The following guidance and Frequently Asked Questions (FAQs) outline when due diligence checks on third parties are necessary, how to use the Due-Diligence-Questionnaire-for-Funded-Research-Third-Parties.docx and what to expect from the Research Support and Compliance Division independent risk assessment process.

Partner Due Diligence

Should we review a third party organisation if there is no financial relationship?

Under the University's Relationships Policy, due diligence must be undertaken for each new relationship and activity. As the level of review required may vary depending on the circumstances, you should contact your relevant Due Diligence Coordinator for guidance. 

If the relationship with a third party organisation does not involve any transfer of research funds from an externally funded grant or contract, then there is no formal requirement to undertake additional and enhanced review under the funded research framework. 

What is the difference between Relationships Policy Due Diligence Reviews and the Due Diligence Framework for Funded Research Third Parties?

Due diligence should always be undertaken in the first instance in accordance with the University's broader Relationships Policy, which applies to all new external relationships and activities. The level of due diligence required will depend on the nature of the proposed activity, the associated risks, and the profile of the external organisation. If you are unsure what checks are required, please contact your relevant Due Diligence Coordinator for advice. Further information is available on the Relationships Policy webpages. 

The Research-Third-Parties-Framework-for-Managing-Due-Diligence-(1).pdf builds on this initial review by setting out additional due diligence requirements that apply specifically to externally funded research activities. Developed by the Research Support and Compliance Division to meet funder requirements, the Framework should be applied once the appropriate organisational and activity-level reviews have been completed under the Relationships Policy. 

The Framework defines the enhanced due diligence checks required for Third Parties involved in research collaborations where Imperial transfers funding to an external organisation. It also clarifies institutional responsibilities for assessing, approving, and monitoring these relationships. 

In summary, the Relationships Policy provides the University's overarching approach to due diligence for all external relationships, while the Due Diligence Framework for Funded Research Third Parties introduces additional requirements for research collaborations involving funded Third Parties. 

The Framework is necessary because many research funders require lead institutions to undertake, document, and retain evidence of due diligence on organisations involved in funded research. As the lead institution, Imperial is responsible for selecting appropriate Third Parties, distributing funds, monitoring activity, and ensuring compliance with funder requirements. 

Failure to manage Third Party risks effectively may expose the University to financial, regulatory, legal, and reputational risks, and could jeopardise current or future funding opportunities. The Framework therefore provides a consistent and proportionate approach to assessing and managing Third Party relationships, helping the University meet its obligations while supporting successful research partnerships. 

For queries about the Relationships Policy contact Division of the University Secretary (email: RRC@imperial.ac.uk) 

For queries about the Due Diligence Framework for Funded Research Third Parties contact Research Support and Compliance Division (email: rs.compliance@imperial.ac.uk 

Due Diligence Questionnaire for Funded Research Third Parties

Once broader organisational and activity reviews have been completed in accordance with the University’s Relationships Policy, any research partner to which Imperial will transfer funds must undergo an additional enhanced due diligence process. This is achieved through completion of the Due Diligence Questionnaire for Funded Research Third Parties. 

The questionnaire has been developed to support Principal Investigators (PIs) in assessing a broad range of risks associated with funded research partnerships, including financial, reputational, ethical, safeguarding and geopolitical considerations. It is accompanied by comprehensive guidance notes that explain each question, provide links to relevant University policies, and highlight key areas for review. 

The questionnaire should be completed by the PI with support from their Department and direct input from the third-party organisation. A separate questionnaire must be completed for each third-party organisation involved in the project. 

The questionnaire should be completed before the agreement with the third party is finalised. This will allow sufficient time to assess any identified risks and implement appropriate mitigating actions, such as amendments to the research sub-agreement or enhancements to the Department's project management and oversight arrangements. 

The Due Diligence Questionnaire for Funded Research Third Parties asks for project details and considers the following risk areas: 

  • Financial probity. 
  • Nature of the third party relationship and ability to deliver. 
  • Ethics and integrity. 
  • Political, economic and geographical risk. 
  • Additional information that may affect the project's aims. 

As part of the due diligence process, the PI should consider how suitable the third party organisation is to deliver the proposed work. This can also help to strengthen the case for support on the research proposal so it is important to explain: 

  • How the relationship with the third party organisation was established? 
  • Why they are the most suitable third party organisation to undertake the work? 
  • How you intend to develop the third party relationship and monitor their project deliverables? 

Completed questionnaires should be sent to rs.compliance@imperial.ac.uk for independent assessment by the Research Support and Compliance Division.  

Which organisations are exempt from the Funded Research Third Party Due Diligence?

Under the University's Relationships Policy, due diligence must be undertaken for all new relationships and activities. The nature and extent of the due diligence required will depend on the specific circumstances of the relationship and the associated risks. If you are unsure what checks are required, please contact your relevant Due Diligence Coordinator for guidance. 

The organisations listed below are exempt from additional and enhanced due diligence checks for funded research third parties: 

 

a) When the activity undertaken by the Third Party is managed by the Purchasing Team. 

b) When the organisation is eligible to receive UKRI funding. 

c) When the organisation is on the HESA List of UK higher education providers. 

d) When the organisation is a UK Government Department, agency or public body or Local Authority in England and Wales and Scotland. 

e) When the research project is funded by the European Commission (EC) and the Third Party is a proposed “beneficiary” to the EC Grant Agreement, but note that appropriate due diligence checks will still be required on other Third Parties who are engaged to deliver activities.  

(NB: The EC conducts its own financial and organisation validation of a beneficiary) 

Is a due diligence review required if we have previously worked with a funded research third party?

Yes. Under the University's Relationships Policy, due diligence must be undertaken for each new relationship and activity. As the level of review required may vary depending on the circumstances, you should contact your relevant Due Diligence Coordinator for guidance. 

For funded research third parties, an additional and enhanced due diligence review is also required. However, if the Research Support and Compliance Division has previously reviewed the third-party organisation for another project, some information may still be valid, depending on when the previous assessment was completed. For example, elements such as financial information and organisational policies (e.g. Sections 2 and 4 of the questionnaire) may not need to be resubmitted if they remain current. In these circumstances, you may only be required to complete the sections that are specific to the new project. If you believe this applies to your proposed collaboration, please contact the Research Support and Compliance Division at rs.compliance@imperial.ac.uk  for further guidance.

What due diligence checks are required if Imperial is NOT leading the project?

Under the University's Relationships Policy, due diligence must be undertaken for all new relationships and activities, regardless of whether Imperial is acting as the project lead or as a project partner. The nature and extent of the due diligence required will depend on the specific circumstances of the relationship and the associated risks. If you are unsure what checks are required, please contact your relevant Due Diligence Coordinator for guidance. 

Where Imperial is not the project lead but intends to transfer project funds from its own budget allocation to a Third Party, enhanced due diligence requirements may apply. In such cases, the Due Diligence Questionnaire for Funded Research Third Parties must be completed for each Third Party that will receive funding from Imperial under the project, following completion of any due diligence required under the Relationships Policy. 

What due diligence checks are required when funding is not managed on a research account code (i.e. P code)?

The Due Diligence Framework for Funded Research Third Parties, an additional and enhanced process, applies specifically to externally funded research activities where research Third Parties are funded through a research account (P-code). Where funding is provided through another type of account code (e.g.  N/I code), due diligence must be conducted in accordance with broader Relationships Policy, which requires due diligence to be undertaken for all new relationships and activities. As the level of due diligence required will vary depending on the nature of the activity, the associated risks, and the proposed Third Party, you should contact your relevant Due Diligence Coordinator for advice on the appropriate level of review.

What other checks are carried out by the Finance department?

Due diligence must be conducted in accordance with the University's broader Relationships Policy, which requires due diligence to be undertaken for all new relationships and activities. The level of due diligence required will depend on the nature of the proposed activity, the associated risks, and the profile of the funder. If you are unsure what checks are required, please contact your relevant Due Diligence Coordinator for advice on the appropriate level of review. 

The Due Diligence Framework for Funded Research Third Parties does not apply to funders providing research funding to Imperial. The Framework sets out an additional and enhanced due diligence process that is required only where Imperial transfers research funds to Third Parties from a research account (P-code). As no research funds are being transferred to a Third Party in this scenario, the requirements of the Framework do not apply.


 

What other checks are carried out by the Finance department?

To reduce the risk of fraud, the university Finance team is required to independently verify the bank details provided by all new third parties (suppliers) before any payments can be made. In addition, research sub-agreements must be established through the relevant Faculty Contracts team. Requests to create a new supplier can only be submitted by Imperial staff via the ASK portal. 
 
In accordance with the University’s New Supplier Policy, once the Procurement Department has completed its review and is satisfied that the supplier should be added to ICIS, the supplier request form and supporting documentation are approved and forwarded to the Finance Hub. The Finance Hub then contacts the supplier directly to initiate the onboarding process. As part of this process, suppliers are invited to enter their details, including their registered address, contact information and bank account details, into the Oracle iSupplier system. Once submitted, this information is independently validated by the Finance Hub to provide an additional safeguard against fraud and unauthorised changes to payment information. 
 
These financial checks complement the due diligence reviews set out in the Relationships Policy, as well as the enhanced research funded third party due diligence process. 

What are the funded research third-party due diligence responsibilities at post award, i.e. after the project has started?

a) Principal Investigator (PI) and academic department

Depending on the size and nature of the project, governance and management structures should be put in place at the outset to ensure overall project governance, oversee strategy and direction, and to monitor scientific deliverables and progress, e.g. Management Board, Steering Committee, Advisory Board etc. Membership should comprise representatives from each Third Party involved in undertaking the research and meetings should be held at agreed frequencies to discuss project progress (financial and scientific) and review and manage any identified risks.  

 The key responsibilities are: 

  • Establishing Third Party monitoring processes to oversee progress and agreed deliverables.  
  • Monitoring the timely receipt of scientific reports from the Third Party as required. 
  • Supporting Faculty Research Services with the financial management and monitoring of Third Party expenditure and facilitating the resolution of queries as necessary.  
  • Liaising with Faculty Contracts team during the lifetime of the award where amendments to the subcontract agreement are required. This includes highlighting any serious breach that cannot be satisfactorily remedied. 

b. Faculty Research Services/Joint Research Office 

The terms and conditions of the main (primary) funder will flow-down to the Third Party via a separate subagreement. The Third Party will be required to retain adequate records of financial documentation, comply with the funder’s terms and conditions and ensure all contractual obligations are met.  

 The key responsibilities are: 

  • Supporting the PI and Department with the financial management of the project and providing guidance on the use of financial templates by the Third Party (if relevant) to support financial reporting and preparation of invoices submitted to the funder.  
  • Reviewing expenditure incurred by the university and any Third Party to ensure it is in line with the awarded budget and funder terms and conditions before submitting invoices and/or financial statements to the funder. 
  • Notifying the PI and academic department where Third Party expenditure is ineligible or exceeds the allocated budget, and liaising with the Third Party if further clarification and detailed justification is necessary. 
  • Engaging with the PI and academic department about the progress of the Third Party’s deliverables throughout the lifetime of the award.  

c. Faculty Contracts 

The award setup process requires a separate subagreement to be put in place with the Third Party which will flow-down the terms and conditions of the main (primary) funder. The subagreement must be signed by the Third Party before any funds are paid.  

 The key responsibilities are: 

  • Liaising with PI/Department and Faculty Research Services where amendments to the research subagreement are required. 

d. Research Support and Compliance Division 

Once an independent assessment of the Third Party has been undertaken by the central Research Support and Compliance Division, a summary of the risks identified and any recommended mitigating actions will be provided to the PI, Department and Faculty Contracts Team. 

The key responsibilities are: 

  • Working with the PI, academic department and Faculty Research Services to monitor and review the relationship with the Third Party during the lifetime of the award and conducting end of project Third Party relationship assessments as appropriate.  
  • Undertaking assurance reviews of the funded research third party due diligence process and the implementation of recommended mitigating actions as appropriate. 
What other guidance is available?

Research Security is a strategic priority for the UK Government. As part of this, the UK Government developed the “Trusted Research” campaign. Trusted Research brings together key areas of research security and related considerations required to assess the level of risk associated with partnering with international research collaborators and funders, and to manage these risks responsibly, without hindering scientific progress. To support our staff and students at the University, a range of resources addressing Research Security and how to think critically about potential risks in new and existing international collaborations are available on the Research Security webpages. 

Funded Research Third Party Due Diligence risk assessment process

The following risk assessment process forms part of the additional and enhanced due diligence requirements for Funded Research Third Parties once broader organisational and activity reviews have been completed in accordance with the University’s Relationships Policy: 

  • A risk score is assigned to each section of the questionnaire, resulting in an overall risk rating of LowMedium or High. 
  • Risk ratings are determined using the University's standard risk assessment methodology, which assesses both impact and likelihood. Impact refers to the consequences if the risk occurs and Likelihood is the probability of the risk occurring. 
  • Upon completion of the assessment, a summary of the key risks identified, together with any recommended mitigating actions, will be provided to the Principal Investigator (PI)Department and Faculty Contracts team. 
  • Escalation: Where concerns arise and mitigating actions are considered insufficient, the Chief Research Support and Compliance Officer shall undertake an initial review of the original assessment, recommend any further appropriate mitigation, and seek to resolve the issues in the first instance. Any matters that remain unresolved shall be escalated in accordance with the process set out in the  Relationships Policy