Operational Due Diligence Spotlight on the On-Site Visit
Introduction In May 2014, the SEC warned that more than half of the private equity firms it had examined were engaging in serious compliance violations. The commission cited the unique temptations and conflicts of PE executives, who face lax oversight from investors 2
Investors: what are they most concerned with beyond the track record? Source: EY Global Private Equity Fund and Investor Survey, 2016 3
Key Elements of operational due diligence in PE Management entities structure, corporate governance, board / exec committee meetings & minutes, management agreements Fund structure, corporate governance, LPACs, LPA & PPM, fees, total expense ratio HR, IT & Insurance key individuals and employees, IT & business continuity, insurance Service providers independent administrator, bank / custodian / depositary, cash transfers, auditor, legal counsel Deal management & back office Deal teams & investments, ICs, deal management, back office workflow, resources, shadow accounting Compliance Regulatory status, compliance officer, procedures & controls, training, insider trading Risk management risk officer and management process, due diligence, valuation risk, counterparty risk Background checks KYC checks, web searches, investor references ESG 4
How to employ the trust but verify approach Documents review Service providers review On-site visit Evidence verification Debrief 5
How to employ the trust but verify approach Documents review: aim to review and compare information between binding (e.g. LPA, PPM) and marketing (e.g. DDQ, presentation) materials for inconsistencies ahead of the on-site visit Service providers review: aim to obtain information from the service providers independently with regards to their relationship with the firm as well as the service providers responsibilities On-site visit: aim to question and verify information across staff from different departments and different seniority levels to get a detailed picture of the firm s set up and day-to-day operations Evidence verification: corroborate information provided through evidence, such as policies and procedures, reports, systems and software, minutes, etc. Debrief: try to clear any miscommunication throughout the process and be transparent about potential weaknesses 6
How to prepare for an on-site visit and what tactics to employ to get the best results Aim of the on-site visit: to observe first-hand information already learnt and to corroborate at the firm s premises with the most relevant participants Structure: the on-site visit is not a sales meeting, try to organize and distribute a clear agenda ahead of it, including detailed topics to discuss and desired relevant personnel to meet and question Duration: allow for 4-5 hours to meet various functions, explore systems, review documents, tour the office and get clarification on identified issues Participants: pass through investor relations and aim to speak with the individuals who actually perform relevant operational functions (e.g. back office staff, analysts, compliance personnel) across hierarchies Outstanding documents: get past the confidentiality barrier and ask to see on-site documents that have been claimed confidential (e.g. meeting minutes, cybersecurity policies and reports) 7
Investors views on the areas of Fund Terms & Conditions Source: Preqin Investor Interviews, December 2016 8
What documents to ask for prior to the on-site visit? In relation to the Fund ILPA DDQ Presentations Private placement memorandum Partnership agreement / incorporation documents GP or fund meeting minutes Audited financial statements of predecessor funds Service provider agreements List of LPAC members In relation to the Manager Partnership agreement / incorporation documents Investment management & advisory agreements Meeting minutes Insurance policies BCP, DRP, Cybersecurity policy, tests Risk policies and procedures Compliance Manual Sample investment memorandums, business plans, agreements 9
Some red flags to look out for.. No transparency: why is the firm hesitant to disclose documents on-site to current or potential investors despite NDAs? No consistency: why information differs in various documents (e.g. between marketing presentations and binding documentation)? Is it presented more broadly, vaguely or not at all in (e.g. the OM)? Are processes and policies as described in the DDQ or do they differ in practice? No formal processes, meetings or minutes: is the firm committed to look after investors best interests? Does formal governance exist? In a consistent way? No independence or segregation of duties: how does the firm prevent conflicts of interests within functions? No designated functions or too dependent on key men: is the firm allowing for enough resources to operate and look after investors best interest? What happens in case of a divorce between the company and key personnel? No disclosure: mistakes happen, has the firm taken measures to avoid such happening again? and has it been open to its clients to disclose those? No strong risk or compliance culture: has the firm given enough authority to risk and compliance functions or are such decisions effectively made by the CEO? 10
How to assess the general compliance culture of the firm? A clear compliance program: documented policies, protocols and procedures Skilled and empowered compliance professionals Reviews & alignment: continuous evaluation and update of the compliance protocols Education of employees: training as an ongoing process with employees revisiting topics regularly Communication and approvals: a method for staff to record breaches or request compliance clearing Monitoring & assessment: continuous monitoring to detect current and future risks 11
How to assess the general risk culture of the firm? Risk policy: documented protocols and procedures Independent risk professionals: designated risk manager and / or risk committee Due diligence: documented procedures to avoid omissions, sufficient depth and regular frequency Key men: departures and retention practices Commitment: incentives, long term interest Monitoring & assessment: valuation, counterparties, conflicts risks 12
Where do most firms fall short? Corporate governance: in corporate fund structures or GPs limited power, too many directorships, offshore dominance Documented procedures: limited documented policies and procedures, infrequent updates Evidence of procedures being applied (e.g. reports): inconsistent and undocumented monitoring Transparency & disclosure, flexibility in offering documents (e.g. in relation to fees) Segregation of functions: personnel acting in multiple roles or responsible for departments Risk management functions: no designated function (particularly in the US) Compliance: infrequent compliance monitoring, training and oversight Consistency of marketing and offering documentation or policies and procedures: differences in how facts are being presented (if at all) in marketing presentations and binding documents 13
Consideration of newly developing or changing risks? Service provider due diligence On-site visits (outsourced back offices, IT providers, administrators, custodians) Ongoing service provider monitoring Counterparty risk Compliance changes in Switzerland and EU MiFID II e.g. managing conflicts of interests 4th AML Directive expanding on client on-boarding requirements Change in legal representative requirements in Switzerland with regards to private placement distribution Conflicts of interests Cyber security Fundamental fiduciary principles have survived intact for centuries, yet their interpretation has been dynamic. Given changes over the past few decades in global economic, capital management, and market structures, we appear to be at another inflection point in the understanding of fiduciary principles. James Hawley, Keith Johnson, & Ed Waitzer, 2011 14
What are CFO s top operation objectives? Source: EY Global Private Equity Survey, 2017 15
Striking back Source: Future insight: Private equity CTOs and the coming tech concerns, EzeCastle 2016 16
Cybersecurity what to look for? Processes and procedures - how is data on investments, investors and other records stored? What documented cybersecurity procedures are in place? (passwords, USB keys, server patching) Testing - outside vendors doing penetration tests? Frequency? Evidence? Ongoing traffic monitoring and alerts? Information held by service providers - how are service providers backing up any critical data? Remote access and client logins online do they open up any gaps in security? Training of staff do they really know how to protect the firm and its investors? Are phishing tests conducted on staff? 17
Takeaway Require different information in nature Review and corroborate though different sources Documents review Service providers review Review service providers Contact them and verify information Check responsibilities On-site visit Evidence verification Prepare agenda in advance Speak to various staff, departments, seniority) Review systems Require actual evidence for the application and testing of policies and procedures 18
London +44 (0) 20 7838 0010 New York +1 212 935 3606 Barbados +1 246 844 33 80 Geneva +41 (0) 22 548 3172 info@lavenpartners.com 1 9
Disclaimer Laven Partners Limited is registered in England and Wales (registered number 04829021) with its registered office at 11 Old Jewry London EC2R 8DU. The material, its content and associated documents are confidential and may not be disclosed, reproduced or otherwise given to any third party. This information should not be relied upon. The material is intended only to facilitate your discussions with Laven Partners Limited. The content is subject to change. No representation, warranty or undertaking, express or implied, is made or given by Laven Partners Limited or any representative of Laven Partners Limited as to the accuracy, reliability or completeness of the content. In no event will Laven Partners Limited or any of its directors, officers or employees be liable to any person for any direct, indirect, special or consequential damages arising any use or misuse of the content. It is the responsibility of any person or persons in possession of this material to inform themselves of and to observe all applicable laws and regulations of any relevant jurisdiction. Laven Partners Limited does not provide tax advice. Any information and opinions contained herein are presented on the basis as at the date of this document only. 20