Vendor due diligence (VDD) takes place when a company seeks to buy, partner with or enter into a business relationship with another company. Like the customer due diligence process, vendor due diligence is an important component of AML/CFT, serving to reassure potential buyers that their prospects are financially healthy and present acceptable levels of money laundering risk.
In order to properly conduct the vendor due diligence process, firms must understand what kind of information is required to demonstrate financial health and how that information should be collected.
What is Vendor Due Diligence?
Vendor due diligence is conducted by a target business prior to its sale or partnership. Just as customer due diligence is intended to help financial institutions establish that their customers are being truthful about their identities and determine the level of money laundering risk that they present, vendor due diligence delivers the same kind of information about companies, verifying the nature of their business and their risk of involvement in financial crime.
At a high level, vendor due diligence involves the following steps:
- The vendor (target company) engages a third party to conduct the due diligence process in the form of an audit. The third party should be independent, impartial and qualified to conduct the audit.
- The third party conducts their audit on the vendor prior to the commencement of the sale or partnership arrangement.
- The third party produces a draft vendor due diligence report on behalf of the target company which is shown to all prospective buyers or partners.
- After the sale or partnership arrangement is complete, the buyer receives a final version of the vendor due diligence report.
Vendor due diligence places obligations on both the third-party auditor and the target company and entails a range of crucial business considerations, including AML/CFT-specific factors. The processes and information that the vendor due diligence process requires include:
- General target company information, such as geographic location, taxpayer number, operational capacity, incorporation documents, and legal status.
- Beneficial ownership of the target company.
- The target company’s historical financial information.
- The target company’s cash flow, including expenditure on assets.
- An evaluation of business risk and projected growth.
- The target company’s debt, contingencies and other liabilities.
- The target company’s operational compliance performance.
More specific AML-related due diligence might include:
- Screening for risks specific to the company or the industry in which it operates, such as third-party relationships or the regulatory environment.
- Screening for sanctions, watch lists and other restrictions placed against the company by governments and international authorities.
- Screening for political connections that may expose the target company to a higher risk of money laundering.
- Screening for negative news media against the target company.
From an AML perspective, vendor due diligence may require that third-party auditors conduct a site visit in order to verify that certain AML procedures and protections are in place. Similarly, checking the legitimacy of a company’s third-party relationships, clients and customers, and speaking directly to those parties, is a valuable due diligence step and useful for the verification of money laundering risk.
In some instances, vendors might be required to complete a due diligence questionnaire about their company in order to clarify or corroborate certain aspects of the audit.
Vendor due diligence primarily facilitates the successful sale (or partnership) of companies and their assets but can also help vendors gain a better understanding of the risks their companies face. In more detail, the objectives of vendor due diligence include:
- Providing buyers and partners with certainty over the financial health of the target company and the nature of its cash flow.
- Supporting facts, figures and other data offered in the sales memorandum.
- Helping vendors make appropriate pricing decisions about their business and its assets.
- Reducing disruption during the sales process.
- Identifying significant risk issues and other liabilities.
- Helping all involved parties execute the sales process or partnership arrangement with speed and efficiency.
Important factors that firms must consider when preparing for the vendor due diligence process, or engaging a third-party organization to perform an audit, include:
- Data collection: The vendor due diligence process will require the collection and management of large amounts of information.
- Monitoring: Certain due diligence screening processes, such as negative news media screening, require ongoing monitoring tools capable of capturing a range of data points.
- Verification: Information generated and collected during vendor due diligence must be reliably checked for accuracy.
Like customer due diligence, vendor due diligence should be an ongoing process. Firms must be checked at points throughout the sales process, or subsequent business relationship, to ensure that their risk profile has not changed.