One of the suggested due diligence steps for a high risk business customer is to do an onsite visit. What exactly should we look for? No visible cocaine or bundles of money in the corners???

Seriously, if anyone has a checklist they use, it would be much appreciated.

If they have close-set eyes, you should immediately cease doing business with them!

Seriously, this business of making bank employees act as policemen is ridiculous! What if someone gets shot?! Should I be requesting hazard pay?!

A lot would depend upon the type of service the vendor is providing for you. I know that we conduct annual onsite inspections of the company that does our shred/disposal for us. We show up pretty much unannounced. A well run organization should not be hesitant to provide a tour of their facilities. We ask questions about the handling of our documentation from the time it leaves the bank until it reaches it's final destination. You want to make sure the facility is secured. Ours has barbed wire around the facility and has an electronic gate that you must go through to reach the building. Ask about how they dispose of the documents, what procedures do they have in place for ensuring their is no breach of information during transit, ask if they have privacy agreements that their employees have to sign when they are hired, do they do background checks on their employees, etc....

This is the same type of process you would do for each vendor that provides a critical function as it relates to information security. Does the operation appear sound, do you like the way they answer your questions regarding the privacy of your information, do they appear hesitant to allow you to do a walk through?, is the facility neat (no documents piled in corners in boxes that are 15 years old.. If they have your customer's information in an electronic form then how are they ensuring that it is not compromised? What types of internal controls do they have to make sure that only employees with a business need have access to that information? What about their contingency plans? Are there backup tapes - if so how are those handled/secured?

Basically you want to hear about the same responses from your vendors as you would give to an examiner. For as long as this law has been out vendors are getting use to us asking these questions and for most it won't come as a surprise.

We have similar policies requiring on-site visits to our customers.

At the most basic level, you are answering very simple questions;
Is the business located where they said it was?
Is it set-up the way you'd expect a business of that type to be set up. (If it's a car dealer, and there are no cars....)
Are the contact people listed for the account there?
Are they doing business?
Etc.
Then move on to the more sophisticated questions of procedures, security, policies, etc like MackenzieS has describe for a vendor visit.

a 600 Million $ Fraud case was uncovered because one banker decided to visit the office of the shipping company that had credit facilities of 600 M $ ( related to trade finance ..I dont really remeber all details ) , the banker acted on his own and on his way home he passed by the shipping Co. Office..to his amazment it was a tiny 2 rooms office with one guy and a Phone !

On site visit purpose is to uncover the shell companies...who merley use their registration and establishment papers to open a company account and start using all bank services and products,.,,,even though they have No actual Business , or enough staff or even infra structure , or customers or stock.....etc.

Thanks guys!