Generally speaking, whenever you're required per your due diligence standards, you should attempt to gather financials, whether they are a public company or a privately held company. Obviously, with a public company, it's much easier - they're available! With a privately held company, it's a bit more difficult, some may be unwilling to release them (but, notably, we have seen some softening of this stance as many companies realize that it's sort of necessary if they want to do business in the financial services sector nowadays there are certain pieces of due diligence and analysis financial institutions are going to expect (and are often required) to see)... that's where you may need to seek alternate solutions - a conversation between your financial analyst and their CFO, a webinar between your financial team and theirs, a Dun & Bradstreet report, an accountant's statement, etc... all are potentially viable alternatives, but consider the endgame - what are you trying to accomplish and will you gain relative comfort around their financial health? This certainly isn't to suggest that for all of your low risk vendors you need to insist on financials but certainly for your Critical or high risk ones, you really should be reviewing their financial condition on a regular basis and ensuring that the guidelines for doing so are baked into your third party risk management program. I'd also be interested in hearing from others about your perspectives on this... always eager to share best practices and helpful solutions.
Original Message:
Sent: 09-11-2019 10:17 AM
From: Cory Sawka
Subject: Private Companies - Conducting a Financial Review
When is appropriate to push a private company vendor for financial docs?
Maybe we push them a bit for financial detail when we're onboarding but a much higher % of the contract life-cycle takes place while they're already approved and providing the service. The ongoing monitoring financial check up usually proves that most private companies will choose not to send the details unless it's a dire need and we get senior levels involved on each side.
We usually pull business credit reports and ask them to attest that they are not in threat of bankruptcy which is usually good enough to appease us and our business heads but we don't usually push vendors too hard to provide financial details such as income statements, profit & loss, audited financials, etc. When is it right to do so?