Due Diligence and Ongoing Monitoring

When it comes to financial market  intermediaries, the following types usually come to mind - Banks, Mutual funds, Financial Advisors and Insurance Companies. Often, when the FMI is a large institution, say a national bank, it is doubtful that they will participate in due diligence and ignore requests to complete questionnaires or provide documents when requested. The lack of response is not unusual for large companies due to the number of due diligence requests made; they cannot possibly service them all.

There are two strategies you can use to try and obtain the necessary information.

First, your business line owner will likely have a relationship with a representative of the company. If that is the case, instruct the business owner to work with their rep and get the documents or at least arrange a meeting with the vendor so that you can review the necessary documents if they are unwilling to provide a copy. If you can arrange this, it is suggested to limit the review to the absolute most critical documents. Meeting your risk requirement is part of the service so they should work with you on ways to provide the necessary information you need.

If that fails, you can try searching the internet for policies and other information required for due diligence. Search terms should include the name of the organization and the document you are seeking.  For example, 'Big Bank' Privacy policy or 'Big Bank' SOC 2 type II report.  Often, you will be able to get at least some of the information or instructions on requesting or accessing it.  Keep in mind that public companies must disclose their financials.

I hope this information is helpful, but would love to hear suggestions from other members.