The financial crisis of 2008/2009 had far reaching effects across the sector in many different areas of business. It sparked new regulations and legislation, increased awareness of the dealings of financial firms and really forced investors to become far more sophisticated and clued-in enough to make judgments about their potential investments.
Many investors now undertake operational due diligence (ODD) as a matter of course, and there is a whole industry of reputable and trusted ODD professionals who will leave no stone unturned, scrutinizing hedge funds and private equity firms’ staff, operations, and technology to ascertain whether it is a viable investment.
So, what are the ODD teams looking for and how can firms ensure their staff, operations, and technology will pass muster?
There are a number of things the ODD team want to see evidence of, and transparency tops the list. Firms that can demonstrate transparency and give examples or summary information about performance and decision making, without disclosing confidential information around trading positions or strategies, are much more likely to get a green flag in an ODD investigation.
Clear compliance with regulations and independent senior level oversight is another hot area for ODD teams. Compliance runs through every aspect of a firm’s operations, and investigators will be looking for evidence of this being ingrained into the culture and ethos of the firm. Comprehensive reporting processes, adequate systems and well-trained staff are all evidence of a firm with a compliant ethos. Firms where knowledge is downloaded and shared, taken from an individual to a system which can be used by other team members are reducing the risk of critical knowledge or data being lost or becoming inaccessible. We hear a lot about key man dependencies, and it ranks high on the risk factor and would be a red flag for ODD teams.
While systems are important for reporting and meeting compliance requirements, they are also used extensively in front, middle and back office operations, and well planned and implemented systems can give a firm a critical competitive edge when it comes to operational due diligence. ODD teams will look at a firms’ technology infrastructure to make sure it is fit for its purpose, but also that data is safe and protected, that disaster recovery (DR) and business continuity plans are in place and that the right expertise is in place to manage the technology and systems. Where firms are using cloud or offsite services, ODD teams and investors want to see reliable technology partners in use, and retained control over that data, as a loss of control translates into higher risk.
Another key area is the use of external service providers. ODD teams will be investigating their identities, track records and scope of the services they provide. Service providers need to be as watertight and ODD-ready as the firms themselves, with good staff, processes and systems in place. If they fall short, and investment firms don’t have adequate controls in place or clear oversight of these service providers, this indicates risk and could negatively impact the ODD recommendations.
The best advice firms can take is to be prepared. Be prepared to show processes, policies and systems, but also be prepared to demonstrate this in practice. Ensure that staff demonstrate the firm’s culture if they are observed or interviewed, that service providers are ready and able to demonstrate their competence, and that every risk has been identified, categorized and suitable mitigation is in place if, and when, they are needed.