Often in the midst of all the rush and excitement about the new project you’re looking to roll out or the new product you’re acquiring, businesses miss out on a crucial component – vendor due diligence.
Vendors carry a gamut of unforeseen risks that could affect your business or derail the project that you are looking forward to. Vendor risks could be as critical as the ability of the vendor to stay solvent during the contract period, or even as simple as non-compliant tax situations making it difficult for your finance team to claim tax credits on the transaction.
And worse, sometimes given the way businesses are structured, you may not even know who you’re really doing business with. It is easy today for businesses with tainted reputations to be back in the market with a different name.
All said, at the end of the day, we always look forward to a successful implementation of our projects and a highly supportive and compliant vendor to get the job done.
What is Vendor Due Diligence?
Vendor due diligence is the process of evaluating a vendor’s or supplier’s suitability and reliability before getting into a business partnership. Vendors are evaluated based on their financial, legal, operational, and other relevant aspects to identify potential risks and ensure that they are able to meet buyers’ needs.
Vendor due diligence helps the employing company or the buyer to make informed decisions about their vendors. Having a VDD process in place assists a company to mitigate risks and establish a productive and mutually beneficial business relationship based on transparency, trust, and accountability.
Why Vendor Due Diligence is important?
A diligence exercise puts you in a better position to negotiate with vendors, onboard vendors quickly and ensure that your project is successful without exposing your business to avoidable risks. A thorough vendor analysis and qualification process need not be time-consuming at all. Yet businesses often don’t implement a solid vendor selection and verification process.
Poor compliance history is often a sign of poor management caliber
With startups and small businesses competing with the big ones in the market today, you would certainly receive proposals for any requirement you may have, be it infra, an IT project, or professional services, from small to medium-sized businesses offering their services at highly competitive prices. This does come with a certain set of risks.
A well-established large vendor will certainly have better processes and compliance, but a smaller one will likely be hungry to deliver a delightful service or solution at a lower cost but carries the risk of potential mismanagement and compliance issues.
However, it is pretty easy to understand how professionally a vendor runs his business, small or big, by researching their state of compliance. Top-level compliance checks should include Incorporation details, Economic Defaults, Solvency, Historic Insolvency Incidents, past name changes, and GST compliance.
A more detailed check should include promoter background, ultimate beneficiaries, and economic defaults in connected companies. Poor compliance history is always a sign of potential mismanagement.
Your vendor’s financial strength is key to their sustainability and your negotiation power
The govt. of India makes available a pristine source of the Balance Sheet and P&L data of all companies incorporated in India called the MCA, the regulator that is responsible to maintain a record of all incorporated companies, their financials, and promoter details. The SignalX MCA struck-off company check will help you to understand who you’re doing business with.
The know-how for accessing this source has largely been limited to Chartered Accountants and Company Secretaries. However, as a corporate compliance or corporate legal team, you can directly access these files on any target all by yourself, if you’re not going through a CA or a third-party service.
Looking into your vendor balance sheets shows you the fiscal health of the company, and gives you an understanding of their appetite to undertake the project given your budget. A quick financial ratio analysis gives you an in-depth understanding of the liquidity position of the vendor and profitability. Doing business with a vendor with poor liquidity will be a cause of concern, and so are economic default incidents by the vendor and its management.
A good vendor reputation helps you develop a sense of comfort
A well-oiled and proven large vendor offers a sense of comfort. With small businesses stepping up their game, customer referrals go a long way in evaluating their capabilities. Ask for referrals and testimonials as part of your vendor due diligence processes. A cursory Google Search check is mandatory these days. Adverse news/signals in the media and social channels should sound cautious.
Any full-stack due diligence service provider will offer an adverse media screening service. Unfortunately, all it takes is a few forms for any business to change its name and re-enter the market. A thorough MCA check helps you figure this out very easily.
Highly litigious vendors are always looking for trouble
No one likes highly litigious vendors. As simple as that. Today, it is very easy to get a quick snapshot of the litigation history of any given vendor and its promoters. Almost all court and tribunal data is available online. A good vendor due diligence partner can run checks across all the high courts, tribunals, and the supreme court in under a few hours.
Yes, litigations occur all the time, but highly litigious entities can be a pain to work with and are better avoided. Adverse litigations or criminal complaints against the company or its promoters are to be watched out for.
Lastly, don’t get in trouble with the regulators
Doing transactions with Sanctioned Parties is like shooting yourself in the foot. The Government strictly requires all regulated businesses to validate their counterparties against the UN Consolidated Sanctions list. Even if you’re a nonregulated business, doing business with a Sanctioned Party could put you on the radar of various agencies and regulators across the globe and could potentially cause business disabilities in the future, particularly when you are expanding into markets that have strict compliance requirements such as the UK, USA or the EU.
It takes not more than a few minutes to run a high-level check against available sanctions lists if not all at least the UN consolidated list which is the only sanctions list recommended by the RBI.
Politically Exposed Entities are often subject to additional scrutiny since they are susceptible to being bribed. Regulators often scrutinize PEPs to understand the source of their funds. If your vendor is owned and operated by a PEP, you may want to take additional precautions by having a watertight service contract, proof of service delivery, tax compliant transactions so that you don’t get hounded by the regulators 5 years down the line.
What is a Vendor Due Diligence Policy?
Just like any other policies within an organization, a vendor due diligence policy is a set of guidelines developed by a company to ensure they perform thorough and consistent due diligence on their vendors and suppliers.
Typically, the vendor due diligence policy outlines the criteria and standards for assessing a vendor’s suitability and reliability and specifies the roles and responsibilities of the people and departments involved.
Following are some factors that are generally included in a vendor due diligence policy:
- Scope: Identifying which vendors or suppliers will be subject to and required to go through a due diligence process.
- Criteria: Determine the factors and criteria to be considered when evaluating a vendor’s financial, legal, operational, and other aspects.
- Process: Setting up the steps, procedures, and analysis methods for conducting due diligence on vendors.
- Roles and responsibilities: Defining the roles and responsibilities of the individuals and departments involved in the vendor due diligence process.
- Documentation: Stating the requirements and guidelines for documenting and storing vendor due diligence records and reports in a secured environment.
- Monitoring and review: Developing processes for monitoring and evaluating vendors’ performance and compliance. The monitoring frequency can be determined by the company based on the risk profile of the vendors, the sensitivity of the shared data, and vendor performance.
What is a Vendor Due Diligence Report?
A vendor due diligence report includes information about the vendor’s financial performance, ownership structure, significant individuals(involved), legal and regulatory compliance, information security measures, environmental and societal effects, and other relevant issues.
Buyers and clients use vendor due diligence reports to gain a comprehensive understanding of a vendor’s strengths, weaknesses, risks, and opportunities and to decide whether to proceed.
The vendor due diligence report is a valuable resource for risk mitigation and ensuring that the vendor can meet the requirements and standards mentioned by the employer. It can also help the company in the development of a successful and mutually beneficial business partnership.
Vendor Due Diligence Checklist – 11 Strategic Checks
Ease of execution and speed is of the essence for the following vendor due diligence checklist. This will in no way constitute thorough diligence. That said, this is a starter and you could incorporate these in your vendor onboarding SOPs.
1. Vendor’s Promoter Profiles
Vendors with no public promoter profiles on their website or on LinkedIn could be dubious. Genuine companies tend to have an executive quotation or basic profile of their management on the marketing assets.
2. Director appointment dates
If the third party is an India-based entity, the govt. makes available various resources that you can use to validate vendors. One such resource is the MCA portal. Moreover, you can also use the SignalX MCA struck-off company check tool to find details on all the directors of the entity and their appointment dates.
Firms with freshly appointed directors could mean there has been a recent management change.
3. Age of the business
A cursory search on the MCA also throws up the date of incorporation of the business. Vendors who have weathered 5 years or more in the market could potentially be less risky compared to freshly incorporated entities when it comes to internal operating procedures and client relationship management.
4. Incorporation Structure
A business that is incorporated as a Private Limited entity is much better organized from the point of view of compliance compared to one that is a Partnership or Sole Proprietorship.
If you’re unable to find the company in the MCA portal, you may want to check with the vendor on their incorporation status. Accounting, Audit, and Legal firms operate on a partnership model, but your enterprise software vendor must be a Private Limited firm.
5. Credit Scores
Given the size of the order that you are looking to execute with the vendor, it may call for a credit check. Various credit rating providers make credit profiles publicly available for you to check. If the company has not been rated, you can use a service like SignalX to dig into their financial health or request the vendor to get rated. The latter would take its sweet time.
6. Cursory Media Checks
A general search on Google News will throw up media mentions. A quick review for anything adverse will be handy. Criminal litigations against the firm for abuse or fraud would count as adverse. Civil litigations are a normal affair for most companies as they grow.
7. LinkedIn headcount checks
Checking for headcount is important to understand the vendor’s bandwidth. LinkedIn a great source for doing this. Look up the vendor’s company page and it would show you the number of their employees registered on LinkedIn.
A more formal way of executing this is to fetch the data from the labor department. This would take a bit of effort but it is available for you by default on SignalX.
8. Business Website
Something as simple as a website tells quite a lot about the partner. If they are an enterprise software service provider, in today’s time there is no excuse for not having a website or having a poorly maintained one. Well-run firms have well-maintained websites and social pages.
9. Client lists and testimonials
Client testimonials put up on a website are a good validation. However, you may also ask your vendor for client references if not mentioned. A solid client reference or testimonial goes a long way in vendor validation.
10. GST compliance
You can use the SignalX GST verification tool to run a cursory check on the vendor. Check their filing table for the last filing. If this is more than 6 months ago, the vendor is already in critical default and you will not be able to claim your full tax credits. If such adverse default is present, you may want to ask your vendor to update their GST filings before onboarding.
11. Glassdoor & Google reviews
Too much adverse feedback on Google and Glassdoor could be a cue for concern. Reading through these to identify any adverse signals is a worthwhile initiative. Although, it is to be noted that review platforms are often filled mostly with negative reviews but adverse feedback by more than a few individuals could mean a possible reputation risk.
Building a well-oiled Vendor Due Diligence Solution with SignalX
The data from regulators are noisy and can take a great deal of effort when sorted through manually. For most businesses, it is a good practice to run vendor verification once every six months. Regulated businesses may require a more routine updation of vendor profiles.
Thankfully, we have automation and AI to do the mundane job for you so that you can focus on the project you’re looking to execute and not spend hours slogging through vendor compliance data.
With SignalX’s Vendor Due Diligence solution, you can ensure that your company always stays compliant, reduce vendor onboarding TAT, and most importantly keep a regular eye on the risk factors and mitigate them early on.
Want to improve your vendor due diligence process and shield your business from risks? Book a meeting with us to find out how we can make that happen.
Frequently Asked Questions
Ques: What is included in vendor due diligence?
Vendor due diligence usually entails a thorough evaluation of a vendor’s business operations, financial stability, compliance with the law, and general eligibility to deliver the required services.
Reviewing the vendor’s financial accounts, checking their quality control procedures, evaluating their information security and data privacy policies, and verifying their adherence to legal and regulatory standards can all be part of this process.
An organization’s expectations for quality, dependability, and security must be met by the vendor, therefore vendor due diligence is to detect and manage any risks that may arise from working with a third-party vendor.
Ques: Why is it important to evaluate a vendor?
The evaluation of a vendor is crucial to ensure that they are capable of providing the required services, and it helps to identify and manage potential risks when working with third parties.
As a result, an organization can potentially reduce disruptions in supply chains, financial losses, reputational damage, and non-compliance with legal and regulatory obligations.
Ques: What are the 3 principles of due diligence?
The three principles of due diligence are:
Verification: A process for checking the vendor’s information for accuracy and completeness.
Investigation: Examination of the vendor’s policies, procedures, and practices to ensure they comply with the organization’s requirements.
Disclosure: Providing senior management or the board of directors with information on potential risks or issues associated with engaging the vendor.