One-Time Due Diligence Not Enough


New York, NY – Recent conversations with buy-side compliance professionals have revealed that while one-time efforts to conduct due diligence of third-party research is a step in the right direction, they are coming to realize that this is not sufficient to mitigate the risk of getting insider information from research providers.

Interesting Feedback from the Buy-Side

Recently, Integrity Research has had conversations with a number of buy-side compliance professionals. One of the interesting pieces of feedback they have revealed is that in internal audits, as well as discussions with current and former regulators, they have been asked about their vendor due diligence procedures, including how they conduct diligence on external research providers.

The good news is that over the past year or two a number of asset managers have implemented various forms of compliance due diligence of external research providers, including having them fill out questionnaires, provide relevant documents, and engage in some direct compliance discussions with the asset managers.

However, most asset managers implemented this due diligence procedure once a year or so ago  – when the fear of getting material non-public information was at its highest.  Only a few managers have committed the resources to continue this compliance due diligence program since on a more regular basis.  Apparently, the efficacy of this one-time approach has been questioned by a number of experts as everyone agrees that continuous surveillance is required due to changes in the business practices of most vendors.

Relevant Issues Arise

Of course, most admit that a number of issues arise when they consider how to implement and manage an ongoing research (or any vendor) compliance due diligence program.  A few of these issues include:

Designing and implementing a program. The first question to arise is how to design and implement a research compliance due diligence program.  Most money managers have created basic questionnaires they send out to all of their research providers.  Some also request that their providers send them specific compliance documents they feel are important.  A few complement these requests with actual discussions with compliance staff at the research firms.  In addition, asset managers need to make commercial decisions about whether these programs are mandatory for all their providers.  A few money managers we have spoken with have actually told their research providers that they cannot get paid unless they complete the due diligence process to their satisfaction.  One big issue associated with implementing a compliance due diligence program is how best to analyze the information received in order to make decisions about whether the use of certain research providers increases the risk that the buy-side clients might obtain confidential or material nonpublic information.

Managing an ongoing program. Developing a compliance due diligence process for external research providers that an investor implements once, while time consuming, is relatively straight forward and can be done in a manual fashion.  Implementing such a program on an ongoing basis, is much more complex as the asset manager needs to address issues like frequency of update, scheduling and managing those updates, data management, analyzing the data, etc.  A few hedge funds and long-only  managers have decided that the best way to manage an ongoing compliance due diligence system for third-party research providers requires a due diligence work-flow management system due to the number of providers involved and the complexity of managing all the various tasks.  These firms have either built these systems internally, or else they have worked with third-parties to build such systems.

Supporting the program. Of course, you cannot consider either building or buying a compliance due diligence system without counting the cost and resources required to support and maintain that system.  This includes the risk associated of managing and keeping the staff that have either built and/or support the system.

Getting research provider cooperation. Another major issue is getting the cooperation of the research providers.  It is not too much to ask your research providers to participate in this type of compliance due diligence program if there are only a few clients requesting involvement.  However, if there are hundreds or even thousands of asset managers who want their providers to participate, this could create a huge burden on the research providers.  This problem gets larger depending on the frequency that clients want their providers to undergo this due diligence.


A few years ago, a number of hedge funds and mutual funds implemented due diligence programs to better understand the compliance risks associated with the third-party research providers they used.  This led many money managers to either mandate that their providers sign various legal attestations, or in some cases, it prompted money managers to actually fire research providers they considered to be high risk.

However, few asset managers thought of this issue as an ongoing one which would require continuous monitoring and surveillance.  Today, a growing number of institutional investors are being questioned by auditors or regulators about their due diligence efforts and are finding them lacking due to their one-time nature.  This is prompting a number of money managers to rethink how best to design and implement an ongoing compliance due diligence program for third-party research providers they can effectively manage and that will contribute to their overall risk management efforts.

If you are interested in discussing how to develop or implement an ongoing compliance due diligence process for your third-party research providers, contact Michael Mayhew at (646) 786-6859 or e-mail me at



About Author

Leave A Reply