calendar, as well as for keeping track of all the vendors, their risk levels, and the results of any reviews.


This webinar was co-hosted with DLA. To learn more visit

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download