Performing a financial health analysis and assessment should be on your recurring due diligence checklist for your third-party and vendor risk management program. With the varying business relationships your organization manages, the challenges of collecting sufficient financial information arise quite often when dealing with private entities.
To address these challenges, it’s important to understand why private entities are reluctant to share information with your organization. From there, your team can work to simplify and streamline your requests to these parties, which may improve your process for collecting necessary financial information for your financial health reviews.
Common Reasons Why Private Vendors Don’t Provide Financial Information
Private vendors vary in sophistication, size, and maturity. Some may be in remote locations, others may be small and employ only a few people, while others still may be extremely cautious in providing any external information to parties outside of their investors, board of directors, and the required regulatory/government organizations, like the IRS.
It’s important to understand that, unless there is a contractual requirement, a private vendor has no obligation to provide financial information to the companies they provide solutions, products, or services to.
Despite these nuances with private vendors, your organization must collect enough financial information to assess and mitigate any risks they may pose. It’s also important to determine whether a private vendor has the sufficient financial viability to perform the services they provide to your organization.
Here are a few common challenges and reasons why private vendors don’t provide your organization with sufficient financial information:
- The vendor doesn’t have a requirement or commitment to share financials with any organization
- The vendor doesn’t want to share due to confidentiality reasons
- The vendor is too small and doesn’t have prepared financial information
- The vendor is non-responsive
- The vendor feels that preparing and sharing financial information for organizations is too time-consuming and arduous
4 Tips to Overcome These Common Challenges with Private Vendors and Financial Information
As part of your third-party and vendor risk management program, your organization should clearly define a strategy for collecting financial information from private vendors. This includes a “multi-pronged” approach with four clearly defined goals that you should strive to implement and achieve.
- Simplify the approach and the asks
From your organization’s perspective, it’s important to define what vendors you want to collect financial information from and perform your financial health assessments on. You should split vendors into representative categories (such as critical, high risk, moderate risk, low risk) and assign types of due diligence documents and information you’d like to collect from each type of vendor.
It may be important (or even required) to collect additional financial information from critical or high-risk vendors, but your requirements may not be the same for low-risk vendors. You should create a streamlined and consistent way of interaction between your vendor categories of vendors as well as an easy-to-follow list of information to collect.
You can start by asking for any prepared financial information, such as an audit report (2 years minimum), internally prepared financial statements (income statement, balance sheet, cash flow statement), a financial viability letter from the vendor’s executive team (CEO or CFO), or a call to discuss financial viability with the vendor. This optionality allows the vendor to pick between simple options and give you the information for your financial reviews.
- Understand and explain the “why”
By defining your program’s financial health review process, your team will better understand why collecting private vendor financial information is important.
When explaining the “why” to private vendors, you can give context to explain and reinforce your need for financial information. This helps eliminate any miscommunication or confusion and will help alleviate their potential concerns regarding their financial information’s confidentiality. You can even sign non-disclosure agreements (NDAs) and ensure that your data handling processes are communicated to your vendor as well.
- Add compliance requirements in your contracts
Before entering any agreements with new vendors, it’s a best practice to include language in your contracts that will require the vendor to provide financial information to your organization on a regular cadence (at a minimum, before signing the contract and then on an annual basis).
From there, your organization can even choose to add service level agreements that speak to specific financial metrics, such as the vendor’s ability to prove that they have at least 12 months of liquidity/capital to sustain its operations and perform its agreed-upon services to your organization.
- Have a backup plan and a failsafe
Your goal to collect financial information shouldn’t be solely reliant on the vendor to provide your organization with the necessary documents. Instead, you need to have simple backup plans and a failsafe that allows your organization to evaluate the financial health risk that may exist with your key private vendor relationships.
These backup plans include using widely available third-party data resources (credit reports as an example) that have some indication of financial health that you can utilize.
Sufficient financial information is necessary to perform adequate financial health reviews and understand the risks a private vendor may pose to your organization. As your organization considers how to improve your collection rate and success with private vendors and their financial information, be sure to consider the tips covered in this blog.
.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
