The Red Flag Group®

Don’t expect the business to manage third party onboarding tasks

Don’t expect the business to manage third party onboarding tasks

This article describes how the business is not always the most suitable partner for executing third party onboarding and administrative tasks related to the due diligence process. In this article, we will outline the reasons for this, what the consequences are when the business is forced to manage onboarding tasks, and how outsourcing of third party onboarding is one way to help all parties involved – from the business to compliance.

Compliance departments typically rely on the business to manage key third party onboarding tasks, such as assigning due diligence questionnaires to third parties, reviewing questionnaires and alerting compliance when further inquiry is needed. Third party onboarding processes are often designed in this way, under the assumption that the business owns the third party relationships and therefore should also manage the onboarding activities. The prevailing thought process was - if the business is interested in retaining a third party, then it will be motivated to execute the onboarding process as well.

But for many organizations, asking the business to manage onboarding tasks has not worked as well as expected. In most companies, the business simply doesn’t have the capacity to manage time-consuming onboarding activities. In some companies, the business may not have a full appreciation for the importance of a due diligence process, or does not completely understand the impact of failing to thoroughly vet a third party before engagement.

Whatever the reason, compliance departments would be better served by not expecting the business to manage time-consuming onboarding activities. Compliance should instead outsource these activities to a trusted and qualified professional services firm, and let the business do what it does best – identify valuable business partners and generate revenue for the organization.

Why the business struggles to manage onboarding activities

Compliance should stop expecting the business to consistently manage third party onboarding activities, because these tasks are often time-consuming, and require compliance technology and due diligence expertise.

The following diagram provides an overview of the basic steps in a third party onboarding process.

Tasks such as “upload third parties into the technology platform and conduct screening”, “assign and review third party questionnaires”, and “Order due diligence” are usually managed through a compliance technology platform. While these platforms are typically easy to use, a certain level of training is required for proficiency. Reviewing questionnaires, identifying red flags and determining whether enhanced due diligence is needed are tasks that require a certain degree of compliance and due diligence knowledge, which the business will not always have. The global business force can be trained on these two endeavors; however, compliance resources are limited, and time spent on training will be taken away from more strategic and higher priority tasks.

What happens when the business struggles to manage onboarding tasks

When the business struggles to manage onboarding tasks, several consequences result, including:

  1. Slower third party turnaround time, which impacts revenue opportunities
  2. Improper third party vetting, leading to increased legal compliance risk
  3. Compliance wastes time and resources, and cannot focus on higher priorities

First, when the business struggles or fails to properly complete third party onboarding tasks, the turnaround time to sign up or register a vendor is delayed. When the business attempts to work with purchasing to onboard a vendor and due diligence has not been completed, the onboarding process will be delayed and the business is impacted. Without an important vendor onboard, key revenue opportunities cannot be fulfilled as quickly, and the whole organization is impacted.

Second, if the business does not properly vet a third party, and the third party is nonetheless engaged or renewed, legal compliance risk for the organization increases. For example, some organizations require their business sponsors to complete a post-questionnaire review or “worksheet” on the third party to analyze red flags. Often, these questionnaires or worksheets are designed by compliance and ask difficult questions such as whether the third party presented any red flag responses to the questionnaire, whether an actual or apparent conflict of interest exists, or whether any sanctions or export controls laws would be violated. These are incredibly important questions, but the business will not always have the time or skills needed to properly answer them, especially when their primary interest is in onboarding the third party as quickly as possible. If the business does not accurately answer these questions and the third party is still retained, the legal compliance risk to the organization increases.

Third, compliance does not have the time to constantly monitor the business’ management of third party onboarding activities. Some compliance departments now require their own team members to manage key onboarding tasks on behalf of the business. This is not a scalable solution, as the compliance function usually has a small headcount in proportion to the number of business sponsors and third parties. When compliance spends more time managing onboarding tasks, it has less time to spend on higher priority tasks such as risk assessments, remediation, and training.

How outsourcing can help

Outsourcing key onboarding tasks to a qualified professional services firm can help an organization in several ways. Below, we have reproduced the diagram setting out a basic third party onboarding process, and highlighted tasks that can be outsourced in blue.

As shown, the sheer number of activities that can be outsourced to a professional services firm indicates that organizations will save the business and compliance teams time and resources. But more importantly, a professional services firm will have a large team of cost-effective, compliance professionals who are experts in compliance technology and due diligence. These teams can easily scale based on the organization’s third party volume, activity and due diligence requirements, and can offer other benefits such as the ability to communicate directly with third parties and conduct reviews in local language.

By outsourcing, an organization can overcome the challenges presented in the previous section, including:

  1. More capacity for the business to focus on revenue generating activities vs administrative tasks
  2. Reduced legal compliance risk through more accurate third party vetting
  3. More time for compliance to focus on higher priorities

First, the business will have greater capacity to focus on revenue generating activities if the third party onboarding process is outsourced. A qualified professional services firm can manage the process more efficiently because of their dedicated teams, and compliance technology and due diligence expertise. By outsourcing most onboarding tasks, the business simply needs to submit third parties for processing and present evidence of successful due diligence prior to contracting. The rest of their time can be focused on generating revenue for the organization.

Second, a professional services firm can conduct more accurate third party vetting than the business, which will minimize legal compliance risk to the organization. A professional services firm can conduct media checks and questionnaire reviews of third parties in English and local language, monitor third parties on a continuous basis, and escalate red flags to the organization’s compliance team quickly.

Third, outsourcing can save compliance department time and resources, as they will no longer need to spend hours monitoring the business’ handling of third parties. As a result, compliance can allocate existing resources more efficiently and focus on higher priorities.


The former best practice of burdening business teams with managing time-consuming onboarding tasks may be ending. While the business owns relationships with its third parties, it is usually not in the best position to manage onboarding. Instead, the business should spend its time doing what it does best – generating revenue and closing deals. As we move forward, a new trend of outsourcing third party onboarding tasks is emerging. Compliance departments that seek to build the most efficient, thorough programs, and that want to manage their own resources more carefully, should consider looking into this option.