The Investor Due Diligence Process Is Evolving
The due diligence process that funds now face is evolving. Traditionally a fund would feel that it had covered all bases by providing a one-page summary of performance; a pitchbook (usually a PowerPoint presentation) that describes the firm, its investment strategy, principals, performance and terms of the investment; offering memorandum; subscription documents; and a due diligence questionnaire(DDQ). Investors have become more IT savvy and now funds can expect to be quizzed on technology infrastructure and IT security.
Not long ago an asset manager would not expect to be answering questions about the fund’s technology infrastructure or IT security. But today many funds provide a DDQ dedicated to providing information regarding their whole IT operations and provide annual reports to clients also. Investors expect world class operations across all aspects of a fund’s business. They have a greater understanding of technology and therefore ask more probing questions and 25% of investors will not invest if they discover IT deficiencies.
Showcasing a fund’s technology infrastructure can also be a way of standing out from the crowd. Highlighting your operational prowess may give you an advantage over your less up to date peers in raising capital.
Funds need to be prepared to face a wide range of technology based questions.
How does your fund stand up to these IT questions that you will face sooner or later?
1. At what frequency are security audits of the fund’s IT infrastructure performed and what specific tests are run?
2. Does the fund handle IT in-house or outsource to a third party?
3. Who drives the IT strategy and how often is it evaluated?
4. How is the current environment set up?
5. Has there been any issues in the last 12 months?
6. Does the fund have a formal documented IT security policy?
Investors are also enquiring about network and communications infrastructure:
1. How do employees access systems?
2. How are electronic communications to third parties controlled?
3. How does the fund communicate internally and externally?
4. What are the access control protocols?
5. Are there logs kept of who accessed systems and when they accessed?
6. How do you safeguard this environment?
7. Are there disaster recovery systems in place?
Investors want to see that the fund is being led in a thoughtful manner. The new investor expects high operational calibre across the board, they want stability and security. IT deficiency can prevent capital allocations. The due diligence process is evolving, be prepared.