Vendor due diligence (VDD) takes place when a company seeks to buy, partner with or enter into a business relationship with another company. Like the customer due diligence process, vendor due diligence is an important component of AML/CFT, serving to reassure potential buyers that their prospects are financially healthy and present acceptable levels of money laundering risk.
In order to properly conduct the vendor due diligence process, firms must understand what kind of information is required to demonstrate financial health and how that information should be collected.
What is Vendor Due Diligence?
Vendor due diligence is conducted by a target business prior to its sale or partnership. Just as customer due diligence is intended to help financial institutions establish that their customers are being truthful about their identities and determine the level of money laundering risk that they present, vendor due diligence delivers the same kind of information about companies, verifying the nature of their business and their risk of involvement in financial crime.
The vendor (target company) engages a third party to conduct the due diligence process in the form of an audit. The third party should be independent, impartial and qualified to conduct the audit.
The third party conducts their audit on the vendor prior to the commencement of the sale or partnership arrangement.
The third party produces a draft vendor due diligence report on behalf of the target company which is shown to all prospective buyers or partners.
After the sale or partnership arrangement is complete, the buyer receives a final version of the vendor due diligence report.
What Does Vendor Due Diligence Involve?
Vendor due diligence places obligations on both the third-party auditor and the target company and entails a range of crucial business considerations, including AML/CFT-specific factors. The processes and information that the vendor due diligence process requires include:
General target company information, such as geographic location, taxpayer number, operational capacity, incorporation documents, and legal status.
Beneficial ownership of the target company.
The target company’s historical financial information.
The target company’s cash flow, including expenditure on assets.
An evaluation of business risk and projected growth.
The target company’s debt, contingencies and other liabilities.
The target company’s operational compliance performance.
From an AML perspective, vendor due diligence may require that third-party auditors conduct a site visit in order to verify that certain AML procedures and protections are in place. Similarly, checking the legitimacy of a company’s third-party relationships, clients and customers, and speaking directly to those parties, is a valuable due diligence step and useful for the verification of money laundering risk.
In some instances, vendors might be required to complete a due diligence questionnaire about their company in order to clarify or corroborate certain aspects of the audit.
Exceed Regulatory Requirements
Identify risks before they become threats and protect your business. Screen against the world’s only dynamic global database of Sanctions and Watchlists, PEPs, and Adverse Media, in consolidated, structured profiles.
Vendor due diligence primarily facilitates the successful sale (or partnership) of companies and their assets but can also help vendors gain a better understanding of the risks their companies face. In more detail, the objectives of vendor due diligence include:
Providing buyers and partners with certainty over the financial health of the target company and the nature of its cash flow.
Supporting facts, figures and other data offered in the sales memorandum.
Helping vendors make appropriate pricing decisions about their business and its assets.
Reducing disruption during the sales process.
Identifying significant risk issues and other liabilities.
Helping all involved parties execute the sales process or partnership arrangement with speed and efficiency.
Vendor Due Diligence Best Practice
Important factors that firms must consider when preparing for the vendor due diligence process, or engaging a third-party organization to perform an audit, include:
Data collection: The vendor due diligence process will require the collection and management of large amounts of information.
Monitoring: Certain due diligence screening processes, such as negative news media screening, require ongoing monitoring tools capable of capturing a range of data points.
Verification: Information generated and collected during vendor due diligence must be reliably checked for accuracy.
Like customer due diligence, vendor due diligence should be an ongoing process. Firms must be checked at points throughout the sales process, or subsequent business relationship, to ensure that their risk profile has not changed.
Originally published 17 January 2020, updated 27 February 2023
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.