Skip to Content
TS-RDC-03 Trust & Stewardship Risk, Data & Compliance CORE Compliance v2.9.7

Due-diligence on delivery partners

This criterion assesses whether the organization conducts proportionate, risk-based due diligence on delivery partners, sub‑grantees, and implementing agents. It covers verification of identity, legal status, governance, financial controls, competence, safeguarding, and data protection. It requires explicit go/no-go gating, operational AML/CTF controls, and a risk-tiered monitoring system to protect funds, beneficiaries, and reputation in line with Islamic values.

Compliance 5
  • Identity and legal verification (incl. PSC/beneficial ownership)
    Process Essential
  • Safeguarding/PSEAH minimum standards & verification
    Process Essential
  • Sanctions/PEP/ABAC/AML screening & controls
    Process Essential
  • Data protection (roles, Art.28/26, IDTA/TRA, breach SLAs)
    Process Essential
  • Contracting & clauses (incl. modern slavery)
    Process Essential
Basic 1
  • Programmatic capability
    Process Essential
Good 10
  • Go/No-Go gating & escalation (exceptions register)
    Governance Critical
  • Governance and internal controls review
    Process Essential
  • Financial health and fraud risk
    Process Essential
  • Conflicts of interest & reputational checks
    Process Essential
  • Risk rating & approvals
    Process Essential
  • Monitoring & re‑assessment
    Process Essential
  • Sanctions/PEP match-handling SOP and rescreening cadence
    Compliance High
  • Contract clauses: ABAC, sanctions, DP, safeguarding, right-to-audit, clawback
    Legal High
  • Onboarding training and code of conduct sign-off
    Training Medium
  • Central DD register and issue log with remediation tracking
    Record Keeping High
Better 4
  • Risk-based partner tiering (Low/Med/High with enhanced DD triggers)
    Risk Management High
  • Risk-tiered monitoring plan and payment verification rules
    Monitoring High
  • Standardized DD scorecards and heatmaps
    Transparency High
  • Site/virtual verification and reference checks
    Verification Medium

Related Criteria

TS-RDC-01 Multi‑scenario financial stress‑testing documented TS-RDC-02 Complaints & whistle-blowing mechanism TS-RDC-04 Serious-incident reporting & escalation TS-RDC-05 Cyber-security baseline (NCSC Cyber Essentials – UK) TS-RDC-06 GDPR accountability & DPIA log
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:50.777058

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria