Personnel Failure

Operational due diligence hiring gap is hurting the industry

JASON SCHARFMAN, CORGENTUM CONSULTING, LLC

In the early days of the hedge fund, operational due diligence (ODD) referred to evaluating a limited set of traditional back-office procedures. These items effectively focused around a small subset of factors, seeking to evaluate what happened after a hedge fund executed a trade. Originally, operational due diligence was incorporated into the investment due diligence process. From a personnel perspective, hedge fund investment analysts used to perform some degree of operational review as part of their overall due diligence work.

Today, the pendulum has swung in the other direction and the scope and breadth of operational due diligence has vastly expanded. Beyond plain vanilla back-office operations reviews, typical items incorporated into a modern operational due diligence review now cover a wide myriad of topics across disciplines including the law, valuation, information technology and fund service provider analysis to name a few. With the expanding scope and specialisation of operational due diligence, many institutional investors now have distinct operational due diligence departments, and work with third-party consultants to assist in the process. In part, due to a continuing series of high-profile hedge fund failures due to operational reasons and frauds such as Bayou and Madoff, the importance placed on operational due diligence has expanded as well. Indeed, today many in-house operational due diligence departments maintain veto power over the investment function should a proposed hedge fund investment not be up to par.

When discussing the seemingly ever-expanding list of items incorporated into these reviews, we at Corgentum often refer to it as a type of “gap filler due diligence”. That is to say, the operational due diligence process is increasingly responsible for filling the gap between traditional investment due diligence and the old notions of traditional back-office due diligence. This is particularly true in light of the increasing number of areas that have risen in importance based on market events, but are often overlooked by traditional investment due diligence. An example of this would be an operational due diligence team increasingly being asked to review a hedge fund’s regulatory interactions with groups such as the US SEC after the passage of Dodd-Frank.

Yet despite the increasingly multi-disciplinary nature of items covered during operational due diligence reviews, institutional investors’ attitudes towards the types of individuals they hire to staff operational due diligence functions is largely stuck in historical notions that operational due diligence is still primarily focused on traditional fund accounting and operations. By not developing operational due diligence teams staffed by individuals from truly different disciplines, investors are missing a key part of the overall operational risk picture of the hedge funds they review.

Who looks at insider trading risk?
Of late, the above-referenced gap in the areas covered between investment due diligence and traditional operational due diligence is growing increasingly wider. A whole list of topics are moving higher on an investor’s priority list and may not have been there a year or two ago.

Consider, for example, the risks associated with hedge fund insider trading and the use of expert networks. A wave of government prosecutions in this area, most notably in the Galleon case, have raised the profile of insider trading risk and made many investors nervous about whether or not their hedge fund may get caught up in a insider trading sweep. While insider trading is certainly related to the work of the investment side of a hedge fund’s business, most hedge fund investment analysts do not focus on such risks when evaluating the investment merits of a fund.

Additionally, even if they were to attempt to evaluate such risks, it is not likely that they have the legal or compliance background required to do so. This is particularly true for a thorny and complex subject such as insider trading. Indeed many attorneys would likely have a difficult time telling you exactly what constitutes material non-public information. However, investors cannot simply ignore such risks and it is typically left to the operational due diligence function to pick up the slack in this area.

In truth, this presents a problem for many operational due diligence analysts. As outlined above, operational due diligence used to primarily focus on analysing a fund’s back-office operations. This meant that the people who were hired to conduct these reviews traditionally had accounting backgrounds. Operational due diligence evolved into a field that was initially filled with CPAs and people who had been promoted up from the back office.Utilising individuals with such backgrounds certainly made sense when all they were being asked to evaluate was traditional fund operations. Unfortunately, this presents a problem for the modern expanded scope of operational due diligence. Today the scope of these reviews has expanded beyond just fund back-office operations and accounting, into areas such as the legal and compliance problems presented by insider trading. Effectively, the job has changed but the job description hasn’t.

This is not to fault operational due diligence analysts with accounting and operations backgrounds. Just the opposite: such backgrounds are exceedingly helpful when evaluating fund operations. But in the same way that you wouldn’t go talk to your accountant about a lawsuit, it wouldn’t be considered crazy to prefer someone with a legal or compliance background to evaluate legal and compliance risks.

To play devil’s advocate, many operational due diligence professionals may make the argument that over time you can learn what is standard best practice in the industry and then compare a fund’s operations to those standards. Additionally, it could also be argued that operational due diligence analysts with operations and accounting backgrounds could rely on legal resources within the firm to either conduct reviews of legal and compliance risks entirely under a modified modular-style approach, or simply leverage on their functional expertise.1 While such arguments may hold merit, they are not the preferred approaches towards conducting such analysis.

To address this second point in particular, consider such a notion in an investment context. Would you ask a long/short analyst to evaluate a credit fund? What if they consulted with a credit fund specialist before conducting the review? Does that make you feel better? Or instead would you prefer to have someone with deep credit fund expertise conduct the review?

While there may be some mitigation of the risks involved by individuals with accounting or operations personnel having experience or using reference sources, it could also be argued that the nature of such risks is consistently evolving, and employing a multi-disciplinary team of operational due diligence analysts with different backgrounds is simply a better approach to vetting hedge fund operational risks.

Furthermore, non-ODD team members providing guidance or conducting limited scope reviews (i.e., an attorney just reviewing a hedge fund’s legal documents) creates an element of separation in the overall coherence of the ODD process. So for example, a better solution might be to create an operational due diligence team where, alongside an ODD analyst with an accounting background, would be an attorney with a compliance background. While both analysts could cover cross-functional items, having functional dedicated ODD expertise in particular areas would certainly allow for deeper-dive reviews.

Instead, many investors today that maintain in-house operational due diligence functions tend not to build multi-disciplinary teams, despite the multi-disciplinary nature of their review work. Why is this so? The answer lies partly in the fact that the hedge fund industry has not wholeheartedly embraced a solution to this skills disconnect. Don’t believe me? You think large institutional and well resourced investors wouldn’t generally miss the boat. Well just look at the want ads.

If you survey most operational due diligence job advertisements today you will likely come across a description which asks for two different types of people. One type of person is an individual with direct experience having previously performed operational due diligence reviews. However, as we just discussed above, traditionally people with experience in this field come from fund accounting or operations backgrounds. The other group of people are CPAs with audit experience or individuals that have worked in fundoperations or at hedge fund service providers such as administrators. Once again, these backgrounds are perfectly reasonable to evaluate traditional fund operational risks but there are little to no advertisements seeking people with skills in other key areas covered in modern operational due diligence reviews such as legal, compliance or technology backgrounds. This shortsightedness has created a potentially dangerous situation whereby these risks are either completely ignored or simply under-researched by investors during the process, due in part to lack of background in this area by the analysts employed to conduct these evaluations.

The information technology problem
Another area that has experienced significant interest from hedge fund investors is information technology and business continuity and disaster recovery. In part contributing to this area over recent years were US-based terrorism events such as September 11 and natural disasters like Hurricane Sandy.

Information technology is an area that is in some cases is even more opaque then the legal and compliance area. For example, most investors would likely have no idea what a hedge fund’s chief technology officer is talking about if they state that, “We use server image-capturing to reduce downtime restoration.” Now consider asking your accountant or your lawyer to tell you what that means. It doesn’t sound very promising. Yet it would not be uncommon for an operational due diligence analyst who may have no background, training or familiarity with information technology to be asked to not only understand, but evaluate this statement.

Similarly, another area that is often ignored during many operational due diligence reviews relates to information security. Information security encompasses the risks associated with how well a hedge fund protects its information. This information could be about anything ranging from portfolio data and proprietary trading models to the names of its investors.

A common risk control in the information security area relates to the ability of employees to simply plug in a zip drive and download firm data. During an ODD review, one way an analyst can determine how seriously a hedge fund takes protecting its information is to determine if the fund allows such devices or instead if the firm restricts and tracks such attempts. For an ODD analyst unfamiliar with the intricacies of this technology, they may not know what is common or even possible in this regard. By way of demonstration, consider the following theoretical exchange between an ODD analyst and a hedge fund:

ODD analyst: How do you protect firm information?

Hedge fund: We take information control very seriously. Our compliance policies encourage employees to use work computers only for business-related matters and we archive all email in compliance with SEC requirements.

ODD analyst: Do you permit the use of zip drives or other removable media?

Hedge fund: It would be against our policies to use such devices. Also its difficult to do this from a technology perspective.

What the ODD analyst might not know, and what the hedge fund may not properly understand, is that it is both technologically possible and easy to restrict the use of such devices. An ODD analyst unfamiliar with this area, however, is being set up for failure by being asked to evaluate areas with which they do not have familiarity.

Despite these disconnects, it is not common at all for an operational due diligence department to employ on-staff ODD professionals with extensive information technology background. Once again the standard arguments can be made that familiarity with industry practices can yield insights, and there is the ability to leverage in-house technology experts for information. However, these approaches skirt the point that an operational due diligence team with dedicated multi-disciplinary experts will yield a more comprehensive ODD review.

A dated definition stymies changing ODD hiring attitudes
Another contributing factor which has deepened the disconnect between operational due diligence analyst accounting and operations-heavy backgrounds on the one hand and the multi-disciplinary list of items they seek to cover on the other is the industry’s slow acknowledgement and ability to change its perception of operational due diligence. This is a bit ironic, since while operational due diligence departments are being asked to cover more areas from different disciplines in greater detail, they are not afforded with individuals with the background to fully vet such risks. Further perpetuating this problem, is that many in the hedge fund industry still tend to unfortunately equate operational due diligence with fraud detection. In recent years, many historical frauds have had accounting and traditional back office-related components to them, but this doesn’t mean that fund accounting and operational weaknesses were the sole culprits.

While fraud detection is certainly a key component of the operational due diligence review process, it is not its sole component. Instead, the other goals of operational due diligence include a diagnostic element, which seeks to conduct a diagnostic review to actually understand a fund’s operational procedures. ODD goals also include an evaluative element, which seeks to determine not only how a fund conducts its operations, but how this compares to best practices. Additionally, many investors may feel that even if fund accounting and operations were not the culprit for a fraud, they present the biggest non-investment-related risks to investors. Examples of this may be weaknesses in fund accounting controls such as the ability of the fund manager to write themselves a check. However, such a view does not take into account that future frauds cannot be conclusively predictably modelled based on historical frauds. Additionally, this does not consider the increasingly complex non-investment-related environment for funds. One notable example of this is the area of fund compliance. For example, it may be just as risky, if not more risky, for investors if a hedge fund cheats with regards to their trade allocation policy (i.e., the way it allocates trades among multiple funds they may manage), than if the manager were to skim cash from the fund. Certainly neither situation would be acceptable, but the point is that by focusing just on traditional fund operations, and subsequently employing primarily individuals with fund operations expertise to conduct reviews, they are limiting the scope and effectiveness of reviews.

A multi-disciplinary team approach
It is likely that the industry will eventually transition to constructing in-house dedicated ODD teams with individuals from multiple backgrounds to better match the wide variety of items covered during ODD. The problem for hedge fund investors is that it often boils down to a resource constraints problem.

Building a team of qualified individuals from multiple backgrounds can be expensive. Many allocators, such as funds of hedge funds, are increasingly resource-constrained. Instead, a more cost-effective solution is to outsource the operational review to a third-party consultant dedicated to operational due diligence.

Investors should be wary as, just like the old notions of operational due diligence, not all dedicated ODD consultants take multi-disciplinary approaches to ODD or use multi-disciplinary teams. Additionally, some operational due diligence consultants provide investment-related services which can present a conflict of interest. However, independent ODD-focused consultants that employ a multi-disciplinary process can often work in a cost-effective and efficient manner to support the work of internal investment analysts, and even operational due diligence staff. This can lead to comprehensive deep-dive reviews that more fully vet a hedge fund’s underlying operational risks.

Until the hedge fund industry catches up investors will remain at risk. It is essential that employment practices match the multitude of skills required of modern operational due diligence analysts, and that individuals being hired to perform such reviews are capable of performing increasingly complex reviews. Until then, third-party operational due diligence consultants can step in to fill this gap, but ultimately it is the industry that must acknowledge the gap and allocators that must fund it.

Jason Scharfman is the managing partner of Corgentum Consulting, LLC. He is the author of Hedge Fund Operational Due Diligence: Understanding the Risks (John Wiley & Sons 2008) and Private Equity Operational Due Diligence: Tools to Evaluate Liquidity, Valuation and Documentation (John Wiley & Sons 2012).

Corgentum Consulting is a firm that conducts outsourced operational due diligence reviews and background investigations of funds for investors.

Footnotes

1. Scharfman, Jason. Analyzing Operational Due Diligence Frameworks In Fund of Hedge Funds, May 2009