Due Diligence: Reporting on Non-Disclosure
In this candid update, Laven’s Global Head of Due Diligence outlines his thoughts on Non-Disclosure and why this can be problematic in the context of an Operational Due Diligence review.
Posted on 17 Feb 2021
Non-disclosure can occur in several topics such as meeting minutes, compliance reviews, regulatory letters or investment memos. Lately, we have received numerous requests for our reports to add contextual language that the investment manager indicated meeting minutes were taken or that compliance, risk management or investment team performed a particular review, test or task. Most times we are not asked to remove the red flag or concern from our report, but to include details that the manager noted that the specified steps were taken but the information was not disclosed.
I don’t know if it was because our ODD process was ISO certified for the better part of a decade, or whether our CEO has talked ad nauseam about the perils of non-disclosure, but I found myself after each discussion thinking about how such a seemingly reasonable request is unreasonable.
Due Diligence is difficult and new clients are hard to come by. We often joke that an ODD specialist can only disappoint clients by finding something untoward. There is nothing like a client paying money for a report that details that they shouldn't move forward with an investment, especially when many within the organization have emotionally committed to the investment or worse have already invested and are locked-up.
So much of Laven’s Due Diligence service is about working with fund managers and, through our review process, improving their operations. We are extremely proud of our ability to help managers adopt risk management policies, create risk matrixes, enhance transaction monitoring, improve vendor due diligence, cash transfer controls, etc. These are measurable improvements in our annual reviews, making the ultimate investor experience better over time.
We understand that virtual on-sites present a unique challenge, especially concerning disclosure. Where we used to be able to review documentation onsite, we now have to coordinate screen share sessions. Today, we work much harder to find a middle ground with fund managers. We work with managers to redact confidential information or MNPI. In short, 2020 was and 2021 will continue to be complicated.
On the surface, it seems completely reasonable to add language that a manager indicated that minutes were taken or a task was performed. However, by adding this language we create a level of comfort. We believe the last thing the Due Diligence industry should do is distribute reports that indicate something occurred when there is no way to verify that the work or documentation exists.
Due Diligence should avoid scenarios where we potentially provide a false impression that something was done but not disclosed. There is a natural inclination to want to move forward with an investment. When you receive a concern that says the manager performed a review but did not share the review, it CAN create an impression that all is well and there is just the technical issue of disclosure.
A lack of disclosure means there is no way to assess the quality of the work. We received “meeting minutes” that consisted of five bullets and less than twenty words. The minutes were shorter than the agenda. Without the ability to review the content, it is not possible to gauge its quality and thoroughness.
Without sounding jaded or suspicious, an individual will likely know that they didn’t complete the task, or that they did it in an unsatisfactory way, or that they failed to properly document the work. In these scenarios, the easiest (and safest) thing to do is to claim confidentiality. Often these claims can be made without any falsehood or dishonesty, especially if the work was partially done or completed in a manner that will be deemed inadequate. If we start adding language to reports which indicates that something was done but we can’t verify the adequacy of the work, we create an environment where fund managers are more likely to claim that information is sensitive or confidential.
In some way, my hope for this newsletter is for someone to provide a response that demonstrates the reasonableness of the request. If you can, please do get in touch.
Global Head of Due Diligence
P.S. There are, of course, limited exceptions to this. An item that immediately comes to mind is the result of third-party penetration tests. For penetration tests, we think it is reasonable to NOT share the results but to provide a cover, page, scope of the review and some sort of confirmation from the pen test provider that they performed a test.