SEC Due Diligence Demands - Documenting Your Results & Regulatory Guidance

Documenting Your Results & Regulatory Guidance

The SEC requires that you conduct due diligence on your service providers to protect yourself from exposure to risk and your organization from potential regulatory fines. This webinar was hosted with Jessica Ruby of David Landau & Associates, LLC on Oct 27th.

 You can download a full copy of the slides from this webinar.


Full video transcript available below:

The results of the initial and annual reviews should be documented and shared with senior management. This can be in the form of a memo or PowerPoint presentation. You should also save all the questionnaires and supporting documentation through future reference and as evidence of review. Next, slide.

The SEC has repeatedly brought up the importance of vendor management in it's cybersecurity and business continuity plan guidance letters. The SEC indicates that examiners may assess how vendor relationships are considered as part of the firms ongoing risk assessment process, as well as how the firm determines the appropriate level of due diligence to conduct on a vendor. Furthermore, the SEC believes that firm's should have a written contingency plan for managing the response to potential disruptions under various scenarios, such as conflicts of interest, systems failures, or bankruptcy or business failure of the service provider. The review process we discussed to day of identifying your firm's critical service providers, and conducting due diligence will help you prevent business disruptions, and be prepared when they do happen, as well as be ready to demonstrate this to regulators. Next, slide.

In creating their guidance, the SEC has noted that some of the largest data breaches over the last two years have resulted form the hacking of third-party vendor platforms. In addition, in August 2015, hundreds of mutual funds and exchange traded funds, or ETF's, were affected by a systems malfunction at a financial institution that prevented it from calculating accurate NAV's for thee funds. As a result, the critical service provider was unable to deliver timely system generated NAV's or to publish current ETF baskets for certain clients for several days. The SEC's guidance and potential business continuity plan rule, requiring vendor due diligence is designed to help prevent disasters like this.

 This webinar was co-hosted with DLA. To learn more visit

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download