Vendor Diligence and Management

Third-party risk management (TPRM) and vendor due diligence

Third-party risk management (TPRM) is the process of monitoring, validating, and remediating risks presented by third-party vendors. TPRM helps ensure your vendors protect your data, comply with regulations, and provide sustainable services that meet your requirements. However, vendor risk management can be a costly and time-consuming task. Our vendor management outsourcing service (VMOS) allows your company to offload the vendor due diligence and risk assessment process. Unlike other risk management solutions and vendor management software providers, ACA's VMOS will help your company save valuable time and resources in order to focus on more strategic tasks.

Our solutions

Vendor Due Diligence

Our team administers due diligence questionnaires (DDQs), ensures vendors reply in a timely manner, and provides vendor support.

 

Analysis

Our team analyzes DDQ responses, evidence, and audits to identify vendor risks.

 

Reporting

You can track vendor diligence progress and view findings in our vendor management software platform.

Additional Advisory Services
  • On-site validation
  • On-site vendor due diligence
  • TPRM program development
  • Vendor risk ranking

 

GDPR Vendor Diligence

We can help determine if your vendors are compliant with GDPR requirements, working towards compliance, or have not considered the implications of GDPR. Our vendor management platform includes a GDPR-specific due diligence questionnaire that can be administered as a standalone questionnaire at a reduced rate, or as part of the standard ACA Aponix vendor DDQ.

1 of
Solution Spotlight

Our Vendor Management Software

Our vendor management software allows you to track DDQ progress and vendor risk assessment results. Key features include:

  • Vendor Risk Dashboard — View key metrics (e.g., vendors diligenced, progress of diligence reviews, and vendor comments)
  • Vendor Registry — View vendor data in centralized location (e.g., product lines, type of diligence performed, and contracts)
  • Vendor Risk Matrix — View all risks identified (e.g., ratings, issues), vendor communication, and mitigation/remediation activities
  • Questionnaire Status — Track the completion status of vendor DDQs and on-site reports

Why work with us?

Dedicated Team Of InfoSec Risk Analysts

Our vendor risk assessments are developed and managed by a team of information security risk analysts in ACA’s centralized, cost-effective analysis and review center (the ARC) in Pittsburgh, PA. The ARC’s dedicated VMOS team is overseen by an experienced vendor risk specialist and includes former senior managers in risk management, insider threat specialists, and data security officers from various industries, including financial services, banking, and healthcare. Over 750 clients and 2,000 vendors have chosen ACA to manage their vendor management process and mitigate third party risks.  
 

Our Vendor Risk Assessments

Our tailored, proprietary vendor due diligence questionnaires (DDQ) include over 300 questions and are customized for each vendor type to provide an accurate assessment of possible risks. Topics include:

  • General Data Protection Regulation (GDPR) compliance
  • Cyber awareness training
  • Governance
  • Physical and environmental security
  • Network security, infrastructure, and operations
  • Organizational overview and structure
  • Financials
  • Legal and compliance
  • Vendor management and oversight
  • Change management
  • Cloud services
  • Access controls
  • Mobile device management
  • Resiliency
  • Asset management
  • Data loss prevention

Why ACA?

Clients

750+

Vendors diligenced

2,500+

Latest Insights

brexit 2

FCA Warn of 'Tough, Assertive Approach’ to Brexit TPR Landing Slot Authorisations

The FCA recently warned of "a tough, assertive approach" to financial services firms wishing to continue to operate in the UK post the Brexit Temporary Permissions Regime. Learn more about why this leaves firms at risk of being prevented from initiating further regulated activity in the UK.

Compliance Alert
  • Brexit
  • Compliance
AdobeStock_317630718 1200x900.jpeg

Chairman Gensler Signals an Increase in Scrutiny & Regulation of Private Markets Fund Industry

U.S. SEC Chariman, Gary Gensler, recently signaled increased scrutiny of private markets fund managers. He honed in on the significant increase in the private equity and venture capital fund industry over the last 5 years.

Article
  • Compliance
  • SEC

Michael Borts joins ACA Group as the new Chief Technology Officer

Michael Borts has joined the firm as Chief Technology Officer (CTO) to lead ACA’s technology development, vision, and strategy. In his role, he will oversee all product development for ACA’s award-winning ComplianceAlpha® regulatory technology platform and technology enablement at the firm.

Press Release
  • Regulatory Technology
  • ACA News
abstract black and white looking up at bridge rails

Q4 2021 Regulatory Reporting Deadlines

Regulatory filing submission deadlines for the SEC, CFTC/NFA, and FCA/ESMA occurring from October through December 2021.

Article
  • Compliance
  • Regulatory Deadlines
  • Regulatory Technology
wind turbines and solar panels at sunset

UNPRI’s Next Reporting Period Delayed Until Early 2023

The United Nations-supported Principles for Responsible Investment (PRI) recently announced a delay in the next PRI reporting period, along with the release of 2021 scores and public transparency reports. We outline what this means for firms.

Compliance Alert
  • ESG
  • Compliance
Architectural image - office windows

European Regulator Fines Major Trade Repository for EMIR Breaches

The EU’s securities markets regulator, European Securities and Markets Authority (ESMA), recently fined a major trade repository for eight breaches of the European Market Infrastructure Regulation (EMIR). We examine why it’s vital that firms review the quality of their reporting, including where it is being delegated, to be sure it meets regulatory expectations.

Compliance Alert
  • Compliance
  • Trade & Transaction
  • Regulatory Technology

News

Michael Borts joins ACA Group as the new Chief Technology Officer

Michael Borts has joined the firm as Chief Technology Officer (CTO) to lead ACA’s technology development, vision, and strategy. In his role, he will oversee all product development for ACA’s award-winning ComplianceAlpha® regulatory technology platform and technology enablement at the firm.

ACA Group Acquires Catelas to Create Industry-first 360 Surveillance Offering

The acquisition of Catelas further enhances the holistic surveillance capabilities of ACA’s RegTech platform. Catelas’ patented technology automates the mapping of how people connect and form groups within a firm, isolates collusion risk, and detects high-risk behaviors.

ACA Group and the Investment Adviser Association Announce Strategic Partnership

ACA Group (ACA), a leading provider of governance, risk, and compliance (GRC) advisory services and technology solutions, today announced that it has entered into a strategic partnership with the Investment Adviser Association (IAA), a leading organization dedicated to advancing the interests of investment advisers.

Upcoming events

Common Practices for GIPS® Compliance

ACA has gathered all the common best practices of performance teams complying to the GIPS standards and will discuss the most common question we receive from clients, "What do other firms do?"

Webcast

Compliance Officer: The Roles and Responsibilities - 21 October 2021

The role of the Compliance Officer is a mandatory position in all firms in the Financial Services Industry. They play a major role in assisting Senior Management to ensure that appropriate and effective systems and controls are in place to achieve and maintain compliance with the applicable Rules. While the nature of the Compliance Function is likely to differ from one firm to another, this course provides an easy to follow breakdown of what the Regulator expects of a Compliance Officer and explains, in practical terms how the regulatory expectations and those of Senior Management can be achieved.

Online Training