Main Content
Securities Compliance Podcast: Compliance in Context

The Securities Compliance Podcast S5:E5 - Building a Third-Party Due Diligence Program

In Season 5 Episode 5 of The Securities Compliance Podcast: Compliance in Context, host and Calfee Partner Patrick D. Hayes reviews an incredibly important topic for all SEC-registered broker-dealers and investment advisers, namely third-party due diligence of service providers – the situations that require it, regulatory considerations, and the basic building blocks for establishing a successful due diligence program inside your firm. In the Headlines section, Patrick reviews the recent SEC rulemaking amending Regulation S-P. The episode wraps up with an installment of History Has Your Back, where an old quote from an ancient stoic might just help you make the best of a bad situation when things in your compliance program don’t go exactly as planned.



Interview With Kevin Gleason

  • Reviewing the importance of third-party due diligence in the investment management space.
  • What are the basic building blocks of a successful third-party due diligence program?
  • What key elements of service provider agreements should be reviewed?
  • What risk factors should be considered when building your due diligence program?
  • What are some of the common situations requiring third-party due diligence and what regulatory considerations should be examined?
  • How can firms make sure to avoid regulatory enforcement in this area?
  • When designing your firm’s due diligence program, what key considerations can help support proper supervision and ongoing monitoring?
  • Are there other business units outside of compliance that should be involved in the process?
  • Establishing a frequency of review that works with your firm’s compliance program.
  • Understanding the value of third-party due diligence and how to navigate challenges in the process.
  • Reviewing practical takeaways and lessons learned.


17:20 – “Does the level of scrutiny need to be the same for someone that provides you some training and content for your employees as it does for someone who executes trades or who performs risk analytics, maybe a fact set? You know, I'm not here to say it does or doesn't, but to be able to provide the same sort of level of rigor, I think, would be rather difficult for firms.” – Kevin Gleason

25:43 – “That is sort of the next step, I think, in the process, which is working on developing a questionnaire. With regards to sub-advisors, at least in my mind they provide a similar service. It may be in regard to different asset types or asset classes. It may be taking different risks, but really, they manage assets on behalf of your clients or on behalf of a fund or account. Where, I think, it’s more challenging is, now you have lots of other service providers outside of that same sort of function, in terms of a sub-advisor. You have pricing services and custodians and you have administrators and others. And so those types of questionnaires look different. You do want to cover, I think, some of the same ground in terms of business continuity, disaster recovery, information security, how information will be transferred to them, and what type of information will be. Really you want to develop a questionnaire. In some cases, it can look very similar for multiple parties. In others, I think it’s very bespoke and specific to that type of service and that type of service provider.” – Kevin Gleason

35:17 – “We obviously have dedicated professionals inside of firms that are charged with running compliance, with designing and implementing the firm's compliance program, but just in the same way that we would say, everybody at the firm practices compliance, right? And we need everybody to buy into that. I think the same thing is kind of true with regard to third-party service providers and how they fit into the overall operations and again, the kind of monitoring and supervision that goes on so that there needs to be collaboration among the people on your team anytime you're utilizing the services of a service provider to be able to provide real-time feedback. And if there are issues that are occurring that those get fixed on a more frequent basis than say once every three years that you send over a questionnaire. Yeah, I think that is important for the audience as a takeaway, right? It's sort of an evergreen process. I refer to it as, you know, to your point, lots of other departments we talked about, is sort of it takes a village. And I realize, depending on the size of your firm, you may not have access to people in audit or risk or separate legal people, but you do need to, I think, draw upon the expertise of the people you have.” – Patrick Hayes and Kevin Gleason

About the Securities Compliance Podcast: Compliance in Context

Introducing the Securities Compliance Podcast: Compliance in Context presented by Calfee, Halter & Griswold, and the National Society of Compliance Professionals and hosted by Patrick D. Hayes, Partner and Chair of Calfee's Investment Management practice.

Designed as a personal master class for the securities legal and compliance professional, this podcast embodies Patrick’s passion to help you put Compliance In Context™ by combining the technical expertise of industry thought leaders and innovators with the practical experience of doers and key decision makers.

Listeners will find the podcast on Apple Podcast, Google Podcast, Spotify, and Stitcher.

The opinions expressed by guest speakers and panelists during Securities Compliance Podcasts may not necessarily reflect the viewpoints of the attorneys and professionals of Calfee, Halter & Griswold LLP or its subsidiaries or affiliates. Calfee’s educational content is intended to inform and educate readers about legal developments and is not intended as legal advice for any specific individual or specific situation. Please consult with your attorney regarding any legal questions you may have. With regard to all content including case studies or descriptions, past outcomes do not predict future results.


Media Contact

Susan M. Kurz
Chief Marketing & Client Development Officer
216.622.8346 (office)
513.502.8950 (mobile)

Subscribe to our Alerts


Jump to Page