Conclusion – Why and when to perform Vendor Due Diligence?
Why is vendor due diligence required?
In summary, the main purpose of vendor due diligence is to inform risk assessments, and specifically allow firms to:
- Assess whether its customers’ business objectives and requirements can continue to be met through an outsourcing arrangement.
- Evaluate a third-party service provider’s expertise and ability to deliver the services to be outsourced.
- Understand the costs and practicalities of service delivery.
- Ascertain the risks of entering into an outsourcing arrangement.
- Establish a level of cultural and organisational fit with the third-party service provider’s organisation.
When must vendor due diligence and risk assessments be performed?
Initial vendor due diligence and risk assessment must be conducted prior to entering an agreement with an outsourcing or material third-party provider. During the course of the contractual relationship, due diligence and risk assessment must be carried out on an ongoing basis. The frequency of these ongoing assessments will be determined by the risk and materiality of the relationship as well as the nature of the products or services involved and any red flags that may come up.
Firms in scope are required to comply with the Outsourcing and Third-Party Risk Management obligations by 31 March 2022. Outsourcing arrangements entered into after 31 March 2021 should meet the expectations, including those relating to due diligence and risk assessment, by 31 March 2022. Any legacy outsourcing agreements should also be aligned to meet the expectations.
Have you read our responses behind other key questions? You can view them by clicking on the links to the pages below: