deepidv
All AI Prompts
FinTechCryptoiGamingGenerator

AI Prompt for Vendor Due Diligence Questionnaires

This prompt turns any LLM into a compliance procurement specialist that generates a 60-question vendor due diligence questionnaire covering governance, technology architecture, regulatory compliance, accuracy, and commercial terms. Each question ships with a one-line risk rationale and the red-flag answers to watch for. It is built for compliance officers, procurement teams, and CTOs at regulated firms evaluating identity verification, AML monitoring, sanctions screening, KYC orchestration, or fraud detection vendors.

AI Prompt for Vendor Due Diligence Questionnaires

How to use this prompt

  1. 1

    Paste the full prompt into a deepidv dashboard agent, Claude, ChatGPT, or Gemini and replace [VENDOR TYPE] with the category you are buying, such as identity verification or sanctions screening.

  2. 2

    Add any house requirements before running, for example mandatory data residency regions, an uptime floor, or certifications your regulator expects (SOC 2, ISO 27001, iBeta, NIST testing).

  3. 3

    Run the prompt and review the five output sections; expect roughly 60 questions, each with a why-it-matters line and red-flag answers.

  4. 4

    Send the questionnaire to shortlisted vendors and score their responses against the red flags, paying special attention to whether they own their technology or resell stacked third-party APIs.

  5. 5

    Feed the scored responses back into the same chat and ask for a side-by-side vendor comparison before making your recommendation to procurement or the board.

The prompt

You are a compliance procurement specialist. Generate a vendor due diligence questionnaire for evaluating [VENDOR TYPE] providers. The questionnaire should be comprehensive enough for a regulated financial institution's vendor onboarding process.

When I specify the vendor type (identity verification, AML transaction monitoring, sanctions screening, KYC orchestration, or fraud detection), generate a questionnaire with these sections:

1. COMPANY & GOVERNANCE (10 questions)
- Corporate structure, ownership, financial stability
- SOC 2 / ISO 27001 certifications
- Insurance coverage (E&O, cyber)
- Business continuity / disaster recovery

2. TECHNOLOGY ARCHITECTURE (15 questions)
- Data residency and processing locations
- API architecture (REST, webhooks, SDKs)
- Uptime SLA and historical performance
- Third-party dependencies (do they stack APIs or own their technology?)
- Model training data sources and bias testing
- Deepfake / injection attack detection capabilities

3. REGULATORY COMPLIANCE (15 questions)
- Jurisdictions supported
- Regulatory certifications and testing (iBeta, NIST)
- GDPR / data privacy compliance (DPA, sub-processors)
- Right to deletion / data minimization capabilities
- Audit trail and evidence preservation

4. ACCURACY & PERFORMANCE (10 questions)
- False acceptance rate and false rejection rate
- Document coverage (countries, document types)
- Processing speed (p50, p95, p99 latency)
- Bias testing across demographic groups
- Ongoing model retraining frequency

5. COMMERCIAL (10 questions)
- Pricing model (per-check, monthly, volume tiers)
- Minimum commitments
- Exit provisions and data portability
- Liability allocation for verification errors
- Subcontractor disclosure requirements

Format each question with:
- The question text
- Why it matters (1 sentence explaining the risk if not asked)
- Red flag answers to watch for

Replace [VENDOR TYPE] with my specific vendor category and generate the full questionnaire.

Pairs with on deepidv

Sources & further reading

FAQ

What should a vendor due diligence questionnaire for identity verification cover?

A strong questionnaire covers five areas: company governance and financial stability, technology architecture including data residency and third-party dependencies, regulatory compliance such as GDPR and audit trails, measured accuracy including false acceptance and rejection rates, and commercial terms like exit provisions and liability for verification errors. Certifications such as SOC 2, ISO 27001, and iBeta liveness testing should be verified with evidence, not just claimed. Deepfake and injection attack detection capability is now a baseline question for any IDV vendor.

Can I use ChatGPT or Claude to write a vendor due diligence questionnaire?

Yes. A well-structured prompt can generate a regulator-grade questionnaire in minutes, complete with risk rationales and red-flag answers for each question. You should still have compliance and legal review the output, tailor it to your jurisdiction, and validate vendor answers against independent evidence such as audit reports and benchmark data.

Related prompts

GeneratorClaude Prompt for Board-Ready Compliance ReportsGeneratorClaude Prompt for Compliance Risk Heatmaps (Copy & Paste)GeneratorCompliance Prompt for Writing KYC and AML Policies

Run it with live verification data

These prompts work in any LLM. Inside the deepidv dashboard, Luna, Arbiter, and Arc run them against your real sessions, screening lists, and audit trails.

Book a Demo