It’s 6:12 pm.
Sales forwards a customer due diligence questionnaire and writes: “can you just fill this tonight? they won’t send the contract until it’s done.”
You open the file and it’s 14 tabs of excel, plus a portal link, plus a pdf attachment from their procurement team that asks the same questions again, in different words.
This is the moment where deal trust either tightens or slips.
Not because you “have compliance”. Because the customer is watching how you behave when it’s inconvenient.
The questionnaire is not admin work. It’s your trust handshake
We like to talk about trust as if it’s brand, culture, leadership. Sure.
But in market deals, trust is also operational. It is your ability to answer clearly, consistently, and with evidence.
A customer due diligence questionnaire is a proxy audit. Your customer is trying to decide two things:
First, “will you create risk for me?”
Second, “if something goes wrong, will you be able to prove that you took the appropriate scalation and remediation actions?”
If you answer late, contradict yourself, attach half-baked policies, or can’t locate basic evidence, the signal is simple: you will be painful to work with.
And painful vendors do not get priority.
This isn’t just and opinion It’s baked into the way regulated companies are expected to manage third parties. Customers operationalize that expectation through questionnaires.
Mistakes that quietly kill deal trust
Here’s what I’ve seen make deals unnecesarilly difficult and, in the worst case scenario, kill them:
- Treating the questionnaire like a one-off: every answer gets reinvented. every department replies from memory. the customer feels the chaos.
- Inconsistent wording across time and teams: legal says “we do annual training”. HR says “ad hoc”. Compliance says “risk-based”. All may be defensible, together they look unreliable.
- Claiming controls you can’t evidence: “we have a whistleblowing channel” sounds great until they ask for the procedure, intake metrics, and who triages. Then silence.
- Oversharing or undersharing: dumping a 60-page code of conduct with no mapping to their question is noise. Refusing to share anything looks like you have something to hide. The right move is targeted evidence.
- No owner, no timeline, no internal workflow: questionnaires die in inboxes. The customer sees you miss deadlines and assumes you’ll miss others.
- Not understanding the commercial logic: procurement wants closure. Compliance wants defensibility. Legal wants risk control. Your job is to respond in a way that makes all three comfortable.
A good questionnaire response doesn’t “prove you’re perfect”. It proves you’re coherent.
Why questionnaires feel messy (and why you still can’t neglect them)
Teams complain, and they’re right, these questionnaires are inconsistent.
- One customer sends a structured portal with drop-downs.
- Another sends a “ddq” pdf with free text fields.
- Another pastes 40 questions into an email.
And they ask the same thing in different formats:
- “ultimate beneficiary ownership” becomes “ubo”, “beneficial owner”, “ownership and control”, or “who ultimately owns or controls more than X%”.
- “capitalistic structure” appears when they really mean corporate and capital structure: shareholders, subsidiaries, voting rights, control.
- Human rights questions range from a single checkbox (“do you adhere to the UN global compact?”) to a full mapping of your supply chain due diligence.
You can’t fix the market’s lack of standardization.
You can fix your internal system so you stop paying the chaos tax every time.
What customers typically look for (and what evidence they expect)
Most customer questionnaires cluster around a few themes. The difference is how deeply they go, and how they phrase it.
Below is a practical map of the most common topics and the evidence that usually settles the conversation.
topic customers test | what they’re really trying to learn | typical evidence they ask for |
|---|---|---|
Corporate and capital structure (sometimes written as “capitalistic structure”) | who is the counterparty, where are entities, who controls decisions | org chart, group structure chart, company registry extracts, list of subsidiaries |
Ultimate beneficial ownership (UBO) | who ultimately owns or controls, and whether ownership is transparent | UBO declaration, shareholder register extract, beneficial ownership statement, governance documents |
Adherence to UN global compact or similar standards | whether you align with baseline principles on human rights, labor, environment, anti-corruption | public commitment, supplier code of conduct, ESG or sustainability policy, internal statements (if not public) via UN global compact principles |
Human rights standards and due diligence | whether you can identify, prevent, and address human rights impacts | human rights policy, risk assessment summary, grievance mechanism, supplier onboarding clauses aligned with the UN guiding principles on business and human rights |
Compliance framework (policies, procedures, controls) | whether compliance exists as a living system, not a pdf | code of conduct, anti-corruption policy, conflicts policy, third-party due diligence procedure, records of approvals, top management communication |
Whistleblowing channel | whether issues can be raised safely and handled consistently | channel description, procedure, role owners, case handling workflow, anonymization and retaliation protections |
Training | whether staff are trained, and whether you can prove it | training plan, completion rates, attendance logs, role-based materials |
Notice the pattern: they don’t just want promises. They want evidence that your program runs.
This is also why “paper compliance” backfires commercially. Customers can smell it, because their own auditors have trained them to.
How to answer faster without lying (or burning your team)
If you want questionnaires to stop blocking deals, you need a repeatable internal product.
Use three rules.
- First, create a single source of truth for standard answers, owned by compliance or legal, but validated by the business.
- Second, attach every answer to an evidence artifact (a policy, a record, a register, a screenshot, a template), and make sure it’s version-controlled.
- Third, treat exceptions as data. If you answer “no” to a question today, log it, decide if it’s acceptable, and if not, create a remediation action with an owner and deadline.
That is how trust gets built over time: not by claiming maturity, but by showing you manage gaps.
Where Naltilia fits (and what AI should actually do here)
At Naltilia, we built a feature specifically to manage customer due diligence questionnaires because I got tired of watching good deals slow down for avoidable reasons.
Naltilia centralizes your internal compliance information and past responses.
When a new questionnaire arrives, you can reuse consistent answers across similar questionnaires, and our AI can automatically draft responses based on your stored, approved content.
You still review. You still own the final answer. The point is speed and consistency without losing control.
And this sits on top of the broader work Naltilia does for compliance teams: compliance risk assessment, remediation actions, tailor-made policies, automated data collection, and compliance workflow automation.
The takeaway I want you to act on
If your questionnaires are messy, slow, and inconsistent, you’re not just “inefficient”. You’re training the market not to trust you.
So make a decision.
Either keep treating customer due diligence questionnaires as annoying interruptions, and accept that deals will stall at the worst possible moment.
Or build a real response system: standard answers, mapped evidence, clear owners, tracked remediation, and a tool that keeps it all coherent.
Trust closes deals. Questionnaires are where you prove trustworthiness.
