Skip to content
Thomson Reuters

The Financial & Risk business of Thomson Reuters is now Refinitiv. Visit Refinitiv.com
All names and marks owned by Thomson Reuters, including "Thomson", "Reuters" and the Kinesis logo are used under license from Thomson Reuters and its affiliated companies.

Customer & Third Party Risk

Is your due diligence data handled with care?

James Swenson

26 Sep 2018

A robotic tape library used for mass storage of digital data is pictured at the Konrad-Zuse Centre for applied mathematics and computer science. Photography: Thomas Peter

How confident are you that customer information passed to your due diligence service provider is handled with care? What does it mean to be accredited with a ISAE3000 certification?  Find out why it is imperative to trust your due diligence service provider.


  1. Serious data protection infringements under the EU’s GDPR are punishable by fines of up to 4% of annual global turnover or 20 million euros, whichever is higher.
  2. The recent Cisco 2017 Cybersecurity Report, which found that 22% of organizations affected by cyber security breaches lost customers, with 40% of them losing more than a fifth of their customer base.
  3. Our Enhanced Due Diligence (EDD) is accredited with ISAE3000 certification by PwC.
  4. With the EDD Ordering platform, you will not need to send sensitive information by email to request background checks of heightened risk customers or third-parties.

Regulators around the world are sending a clear message — personal data needs to be protected and handled with secure measures in place.

From this year, for example, serious data protection infringements under the EU’s GDPR are punishable by fines of up to 4% of annual global turnover or 20 million euros, whichever is higher.

But the impact is much more than just financial; as firms also suffer a loss of customer confidence if they breach the security obligations and standards they agree to put in place.

This was highlighted in the recent Cisco 2017 Cybersecurity Report, which found that 22% of organizations affected by cyber security breaches lost customers, with 40% of them losing more than a fifth of their customer base.

The report, which involved nearly 3,000 Chief Security Officers and security executives, also found that 29% lost revenue as a consequence, with 38% of that group losing more than a fifth of their revenue.

Cisco said that 23% of breached organizations also lost business opportunities, with 42% of them giving up more than a fifth of such opportunities.

Due diligence security

Estimates indicate that as many as 63% of data breaches are traced back to a third-party vendor.

This illustrates the serious implications for the privacy of customers, partners, agents and distributors when you provide their data to your due diligence service provider.

How do you know who accesses personal information when you request the background checks?

And do you know where the data is stored and how exactly it is used to gather the contextual information?

Secure data protection

Our Enhanced Due Diligence is accredited with ISAE3000 certification by PwC.

This confirms that our EDD adheres to the regulations regarding the protection of sensitive customer information.

Our EDD data is hosted in ISO/IEC 27001 and SOC2 certified data centers with disaster recovery plans in place.

All sensitive traffic passes through fully encrypted network communication via HTTPS.

Our enhanced due diligence solution is accredited with ISAE 3000 certification

Regular security scans

With the EDD Ordering platform, you will not need to send sensitive information by email to request background checks of heightened risk customers or third-parties.

What’s more, with the API you can request and receive the checks directly through your own internally secure system.

Security scans are completed on a regular basis so that vulnerabilities are detected and remediated. Scans are done over the infrastructure, on the application as well as having a third-party run penetration tests.

Address the challenges of client onboarding and stay compliant with regulatory demands using our tested, purpose-built application.

All our EDD staff work on fully encrypted devices, undergo pre-employment background screening, security awareness training and are obligated to comply with our Employee Code of Business Conduct and Ethics.

Are you looking for peace of mind?

Third-party risk management: The smart approach Strategies for fighting financial crime The value of Enhanced Due Diligence in 2018 Paradise Papers: What could be the impact on your firm? Coping with commodity price shocks in your supply chain Is data transparency the answer to tackling financial crime? Big Data and RegTech team up in the fight against financial crime How to stop your KYC data going stale KYC onboarding still a pain point for financial institutions Storm warning for supply chains after Hurricane Irma devastation