Due diligence in essence is an investigation into an entity. The investigation looks at the business, legal and financial position of the entity. A due diligence framework allows for an organisation to benchmark their criteria and process, when considering doing business with a particular service provider, to provide consistency and reduced risk for investment purposes.
Due diligence is not unique to this application, it is used for many reasons and across many industries. Most notably for mergers and acquisitions. Therefore it is a generic term that is used when doing an investigation into an entity that you envisage doing business with. In essence your due diligence will form part of your risk management process and should also be noted in your investment policy statement. Like with assessing any risk one needs to determine if it is high, medium or low.
A due diligence framework can be divided into distinct areas, these include (but is by no means limited to):
- Financials and financial trading history
- Operational (management, marketing, IT)
These can be elaborated on or tailored based on industry specifics.
Conducting of the due diligence
This stage occurs once the potential third parties have been identified and the level of risk of the third-party business relationship is assessed. The process for conducting a due diligence may vary from organisation to organisation. This document will look into one specific approach, namely the creation of a questionnaire that potential service providers should answer.
Prior to the questionnaire phase one can do some desktop research on the service provider. This is in essence the data collection stage. Once the data has been collected, it needs to be verified, and that is the reason for the questionnaire. This is then followed by an evaluation of the results of the questionnaire, including the identification of red flags.
1. Data Collection
This could be as simple as an internet search. Part of this search could include a visit to the FSB website to ascertain if the entity does in fact hold the requisite licences, the website however can be outdated. This can be followed with a CIPC search. The general rule would be to try to obtain as much public information as possible, including financial
statements. Further a general search should identify if there have been any transgressions committed by the third party that is public knowledge.
You can have both an internal and external questionnaire. The internal questionnaire is to be completed by the business unit/individual who is looking at hiring the third party. The external questionnaire is to be completed by the candidate third party. The internal questionnaire is in essence the bulk of the due diligence report done by the organisation. The information contained in the external questionnaire informs the content for the internal questionnaire and should therefore be done first.
The following are examples of questions that should be asked:
- The third party needs to confirm full details, company registration number (if applicable), FAIS licensing details, contact details, address, contact person and authorisation for that person to be acting in the capacity in which they represent the organisation.
- Is your organisation publicly listed?
- Do you manage South African investments only?
- How do you ensure adherence with the Protection of Personal Information Act, Financial Advisory and Intermediary Services Act and subordinate legislation, Financial Intelligence Centre Act (FICA), TCF and any other applicable legislation?
- Who, from your organisation, will be working with our organisation?
- List all previous or current relationships with our organisation and the period of the relationship.
- Please provide us with copies of your last three audited financial statements.
- What are your organisations strengths?
- Have you or any key employees, directors or senior management of your organisation ever
been convicted of a crime in South Africa or any other country? Are there any legal
proceedings pending? If so, please provide more details. Has there been any judgment
issued against you or any of the aforementioned individuals?
The following are examples of questions that should be asked:
- Is the third party financially suitable?
- How did you come to know of the third party?
- What other parties were considered as candidates?
- Why was the third party chosen?
- Is there any potential conflict of interest that should be disclosed?
- Did you find any red flags? If, yes, please note and the result of the investigation into the matter.
- Is the third party related to you or any other individual in your organisation?
- Do you, or an individual in the organisation, have a personal relationship with the third party or anybody employed by the third party?
- Has the third party refused to provide any to the organisation that might have been necessary to complete this questionnaire?
- Have you interviewed the third party to discuss the responses to the data collection questionnaires to fill in gaps or inconsistencies? If yes, have you prepared a summary of the interview with the third party and the inspection of their facilities?
If a glaring inconsistency is discovered you may need to rope in the assistance of a subject matter
Once the data is collected and verified, a decision will need to be taken regarding whether or not to do business with the third party. Depending on the size of the organisation, this could be as simple as the key individual making a decision or it could be multi-faceted. A clear system of approval should be identified, for example a decision may have to be made in consultation with the organisations compliance department, risk manager and/or other relevant divisions in accordance with the organisations policies and procedures.
Having a robust due diligence process not only protects client monies but also informs an FSP’s risk management policy and mitigates financial and reputational risks. It is beneficial to have a person in the organisation devoted to doing due diligence and communicating the outcomes to the financial advisors in a summarised format, or alternatively, to employ a company specialising in Due Diligence. Due diligence is an ongoing endeavour and therefore data must be updated consistently. Your due diligence on a particular investment should be shown to the client prior to the money being invested, this interaction should be minuted in the record of advice.