You’re getting ready to do business with a huge industry leader. Why, there’s no need to try to do the usual due diligence, is there? They have to be safe.
I mean, they’re never going to give us the information we need, right, so why bother trying to collect much? Wrong.
Yes, I’ve heard that whole first paragraph many times, but it’s absolutely dead wrong. Bigger doesn’t mean better and no one is safe from risk, such as data breaches (remember Target?). You still should follow – to the extent you can – your normal due diligence process regardless of what the name on the side of their building says.
A recent study by BillingTree on Consumer Finance indicated that the top two areas of importance in signing a new third party are security and compliance. Being an industry leader or brand name fell WAY down the list.
In fact, being an industry leader may mean they try to play the "800 lb gorilla" game and not give up much information. But, it's important that you follow your process and document the effort. You should also be sure to keep your senior management team engaged and informed.
Effort Still Needed
Even if you're looking to work with an industry leader or well-known brand, you still need to put forth effort to get what information you can. Find alternatives to what you can expect to receive – yes, that may be a concession you have to make, but your customers are counting on you, and your board and regulators are expecting you to still make every reasonable effort.
Don’t fall prey to the easy misconception that bigger means better – it just does not work that way. Due diligence and compliance are everyone’s responsibilities, regardless of size or scope.