FinTech Vendor Due Diligence for Financial Services Firms

Introduction

Third-party and outsourcing risk remains a key supervisory focus in the UK, particularly as FCA-authorised firms depend on fintech, cloud and SaaS providers to deliver important services. The question is often less about whether due diligence has been completed, and more about whether firms can show that it was proportionate, evidence-led, and translated into clear contractual protections and ongoing oversight.

This practical, interactive session sets out a structured approach to vendor diligence across the full lifecycle. It focuses on how to build regulator-defensible due-diligence packs, assess data residency and access issues, evaluate AI-enabled functionality and secure software development practices, and design meaningful KPIs for continuous monitoring. The course uses realistic procurement and onboarding scenarios and provides templates that can be adapted to different vendor types and risk tiers.

What You Will Learn

This live and interactive session will cover the following:

• What UK regulators expect to see in fintech and technology supplier oversight
• How to apply a proportionate, risk-based approach and focus effort on the right suppliers
• How to produce a clear, defensible due-diligence pack for audit, senior management and supervisors
• How to address core data questions, including where data sits, who can access it, and third-party involvement
• How to assess whether security and incident handling arrangements are fit for purpose
• How to diligence AI-enabled suppliers, including data use, change controls and governance
• How to judge whether a supplier’s technology practices are robust, and what evidence to rely on
• How to convert findings into practical protections, ongoing oversight and meaningful monitoring measures

Recording of live sessions: Soon after the Learn Live session has taken place you will be able to go back and access the recording - should you wish to revisit the material discussed.