Vendor due diligence refers to gaining assurance that a vendor or potential vendor is financially stable and ethical and that its corporate structure is sound. Financial institutions use vendor due diligence reports to assess potential vendors before hiring them or to evaluate vendors they already use to ensure they are still stable, ethical, and strong.
Vendor due diligence is essential in financial institutions, not only to decrease threats to business operations and financial stability but also to reduce compliance risk and reputation risk. If banks fail to carry out vendor due diligence, they can suffer penalties or lawsuits if the vendor acts inappropriately or fails to keep the bank’s and the bank’s customer data secure.
For a technology vendor, the bank must evaluate how the vendor handles nonpublic information (NPI), what security systems they have in place, and what corporate structure they have in place. Components of vendor due diligence include conducting financial and legal reviews.
Vendor due diligence reviews need to be conducted at specific points in the business relationship. The initial due diligence review needs to be conducted during the request for proposals. The bank uses the review to evaluate the accuracy and timeliness of the vendor’s responses.
Additional vendor due diligence reviews need to be done at least yearly, when the vendor’s management changes, the vendor files bankruptcy, lays off employees or the vendor has legal actions brought against it. If the vendor risk level changes, risks found in the last review need to be monitored. With real-time vendor alerts, layoffs and other major developments are essential so that the bank can conduct a vendor due diligence review immediately.
Due diligence is an important part of vendor risk management. Vendor management software can streamline the process of vendor risk assessment. With the due diligence completed, the bank has the information needed to make decisions about whether to contract with the vendor or sever the relationship.