How important is time to due diligence ?

In due diligence time is of the essence.

Why is time such an inescapable element of due diligence ?

A key principle of performing due diligence is that business delayed is business lost. Venture capitalists performing due diligence on investment targets know this too well. Banks too, where the competition can be savage, dread a reputation for being slow to open accounts for new customers.

When business is held up thanks to due diligence compliance officers can expect to get it in the neck – especially if they have overegged requirements or created an unsustainable process. But often businesses are their own worst enemies. But failing to invest in systems and processes that can smooth the way, they too are adding to the time due diligence takes. Private equity or venture capital, for example, would do well to develop a watchlist of potential targets, and perform a basic level of due diligence well ahead of the stage where contracts or term sheets are being discussed – even if only to keep up with the competition.

Unfortunately there is no standard as to how long due diligence takes. The length of time is inevitably set by the competition, and that can trigger race to the TAT bottoms. There is a direct correlation between due diligence time taken and effectiveness, up to an optimal point. Beyond the optimal point more information likely to be background noise adding less and less to an understanding of the due diligence subject. A study on venture capital by Robert Wiltbank and Warren Boeker showed that returns on investment also correlated to time spent on due diligence, hence to the effectiveness of the due diligence.

There is also a cost correlation, which together with the need to please the customer or seal the deal, works against due diligence being given the freedom to set its own timings.

Business folk would be happy to hear Regulators don’t like due diligence that takes too long either. They like thoroughness, yes, but they expect proportionality – in other words they don’t want to be held responsible for business cirrhosis, or customer complaints. Besides, they also recognise that unless due diligence is handled efficiently, backlogs build, and backlogs very quickly undermine all the other controls built into a finely tuned compliance programme.

To the compliance mind due diligence taking too long is as much as a risk as due diligence happening too quickly. In today’s information rich environments changes to risk can happen between the time due diligence starts and ends. Moreover, delays in obtaining information can be indicative of red flags, either in relation to sources or to the subject. On top of this the compliance officer will share any regulator’s deep distrust of backlogs – which, if not an indication of flaws in the due diligence design, is an indication demand, capacity and process are out of balance. The end result is the same, namely that due diligence takes too long.

But the compliance officer is not only concerned with how long due diligence takes. He or she will be factoring time into the risk-based approach. Thus the proximity of events or data is a risk factor of its own. It stands to reason an allegation of bribery that occurred ten years ago will be less of a concern than one that occurred last week.

Technology is at the heart improvements in the time it takes to perform due diligence, and will continue to be so, especially as more and more data is being processed. But technology is also helping with the “when” dimension of due diligence’s relationship with time.

On-going due diligence used to be universally periodical, performed on a set batch of relationships on set dates. It was a nightmare to manage and was more prone to backlogs and delays than any other aspect of due diligence. Nowadays best practice on-going due diligence is dynamic and heavily automated. Technology has lifted the periodicity of the different risk bands to one overarching standard – real-time, or as close to it as the organisation can get.

Payment transactions have always been screened (a sort of due diligence) real-time, allowing interventions before an event occurred. Nominally real-time (dynamic) on-going relationship due diligence (or profiling, as it is often called) means that managers can deal with risks as they arise, and not years after the fact. But this will never be a complete mitigant. Once a relationship exists a certain degree of risk remains like an isotope with a long half-life. Exiting a relationship may help mitigate, but cannot remove the risk imprint.

Thus, to avoid such risks it is imperative that due diligence is sequenced to prevent potentially troublesome relationships getting to the point where a contract or agreement is signed, term sheet issued, or party is contracted. We may all think we know this, but expediency often gets in the way.

Consider the UK government’s dealings with Greensill. The Government’s own Treasury report noted it was to the British Business Bank’s credit it had a post accreditation monitoring process in place, and this had prevented a worse disaster, however, it then lamented ….”had the Bank done more due diligence (at the outset), including on the loans Greensill claimed it intended to make, it is possible that this situation could have been avoided”. The UK taxpayer now stands in jeopardy with regard to GBP 335 million worth of guarantees.

Alison Levitt QC, in her Independent Report on Boohoo, a UK fast fashion company accused of failures to manage its supply chains, noted that Boohoo’s… “practice has been to place an order with a new supplier prior to completion of due diligence and other onboarding controls”. The result was involvement in what some media have called modern slavery.

Even when expediency is not to blame, philosophical misunderstandings can back-end due diligence. The UK Treasury was criticised by its own report, as well as the independent Boardman report for failing to assess the background to lobbying efforts by Greensill. The Treasury’s position was that due diligence would have been pointless if (as was the case) they did not proceed with Greensill’s suggestions. “It would be completely disproportionate to conduct in-depth financial due diligence on a company simply before having a conversation with them. Had we extended credit to the company—which we did not, and would not have done—through the CCFF, that would have been the time to do due diligence”.

The flaw with this argument is, had the Treasury accepted Greensill’s proposals, they would have been in a bind if due diligence raised issues (which it should have done). As it was the Treasury has not exonerated itself, and is stuck with avoidable damage to its reputation.

Thus time is of the essence to due diligence – in terms of duration, proximity and sequence. As we all strive to build better compliance systems and processes we might do well to recall Andrew Marvell’s words, “at my back I always hear, time’s winged chariot hurrying near”.

The author leads TSG’s Advisory Services. He has spent many years in law enforcement and banking specialising in financial crime risk and compliance. TSG is a Research (including due diligence) specialist, also offering Ethics Compliance and Advisory services to its clients. TSG offers expertise in Eastern Europe, as well as East Asia.