Vendors providing cash management services are typically considered high-risk, so I would recommend reviewing things like incident management policies, business continuity/disaster recovery plans, records of outages and SLA violations, background check policies, hiring practices, and security training procedures. This would be in addition to baseline due diligence like Tax ID, list of subcontractors, and vendor negative news search findings.
Virtual or on-site vendor visits would also be recommended so your organization can get a point-in-time assessment of your vendor's control environment. Site visits give you the opportunity to see which controls are in place and effective, such as physical security, access management, and more.
These types of vendors should undergo a full due diligence review at least annually, and more frequently if there are any performance issues or regulatory changes.
I hope these suggestions are helpful and I'm interested to hear recommendations from our other members.