Back to Portfolio for the Future

Due Diligence Idea: Reverse Stultification and Bloat

smileyUncorrelated LLC, the institutional-investment think tank founded by Cathleen Rittereiser, has published a white paper on “reinventing the due diligence process,” the outcome of one of its industry-wide Whiteboard initiatives to rethink key issues in the asset management world.

The participants began with the observation that the Madoff fraud revelations, coinciding as they did with the global financial crisis of late 2008, created a “stultified and onerous due diligence process” full of “bloated questionnaires, awash in documentation, “ and fixated on checking various boxes on a list.

How to move to a better system? The recommendations begin with institutional introspection. The due-diligence team’s members should know themselves, their own institution’s governance structure, and their investment committee’s mindset, so that managers who are unsuitable for reasons that don’t require a diligence process can be set aside early on, saving time and resources. Further, the management selection team must keep its own focus on the pertinent decision factors, guarding against irrelevance.

Get Out of the Silo

Keeping focus doesn’t mean living in a silo. Quite the opposite. One of the key points of the white paper is that the management selection process has to be integrated with asset allocation. Uncorrelated approvingly quotes one investor this: “Maybe it’s time to jettison the idea that asset allocation creates pie slices, then the ball gets thrown over the wall to the management selection team to fill those slices, and never the twain shall meet.”

With greater integration, a due diligence team will know before it meets with a potential new manager exactly what it is looking for in the coming exchange. It won’t simply have to listen to a canned pitch and work out the best way to dig deeper thereafter. It will go in with a Key Questions document which, ideally, will fit onto a single page.

One of the investors who participated in the discussions that led to this white paper spoke of a “dark triad” of personality traits: narcissism, psychopathy, Machiavellianism. One doesn’t want to allocate any assets to an entity wherein those traits are present. That sounds obvious enough once it’s been said: that is precisely why there is a value in saying it.

The white paper also reminds readers that no one likes due diligence questionnaires. It attributes to Ken Akoundi, the president of ASPN Solutions, the estimate that twenty five out of 300 possible RFP questions “are relevant and important.” So: customize the questionnaires with an eye to what you, the potential investor, really want to know.

Memorial Sloan Kettering

The white paper also includes an inset from “investor thought partner” Jason Klein, senior vice president and chief investment officer of Memorial Sloan Kettering Cancer Center. Klein is responsible for the care and feeding of MSKCC’s $4.5 billion in long-term global investment assets.

Klein appears to have inspired this project’s name, “DoDiligence,” as a way of reminding participants, and eventually readers, that “due diligence” is a course of action. It isn’t something to think about but a course of action.


The white paper likewise includes a section on cybersecurity written by Kenneth Citarella, senior managing director of guidepost solutions, arguing that an investor “cannot know enough about accompany in which you are considering investing until you know their cybersecurity profile.” The “cyber frontier” is lawless, and hits from this direction cause ever more grave financial and reputational consequences.

Vulnerability comes about because “good guys don’t have sufficient imagination to think of all the ways the bad guys think,” Citarella warns.

Investors in an entity must ask its managers about each of the following points.

  • Third party vendors – who has access to the cyber network of the entity under diligent study?
  • The deletion of old data – an entity absolutely must have a policy in this regard!
  • Encryption of data – is the data unreadable to all unauthorized parties?
  • Secure passwords – is the entity taking the oldest advice in the history of cybersecurity?
  • Learning from mistakes – has the subject entity been compromised in the past? What did it do to prevent a recurrence?

Finally, investors must see to it that a cybersecurity awareness program is in place, as is cyber incident insurance and regular security reassessments.