Skip to main content

Glossary

DDQ (Due Diligence Questionnaire)

A due diligence questionnaire (DDQ) is a structured set of questions one organization sends another to assess its operations, financials, compliance, and risk controls before starting or continuing a business relationship. Investors, enterprise customers, and partners use DDQs to verify claims and document the diligence process.

In practice

DDQs appear in three broad forms. Investor DDQs are sent by institutional investors, allocators, and investment consultants to asset managers, hedge funds, and private equity firms before committing capital. Regulatory and compliance DDQs support obligations such as anti-money-laundering checks and third-party oversight in regulated industries. Vendor DDQs are issued by companies evaluating suppliers and service providers, and they often overlap with security questionnaires and vendor risk assessments.

Most DDQs are not one-time events. A firm typically completes a full questionnaire during onboarding or fund selection, then receives refreshed versions on a recurring cycle, often once a year, plus event-driven updates after changes such as new ownership, key staff departures, or a security incident.

For example, a pension fund evaluating a hedge fund might send a DDQ covering firm ownership, investment process, service providers, compliance program, and business continuity planning, then reissue a shorter update each year the allocation remains in place.

Keep reading

Related terms

For how response teams manage recurring DDQs, see the RocketDocs DDQ completion solution.

FAQ

Frequently asked questions

What does DDQ stand for?

DDQ stands for due diligence questionnaire. It is the standard shorthand in asset management, banking, and procurement for the formal question set one organization sends another to verify how it operates before entering or renewing a relationship.

Who sends DDQs?

Institutional investors, funds of funds, investment consultants, banks, insurers, and enterprise buyers all issue DDQs. In each case the sender is the party taking on risk, and the recipient is the fund manager, vendor, or counterparty being evaluated.

How often are DDQs updated?

Cadence varies by industry and risk level. A common pattern is a full DDQ at onboarding followed by an annual or periodic refresh, with additional updates triggered by events such as ownership changes, new regulations, or security incidents.

From definition to response

See how RocketDocs turns these concepts into a working response process: approved content, private AI drafting, and audit trails your compliance team can trust.