Due diligence is long ingrained in the corporate world and particularly in banking and finance. Vetting of customers, business partners, investment prospects, and vendor and third-party relationships is not only essential for risk management, but is also increasingly subject to regulatory and investor scrutiny as companies face ever more complex anti-money laundering (AML) and environmental, social and governance (ESG) auditing and reporting requirements.
Tried-and-true approaches – systematized due diligence questionnaires (DDQs) are in widespread use, and companies deploy dedicated departments or interdisciplinary teams to evaluate acquisition targets – were called into question following two high-profile failures: the sudden multibillion-dollar downfall of the FTX cryptocurrency exchange; and JPMorgan Chase & Co.’s $175 million acquisition of Frank.
The latter, a 2021 deal for a student loan-related fintech business, unraveled last year and was publicly acknowledged by JPMorgan chairman and CEO Jamie Dimon to be “a huge mistake.” It has devolved into conflicting lawsuits between the bank and the startup’s principals. In court complaints, each side bears witness to the due diligence while hurling accusations at the other, as reported by Forbes.
Regarding both FTX and JPMorgan-Frank, banking consultant Charles Wendel observed in a GARP Risk Intelligence article, “the investors were sophisticated and well-experienced in evaluating investments. Yet they made basic mistakes, embarrassing themselves, losing millions, and setting themselves up for lawsuits.”
“I think in both of these cases that the investors just wanted to do a deal, and they were not appropriately skeptical,” Wendel says in an interview, suspecting FOMO – fear of missing out.
“You don’t want people to be fawning over an opportunity,” Wendel stresses. “Respect the people on the other side of the table. But also be skeptical.”
Due diligence has emerged as a hot button in other contractual, if not literally financial, contexts. The recent earthquake tragedy in Turkey brought recriminations on building codes and enforcement – or lack of it – by the government of President Recep Tayyip Erdogan.
The pan-European exchange operator Euronext on February 28 withdrew an offer to acquire wealth management technology company Allfunds “following due diligence,” according to a statement given to The Trade. Allfunds, for its part, merely claimed that “the terms of the proposal were inadequate.”
Straits Times in Singapore, reporting that investment firm Temasek was a defendant in a U.S. lawsuit against venture capital backers of FTX, said the complaint cited a November 17, 2022 statement on Temasek’s website: “We conducted an extensive due diligence process on FTX, which took approximately eight months from February to October 2021.”
In the wake of FTX’s November bankruptcy, Commissioner Kristin Johnson of the Commodity Futures Trading Commission called for statutory authority to step up her agency’s due diligence powers. And Christy Goldsmith Romero, also of the CFTC, saw in the debacle “a violation of trust” that underlined “serious questions surrounding the due diligence by venture capital, pension, hedge funds and other equity investors.”
The failures of Silicon Valley Bank and Signature Bank, which were precipitated by sizable outflows of uninsured deposits, may lead to more due diligence by such clients when initiating their banking relationships.
DDQs in Force
Coincidentally, and indicating the long-established status of due diligence, the Alternative Investment Management Association on February 27 published a new set of due diligence questionnaires, said to be “timely given the increased scrutiny of the risks involved when allocating to digital assets and investors’ heightened demand for transparency.” The association issued its first DDQ for hedge funds in 1997.
Jack Inglis, CEO, AIMA
The latest DDQs, an initiative of the AIMA Digital Assets Working Group, address strategy, trading, risk management, leverage, liquidity risk, and fund service providers including custody, costs and expenses, performance and valuation. AIMA chief executive Jack Inglis believes that they ”can help to standardize the due diligence process around this growing asset class.”
Shared Assessments, the multi-industry, third-party risk group whose DDQs are a component in the Risk Management Product Suite that has more than 15,000 users worldwide, is currently eyeing European due diligence directives that are likely to have global implications, according to a blog article by senior advisor Gary Roboff.
Andrew Moyad, the former senior vice president of vendor risk management at Blackstone who was appointed Shared Assessments CEO in February, said: “Increasingly, mismanaged third-party risks cause hundreds of millions of dollars in losses and reputational damage each year. The challenges that organizations now face, from the heightened pace and sophistication of attacks to expanding regulatory mandates, force organizations to assess and continually evolve their risk practices.
“This is where the collective intelligence of Shared Assessments’ many members and its dedicated risk management experts and tools development experts delivers value.”
Rushing to Judgment
Wendel, who is president of Financial Institutions Consulting, reels off some factors that lead due diligence astray: having the wrong members on a team, failing to ask the right questions, lacking sufficient details, not using or misusing the available tools for decision support, and misreading an acquisition target’s strategic or cultural fit.
He contends there is no excuse for a lack of thorough up-front research, especially considering how easy it is to investigate organizations and individuals online.
Liron Mandelbaum, chief operating officer of Dasseti, says problems often arise when parties to a deal feel rushed to act. He adds that due diligence tends to be elevated and more consistent “where there’s very clear expectation from regulators. People realize that the stakes can be high here. You need to verify as much as you can.”
Dasseti, an investment due diligence software company formerly known as Diligend, closed a Series A financing in January led by Nasdaq Ventures.
Regulator Seeks Codification
In a January speech, Commissioner Johnson of the CFTC said she was “urging Congress to include in any new legislation statutory authority for the CFTC to conduct effective due diligence on any firm – not already subject to the CFTC’s oversight – that seeks to purchase 10% or more of the equity interest in a CFTC-registered exchange or clearinghouse.
Kristin Johnson of the CFTC
“I am also encouraging my fellow commissioners to consider, with the utmost urgency, initiating a notice and comment process to identify a path that ensures that the commission has greater visibility into the financial health, corporate governance, and risk management processes of any business seeking to acquire a significant equity ownership stake in CFTC-registered entities.”
Pointing to FTX’s 2021 acquisition of LedgerX, which is CFTC-regulated, was rebranded FTX US and survived the crypto exchange’s bankruptcy as a going concern, Johnson added, “In order to fulfill its customer protection, market integrity, and market stability mandates, the commission should have the authority to engage in an appropriate level of due diligence during the acquisition of a CFTC-registered exchange or clearinghouse, including one occurring through a bankruptcy proceeding.”
Dasseti’s Mandelbaum, whose past positions include chief marketing officer of Bloomberg Tradebook, sees how JPMorgan’s Frank transaction and the FTX collapse, although due diligence was a common denominator, could unfold differently.
“Even though there was potentially some fraud [with Frank], you know that the SEC [Securities and Exchange Commission] will not very likely fine anybody in the end,” he explained. With FTX, “the SEC is involved because there was financial, fiduciary responsibility for a lot of the firms that were investing in FTX.”
The diligence process depends in part on having the right tools to perform data analysis on a deal and its participants, evaluate how the businesses fit together, and the likelihood of success or benefit.
Victor Meyer of Supply Wisdom
Victor Meyer, a former Deutsche Bank risk manager who is chief strategy officer of supply chain risk specialist Supply Wisdom, says it is critical to use “every single analytical tool, making the due diligence process very rigorous and even a bit prescriptive. However, risk managers also need to step back from time to time and evaluate the data in its aggregate – not just the individual component parts. Otherwise, you can lose the forest for the trees.”
Meyer says due diligence teams looking at deals should ask basic, qualitative questions such as: Should we be doing the deal at all? Does it make sense from a financial and/or reputational point of view? Is it consistent with our values and beliefs? Are we going too fast? Are the incentives appropriately aligned?
Aggregate and Analyze
Bringing in his technology perspective, Mandelbaum says, “The deeper you go, the more you need to review, and maybe the more you’ll be distracted and miss something. That’s where technology comes in.”
Liron Mandelbaum of Dasseti
Automation and analytics “can help keep track of everything digitally, and potentially flag problem areas,” says the Dasseti COO. “You can create rules, and AI can do basic reading and look for key words or responses. It can save you lots of time. The consistency comes from the digital platform pushing out every time, and making sure the same questions are being asked.”
Illustrating how investor due diligence is moving beyond data collection and storage and into analysis and insight, Dasseti last year added features to its Collect platform, which enables research and due diligence teams to aggregate and analyze large quantities of data in a customized way. The aim is to improve risk management and decision-making and support regulatory compliance.
“Things are moving much faster, and at the same time are more complex,” says Supply Wisdom’s Meyer. “We’ve got the data. We just need to pay better attention to how we aggregate it. That way, experienced people can see patterns and say, ‘Oh yes, that’s an important metric. We’re well within our risk appetite thresholds. So let’s do a little bit more digging where we’re less comfortable or where there are less comprehensive data sets.’”