RIA Compliance and Practice Management Blog

RIA Compliance Software Feature Release: Vendor Due Diligence Network

Posted by RIA in a Box

Mar 19, 2019 10:22:00 AM

automated RIA third party vendor due diligenceOne of our company's longstanding commitments is investing time and resources to make the RIA in a Box service more valuable to the clients we serve. Since launching MyRIACompliance® in 2014, we have sought to make our service more efficient and higher quality by combining our human expertise with new tools and features. At RIA in a Box, we release new compliance software features and enhancements on a daily basis. Some of our more notable releases in recent months include a new integration with Morningstar Office Cloud and our new regulatory audit prep tool.

Today's Release: 3rd Party Vendor Due Diligence Network

Recently, the Securities and Exchange Commission ("SEC") Office of Compliance Inspections and Examinations ("OCIE") released its 2019 regulatory examination priority list. As has been a recurring theme for a number of years, once again cybersecurity was listed as a top priority. Furthermore, the SEC OCIE staff noted, "Specific to investment advisers, SEC OCIE will… continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.” With the growing dependence on 3rd party service and technology vendors, registered investment adviser ("RIA") firms more so than ever need to ensure that proper 3rd party vendor management and due diligence is a key element of the firm's cybersecurity program. This new RIA compliance software tool helps solve these two industry challenges:

  • For RIA firms:
    • How do you identify third party vendor risk and properly perform and document your due diligence process?
  • For RIA technology vendors:
    • How do you more efficiently address and respond to an overwhelming number of RIA due diligence requests?

In particular, this new tool helps investment advisers to:

  1. Perform proper due diligence before selecting a vendor
  2. Perform proper ongoing vendor due diligence reviews
  3. Conduct a regular vendor risk assessment
  4. Review the vendor's information security documents
  5. Review the vendor's business continuity plan

In the recent press release formally announcing the launch of our new 3rd party vendor due diligence tools, RIA in a Box President, GJ King, emphasized, "Cybersecurity continues to be top-of-mind for the wealth management industry and a trend we see both firms and the SEC focused on in 2019. As we continue to identify pain points for firms and areas we can automate to streamline workflow, vendor due diligence stood out as a way we can collaborate with the industry to solve. We are excited to launch the tool which is the first in a series of upcoming features designed to enhance the cybersecurity and compliance needs of firms." The new Vendor Due Diligence Tool allows vendors to automate documentation sharing and tracking with clients, including documents such as email compliance, data security, and cybersecurity policies. Leading RIA industry technology vendors that have joined the initial launch of this new tool include Morningstar, Redtail, Riskalyze, and Orion.

To access this new feature, the firm's Chief Compliance Officer ("CCO") or any other compliance supervisor, can navigate to the new service provider review tool available to all MyRIACompliance® subscribers:

RIA third party vendor due diligence cybersecurity

Any due diligence activity or information security documents reviewed by the RIA firm will be captured in the firm's digital compliance log:

RIA compliance software log


Other RIA industry technology vendors that wish to gain access to the new RIA in a Box 3rd party vendor due diligence network can join the vendor waitlist here.


Topics: RIA Compliance, RIA Technology

RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.

RIA Compliance & Practice Management

Stay up to date on the latest RIA compliance, operations, and technology topics.

Hear from industry experts as they keep you up to date on the latest regulatory developments and practice management topics.

Subscribe to Email Updates

Recent Posts