Re-thinking Vendor Due Diligence in the “New Normal”

The ongoing remote work environment necessitates changes to the vendor due diligence process. We explain why.

>Re-thinking Vendor Due Diligence in the “New Normal”

Re-thinking Vendor Due Diligence in the “New Normal”

By | 2021-01-14T14:21:51-05:00 January 12, 2021|Cyber Security, Legal Fund Administration, Registered Funds|
Introduction

Performing due diligence on vendors is a critical risk mitigation measure. For fund sponsor and investment managers, vendors should act as an extension of your business, and as such, it’s important to gather the necessary intelligence about their processes, people and so on. The pandemic has impacted not only how vendor due diligence is performed (i.e., remotely!) but also the questions that should be asked.

In light of these challenges, Ultimus recently partnered with NICSA to host a webinar entitled, “Vendor Selection in the New Normal.” As moderator of the webinar, I guided three fund industry panelists through the discussion:

  • Andi Mullins, an Independent Trustee for Valued Advisers Trust, a mutual fund Board
  • John Detweiler, Managing Partner at ParkLexington Advisors, LLC, a consulting firm
  • Steven A. Yadegari, Chief Operating Officer and General Counsel at Cramer Rosenthal McGlynn, LLC, an investment adviser

Through our discussion, one thing became clear: it’s not just about “vendor selection” in the new normal, it’s about “vendor assessment” in the new normal. Read on to learn our panelists’ suggestions for performing remote due diligence – on new and existing vendors. Fund sponsors, for example, can incorporate these recommendations into their review of service providers, including Fund Administrators.

The panelists agreed that in-person due diligence is optimal, but also agreed that there are many ways to mitigate the inability to meet vendors face-to-face. Read on to learn our panelists’ observations about vendor due diligence in the “new normal.”

Enhancing due diligence…remotely

In times of crisis, like the Covid-19 pandemic, a lot can be learned about a firm’s leadership, staff, culture and processes. All elements, including business continuity plans, are put to the test. By making some insightful changes to your vendor due diligence process, you, as a fund sponsor, can feel confident in assessing vendors, even in a remote environment.

 Aligning vendor due diligence with the times
  1. Update your current due diligence or RFP questions

Our panelists were surprised that many businesses have not revised the questions they pose during vendor due diligence. Following are some of the panelists’ suggestions; these are likely to remain relevant, irrespective of a pandemic or non-pandemic environment.

Ask about the vendor’s work from home protocols.

The panelists focused on the challenges of maintaining data and cyber security, proper levels of supervision, and a strong culture. A vendor’s business continuity plan generally addresses these items. But it’s important to assess if the controls and procedures are appropriate for an ongoing work-from-home environment. Specifically, evaluate changes that have been made to processes and procedures and compare them to SOC1 reports.

  • Data security: How is client data kept private in a home environment? Where is the data stored? How is it accessed? What protocols are in place for non-digital deliverables? For example, how is record keeping performed? If documents are printed, how are they destroyed?
  • Cyber security: As with data security, vendors have long had cyber security measures in place. How, if at all, have vendors revised these measures to maintain cyber security in a work-from-home environment? Are there different processes for the work-from-home environment? What are the vendor’s protocols for using company computers vs. personal computers?
  • Supervision: It’s important to understand how staff is being supervised in a remote work environment. Does the firm have process checklists and policies? Are there review and escalation procedures? How do they ensure proper supervisory techniques?
  • Culture: Maintaining culture and engagement can be difficult when staff cannot meet face to face. How does the vendor attract and maintain an engaged workforce without the use of centralized locations? What processes and activities has the vendor implemented to maintain its culture.

Ask about the vendor’s long-term viability – both financially and operationally.

The panelists also pondered the pandemic’s long-term impact on service providers. Have the economics of the firm been affected by a remote environment? What does the future look like? Operationally, how long can the vendor remain remote?

Ask about the vendor’s own due diligence processes.

The panelists noted that during these times especially, but relevant always, you’ll want to know that the vendors of your vendors are stable. Ask questions about what your vendor is doing for due diligence and oversight of its own vendors.

  1. Speak with references

To understand the impact of the pandemic on a vendor, our panelists suggested sourcing your own references. Ask your source(s) about the vendor’s service levels pre- and post- the start of the pandemic. Focus on timeliness, quality and interactions.

  1. Meet your specific providers (virtually)

Even in times of remote working, the panelists noted it’s important to “meet” the individual(s) who will directly service your firm. And for fund sponsors that means meeting the people who will service your fund and your shareholders. Get to know them. Virtual meetings, with cameras on, are the next best thing to meeting in person, as you can still get a good feel for an instinctive comfort level with the professionals handling your business.

Diligent Decisions

The work-from-home environment has necessitated process changes for most businesses. For fund sponsors, now is the time to rethink your vendor due diligence conversations and query whether these conversations should be had with existing vendors such as fund administrators. While the work-from-home environment has created challenges, there remain ways to perform thorough assessments.

At Ultimus, we have heard from fund sponsors who have reviewed their service providers during this time and found certain providers to be lacking in essential service levels. In this remote environment, we have also seen an increase in the use of consulting firms to help fund sponsors and boards with provider evaluations. As a result of these evaluations, various fund sponsors have made strategic decisions to select more reliable service partners for the long haul, service providers that provide more value and higher quality service.

In the end, we believe the best practices presented here for vendor due diligence in the “new normal” will lead to more informed, transparent and dutifully diligent relationships during and post the pandemic.

11797647 1/8/2021

About the Author:

EVP, Chief Legal and Risk Officer for Ultimus Fund Solutions