You should also, in the questionnaires, ask for the service providers disaster recovery plan, and cybersecurity policy, and notification of any data breaches in the past year, that may have affected the advisor, or the advisors clients, the vendor should at least provide a summary, if they don't provide the actual policies. You should also ask for a description of any regulatory or legal issues over the last year, and identify any conflict of interest between the service provider and the advisor, or it's clients, and what policies the service provider has in place to prevent conflicts. As mentioned previously, some form of the above should be done on each service provider prior to entering into a contract with them, or if there is an existing relationship on an ongoing basis commensurate with the risk they posse to the adviser's business or it's clients. Next, slide.

In addition, we would also recommend designating a person at the adviser, responsible for following up on completed questionnaire. This often requires a personal call to the vendor to help facilitate the process, as well as reviewing all the documentation received, and conducting additional due diligence, as needed. Everything you receive needs to be reviewed, not just ticked off on a checklist. Also, particularly if there is anything uncovered, like their husband died of breaches, or any type of legal issues. Those are things you'd want to followup, and look into a little more. In addition, if the person cast with this assignment is not senior at the firm, you'll want to have the higher ups emphasize the importance of this review. Next, slide.

We also recommend as part of this process, having an internal questionnaire completed on the service provider. This should seek to confirm that there is not any material negative news, lawsuits, regulatory actions, or sanctions against the service provider from public available sources. This can best be determined if your firm has access to a screening tool such as World-Check, which is incorporated into MyComplianceOffice, or Complinet. Otherwise, you should at least do a simple Google check. You should also review the fees spent on the service provider compared with other competitors in the market to determine if the adviser's clients are getting the best value for their services. However, if you do discover that the service provider isn't necessarily the cheapest on the market, but they bring a certain level of experience or quality to the services they provide, this would be a great place to note that. Next, slide.

In addition, you should also seek to confirm internally, with the appropriate employees that the service provider is adequately meeting the needs of the adviser and its clients. In other words, if they are fulfilling the terms of their contract, their responsive to phone calls, emails, et cetera. You could also consider creating a performance scorecard for this. Also, note, here if there's any face to face contact between the advisor and the service provider, or how often you communicate with them. If this is a new relationship, we would recommend seeking two to four references, and including these in your vendor file. Also, make sure you note any other factors that were important in selecting this service provider, such as hiring a smaller firm instead of a big name client, because you'd be a more important client to them. This will be important when it comes time to review the service provider, again in the future, or to show regulators why you selected this particular service provider over others.