key: cord-0950556-fuus2wef authors: Scharfman, Jason title: Developing a Framework for Investor Analysis of Hedge Fund Governance date: 2014-10-31 journal: Hedge Fund Governance DOI: 10.1016/b978-0-12-801412-7.00006-3 sha: b5c0843b084c7a10e21746972ba69c891dec2ad5 doc_id: 950556 cord_uid: fuus2wef This chapter provides an investor framework for analyzing hedge fund governance. It discusses the relationship between the increased focus on operational due diligence and governance. The efforts of institutional investors such as the California Public Employees’ Retirement System (“CalPERS”) in promoting governance analysis are discussed. This chapter also outlines techniques for performing due diligence on fund directors including interview techniques and background investigations. Other topics covered in this chapter include the relationship of separately managed accounts with investor governance analysis and governance considerations for investor financial statement analysis. Investor interest in analyzing hedge fund governance has gained steam in recent years. In large part, this is due to an increased focus on due diligence factors not purely related to a fund's investments. This type of analysis is commonly referred to as operational due diligence (ODD). We have introduced the concept of ODD earlier in this book. For reference, ODD typically refers to a review of the noninvestment-related risks inherent in hedge fund investing. This book, however, is not about ODD, so why are we talking about the subject to begin with? Well, as we have also mentioned in previous chapters, analyzing hedge fund governance typically falls within the purview of ODD reviews. This does not mean, by the way, that if you are an ultra-high-net-worth investor, family office, or even midsized hedge fund allocator without a dedicated ODD department, you should stop reading. Instead, rather than having a dedicated person or group review governance, you probably should incorporate a review of governance-related factors into your existing review process that covers these non-purely investment-related items. In fact, by incorporating a review of those governance factors more closely aligned to your overall due diligence process, you are actually more likely to be better positioned than some larger, well-heeled allocators with more resources. This is because governance, while generally thought to be primarily focused on operational issues, also involves the investment-related aspects of a fund's portfolio. We will highlight some of these issues in this chapter. This is not to say that by having ODD groups coordinate governance reviews, we are missing something. Rather it is to imply that, because governance is an area that cuts across both the investment and operational aspects of a firm, ODD groups should be engaged with investment personnel in analyzing governance. By taking a review approach that classifies different pieces of information into silos, a less than complete assessment of governance can often result. As an aside, this is also true when reviewing the operational risks in place at a hedge fund. Even though certain issues are primarily operational in nature, engaging in discussions with investment due diligence personnel, or considering both issues side-by-side in smaller allocators that do not have dedicated ODD groups, often leads to a more informed assessment of risks. So where should investors begin in seeking to analyze fund governance? As we have noted earlier in this text, as investors have sought to analyze fund governance, many have fallen into the mindset that analyzing governance simply requires focusing squarely on fund boards and their directors. There has been growing acceptance, however, that hedge fund governance constitutes more than just the fund directors. If you've been reading the chapters of this book in order, hopefully we have convinced you of this by now and shown that governance includes every different aspect of the hedge fund life cycle including regulators, service providers, and, of course, the hedge funds themselves. This doesn't mean investors should ignore the directors when seeking to evaluate governance, but, clearly, they need to consider other factors as well. At this point you might be thinking to yourself, "If governance is so similar to ODD, then can't I just conduct an ODD review and call it a day?" That's certainly a fair question. What if we were to rephrase it a bit? Said another way, does a fund with strong internal operational controls (i.e., low operational risk in certain areas) automatically have strong governance (i.e., low governance risk)? The crux of both questions is the same: does low operational risk equal good governance? Certainly, as we've outlined earlier in the book, the two areas are not identically equivalent, but aren't they similar enough, and with sufficient overlap in both areas? After all, based on the sometimes difficult to pin down definition of governance in practice, isn't it impractical to attempt to tease governance out of ODD reviews? Such a question, however, may frame the issue incorrectly. Governance is perhaps best thought of as an overlay to operational risk rather than being contained within it. As the focus of this chapter is on practical application of governance analysis at hedge funds, let's return to the original question of whether an ODD review is sufficient to cover governance. Let's attempt to answer this by way of example. Consider three hedge funds. One that self-administers, and two that use a third-party administrator. Of the two that utilize third-party administrators, one fund completely outsources the function to the administrator. The other one conducts a full internal shadow review of the administrator's work. Which one has better governance? To start off, it certainly couldn't be the self-administered one. That's not best practice, right? Ok, let's go with that assumption for now. Moving on, let's look at the other two. The one that utilizes a third-party administrator is following what today is considered standard operating procedure. That is, it is in line with the majority of the practices in the market. We're simply not looking for average here; we want the best practice governance. Well then, it must be the one with the most oversight. That is the fund that not only uses a third-party administrator in line with normal market practice but also goes beyond this by shadowing the work of the administrator internally. More oversight and more controls imply better governance. All done? Not quite. First, one issue we didn't address was the operational strength of each hedge fund in our example. The fund that self-administers could have an army of highly qualified and experienced operations and accounting personnel dedicated to the job. On the other hand, the two that use third-party administrators could have had multiple historical net asset value ("NAV") restatements, extensive delays in producing investor statements, and junior personnel on the account with high team turnover. Or alternatively, the situation could be reversed and the selfadministered fund may have much weaker operations as compared with the third-party-administered fund. We are by no means attempting to espouse the benefits of self-administration. On the contrary, as we have outlined above, selfadministration rationally implies poor governance. Here instead, we are focusing on an assessment of the operational practices in place. Returning to our example, you see then how a fund with seemingly strong operational procedures could have a poor governance structure in place and vice versa. Yes, there are traditionally correlations between strong operational practices and good governance. Such relationships, however, are backward looking in nature. They also present a dangerous precedent that may lead many investors down the wrong path. While some comfort may be taken that strong operations imply good governance, such implications are by no means iron clad. As we have suggested throughout this book, it is the responsibility of investors, or those who manage capital on their behalf, to conduct detailed due diligence assessments of managers. All hedge funds are not created equal. The unique particularities of each fund's operations and governance frameworks must be analyzed before an assessment may be made. Without such detailed reviews there is a real danger of thoroughly investigating one aspect of the relationship, such as fund operations, and failing to analyze the remaining aspects under consideration (i.e., fund governance). It is also worth noting that our example above is time dependent. By this we mean that certain operational practices that were considered common at one time are no longer, in large part, considered acceptable. The classic example of this is hedge fund administration. In the early days of the hedge fund industry, it was not uncommon for a hedge fund to conduct their own administration (i.e., self-administer). In fact, there were only a handful of funds that utilized third-party administrators. Fast forward to today, and the situation is completely reversed with the majority of hedge funds using third-party administrators. In certain cases, hedge funds have taken to using double administration models, where effectively one administrator checks the work of another. One widely reported use of such a model was the case of a large hedge fund named Bridgewater Associates, LP who hired one administrator, Northern Trust, to independently replicate and back up certain middle-and back-office services provided by existing administrator BNY Mellon (Clancy, 2013) . Such double administration relationships are not the norm today in the hedge fund industry, but who knows; as investor scrutiny on fund operations increases, perhaps they will become more popular. Couldn't the question be posed, however, that such double administration relationships, now that they are being used, may rightly be considered the new best practice? As compared with other hedge funds, do those without double administration models have less oversight and therefore, by implication, worse governance? After all, not speaking specifically about any manager, would not such increased double administrator oversight suggest enhanced oversight that implies better governance? As you may have guessed by now, the answer depends, of course, on the implementation of such oversight and control throughout the firm. Just as we have outlined in Chapter 5, as well as through our discussion above, the fact that a mere committee is in place or that a third-party administration is in place does not, in and of itself, guarantee that good governance is in place. Only by learning the facts of each relationship and governance practice can you make any sort of informed assessment of the situation. The point of this single versus double administrator example is to show that, like the definition of best practice operations, the definition of governance is a moving target that evolves over time. In Chapter 12 we will outline some industry trends and comment on future progressions in this area. In the meantime, let's turn our focus back on the discussion of how investors can go about assessing governance. Before outlining some key considerations in this area, it may be useful to analyze some existing investor governance assessment models. As it relates to investments in general, large, influential institutional investors have led the charge in increasing the focus on and broadening the definition of governance best practices. From a traditional corporate governance perspective, many of these large institutions have, over the last decade, increased their focus on corporate governance practices at the companies in which they invest. One of the leaders in this area has been the California Public Employees' Retirement System ("CalPERS"). Examples of proposals in their work have included the publication of Global Principles of Accountable Corporate Governance (CalPERS, 2011) and the 3D plan for a so-called Diverse Director Database to better empower shareholder's use of proxy rules, under proxy access plans, to better control the membership of corporate boards (Chon, 2010) . This focus on traditional corporate governance has also flowed through to investments made by groups such as CalPERS into their investments with fund managers, including hedge funds. In 2009, for example, the group that coordinated the hedge fund investing activities at CalPERS issued a memorandum on this subject. Specifically, in the memorandum CalPERS outlined three primary governance areas that it felt were in need of improvement in the hedge fund industry: alignment of interests, control of investments, and transparency of information and risks (Silberstein and Dandurand, 2009) . Although over five years old, this type of effort is a good example of the linkage between traditional corporate governance notions and hedge funds, as well as of a broadening of the definition of governance beyond that of simply the directors. Interestingly, perhaps showing how investor attitudes have changed in this area, the guidance itself doesn't even mention hedge fund directors. The key areas of the memo with their associated subareas of governance concern and CalPERS guidance are outlined in Exhibit 6.1. Primary area of governance concern Subarea of governance concern Related issues CalPERS governance recommendations/ requirements Are proposals such as this too pedantic to be meaningful? In practice, some may consider some of these recommendations to be rote didactic lecturing and may not be fully practical for every investor or fund. On the other hand, such assessments can often contain useful guidance for investors both big and small, with different parts of the recommendations being applicable in different ways. For example, let us consider the issue of separately managed accounts. It is generally thought that separately managed accounts offer increased transparency and investor control as compared with pooled funds. Therefore, some may consider them to be more beneficial from a governance perspective and certainly preferred to pooled vehicles. From the perspective of a hedge fund, it is more operationally intensive, and therefore expensive, for hedge funds to offer separately managed accounts. That is why most hedge funds require large Primary area of governance concern Subarea of governance concern Related issues CalPERS governance recommendations/ requirements minimum subscription levels for such accounts at levels that are typically drastically above the subscription minimums required for investments into pooled vehicles that are already up and running. The reasons for increased expense are, as noted above, the same reasons that many investors would ideally prefer such accounts from a governance perspective. That is, their segregation, and often enhanced investor oversight and involvement, comes at the price of having to run what is sometimes referred to as a fund of one. In some cases, this includes dealing with investor-designated service providers such as custodians, which may be different than those that the hedge fund manager deals with for their other vehicles. There are of course the expenses associated with other standard operational procedures to account for, the separate account trades such as execution, settlement, and reconciliation. The fund also has to produce separate investor reports and statements for the fund. If you are a large institutional investor such as CalPERS, you are writing large enough checks to hedge funds that they are generally willing to bend over backwards, and would likely pay some or all of the extra expense of creating these separate accounts, because the fees earned on the large allocation greatly offsets the associated expenses. For the smaller hedge fund investors, however, separate accounts are not necessarily an option, and, therefore, if they want to invest in the fund, they have to go invest in a shared pool of capital and sit alongside other investors. This doesn't mean, of course, that they cannot perform a governance evaluation. As we have outlined throughout this book, they are certainly capable of doing this. To digress for a brief moment, this is a good time to highlight the point that certain hedge fund investors, particularly smaller ones, when discussing governance analysis may take a perfectly logical perspective along these lines: Look, this is great, and I'm all for better fund governance, but I'm not writing $100 million allocation tickets like some of these large institutional investors. I could do the best governance analysis in the world and come up with great recommendations that would benefit not only myself but all the funds investors, and the hedge fund itself. The problem is, they wouldn't listen to me, or even if they do listen they won't make any changes because they don't have to. If they are a functioning hedge fund, why would they rock the boat with new governance initiatives their larger investors aren't demanding? Also, implementing those changes will likely take time and money, wouldn't it? Finally, can't I just solve my whole governance problem by investing in large established hedge funds? By default, they must be operating at best practice in multiple areas including governance. If they weren't, why would they have so much in assets under management? These are certainly valid arguments and are common questions and perceptions among many smaller investors and allocation groups. Let's consider some responses to these objections. First, whether you are writing a large or small check, you have the right, if not the obligation, to ask certain questions, including those about governance, and get answers. Second, as an investor, you also have the right to have the hedge fund listen to your feedback and expect reasonable process changes to be made along a reasonable timeline. We will address this in more detail below. Third, it is naive to think that institutional investors are necessary conducting adequate due diligence in all areas. While not usual, it is certainly not unheard of for mistakes to be found in the audited financial statements of funds that larger investors, and the funds themselves, didn't notice. Also, since you likely have little to no insight into what level of due diligence these larger allocators are performing, isn't it a bit unreasonable to blindly rely on them? Finally, simply because a hedge fund has been in business for a while or has a large number of assets under management doesn't mean that it's operating in line with best practices. Sometimes some of the largest funds are the ones that are the last bastions of inertia, clinging to antiquated practices and technology. A good example of this is a speech from the 1991 movie, which was based on a play, called Other People's Money. A character in that movie, Larry the Liquidator, is a corporate raider seeking to convince the shareholders of a company, New England Cable and Wireless, about the dangers of holding on too tightly to old practices. The character cites the following example: "You know, at one time there must've been dozens of companies making buggy whips. And I'll bet the last company around was the one that made the best goddamn buggy whip you ever saw. Now how would you have liked to have been a stockholder in that company?" And it makes a good point. The world changes and sometimes hedge funds have to overcome their stubbornness and adapt. Some of the last holdouts with the self-administration issues discussed above were some of the biggest hedge funds. Were these shrewd businessmen not jumping on the bandwagon of the latest operational trend, or were they not promoting best practice governance for investors through their reluctance to change? Returning to our separate account example, it is not meant to imply that these smaller investors should strive for any less transparency than might be found in a separate account. On the contrary, these are admirable goals. The problem, of course, is that they have less leverage to force such changes because, to state it plainly, they're simply not big enough and many hedge funds feel that their bark is louder than the pain of their bite if they were to redeem. Of course, it doesn't mean such investors should simply throw their hands up in frustration either. It should also be noted that toward the end of the above-referenced memo, CalPERS outlines the caveat that there is no "one-size-fits-all" approach to implementing these changes. This perhaps demonstrates clearly that the implementation of governance improvements at hedge funds is less prescriptive than it is flexible in its implementation. That is, as long as it complies with the spirit and economics of their goals. Indeed, not everyone took the proverbial governance bait, and some of the high-flying hedge fund managers at the time were not interested in kowtowing to the CalPERS governance concession program as it were (Williamson, 2009) . Institutional investors such as CalPERS have increasingly taken these governance standards more seriously. While on the surface the motivation may ostensibly be to promote better governance in hedge funds, large hedge fund losses during the 2008 financial crisis were definitely motivating factors for these investors to make some changes in the way they did business. It may also have been the case that institutional investors didn't like the fact that they, during and after the 2008 crisis, couldn't redeem their capital timely because many hedge funds instituted what are known as gates. For reference, gates are effectively limitations on how much capital investors can withdraw from funds. In general, the effect of gates is to slow the flow of redemptions out of a fund and space them out over time, in some cases a year or more. Other sore points of contention that may have led to some bad blood between hedge funds and these large investors around 2008 was that certain funds side-pocketed certain investments that also effectively locked up the capital. Hedge funds were perfectly within their rights to take such measures, but many large institutional investors, particularly because of the size of their allocations and length of relationship with certain managers, didn't think it would ever happen. Some groups, such as CalPERS, reacted to measures such as gates and side pockets by eventually redeeming from hedge funds once they could (Tunick, 2009 ). Whether it was because of a true desire to improve hedge fund governance, or instead use governance as a shield to hide the bit of egg on their face for selecting losing hedge fund managers, is up to you to decide. Not to single out CalPERS, but often times, as we outlined in Chapter 2 when discussing criticisms of directors, it is easiest for those who live in glass houses to throw stones. While such recommendations by institutional investors such as CalPERS, one of the former largest hedge fund investors in the world, have likely done much to advance the cause of better governance for all, CalPERS itself has had some governance failures over the years. These include reports that Kurt Silberstein, one of the authors of the above-referenced governance memo, was forced to forfeit 10% of his salary for six months and was placed on brief administrative leave as a result of alleged revelations that CalPERS had been using two outside advisors, UBS and Paamco, without a contract for several years (Harper and Lifsher, 2009) . Perhaps more famous were allegations of improprieties related to the use of placement agents. In particular were allegations that CalPERS CEO, Federico R. Buenrostro, and his friend, a former Los Angeles Deputy Mayor and CalPERS board member, were involved in a conspiracy that resulted in millions of dollars in placement that were inappropriately earned and not appropriately disclosed (U.S. Securities and Exchange Commission, 2012). I'm sure that pensioners who have been victims of such poor governance practices would likely have some governance prescriptions for investors such as CalPERS as well. This is not to single out CalPERS by any means, but rather to demonstrate that sometimes it is important for investors to practice what they preach and institute governance best practices not just at the funds in which they invest but also at their own organizations. Often this may result in a renewed focus and enhanced due diligence on governance at the fund level as well. By the way, in an attempt to bring the story to an end, it was reported in late 2014 that Mr. Buenrostro himself had entered into a plea deal to cooperate with the investigation (Lifsher, 2014) . Additionally, seeming not to get over the bad taste left in their mouth by hedge funds, in September of 2014 CalPERS announced that they planned to eliminate all $4 billion of their hedge fund investments over the following year. Despite the pros and cons of any proposals by large institutional investors, we can all likely agree that such discussions do increase the focus and debate surrounding hedge fund governance. This has, as we noted above, increased investor's focus on analyzing the issue. Before we begin developing a governance evaluation plan for investors, it is first useful to frame our discussion with a backdrop of a typical hedge fund's general operations. Putting any discussions of governance aside for a moment, we can broadly classify the activities that take place in a hedge fund as falling into one of two camps. The first group of hedge fund actions involves the core functions of what a hedge fund is supposed to do-make money. These investment-related activities can include things such as the research process, the firm's investment process, and buy and sell disciplines. The other category of hedge fund activities is to actually make the business function. Hedge funds are more than just prop trading desks. Instead they are businesses. Just like any other business, be it a hedge fund or a McDonalds, they have employees, offices, lawyers, accountants, insurance, and a long list of other things you would associate with a business. Where hedge fund business operations differ from say, a McDonalds, is that in order to perform their investment operations they also need specific operational support. This can include items such as the hiring and managing of prime brokers and trading counterparties to actually execute trades, custodians to hold the securities, and fund accountants to, among other things, keep track of the securities traded and specialized technology to support the trading process. As we have previously outlined, a governance evaluation should incorporate not only reviews of investment activities of funds but their operational activities as well. As part of this governance analysis, investors should be careful not to silo such areas but rather analyze the way the shared governance aspects of these funds interact. For example, if a hedge fund, as part of its investment trading strategy, works with multiple investment counterparties, is the operational side of the house providing adequate oversight of these counterparties? Through these types of shared examples, investors will produce more complete governance evaluations as opposed to simply investment or operational governance reviews. So far in this chapter we have provided an overview of the relationship between operational risk and governance. We have also provided some perspective on historical institutional investor attitudes toward investor governance evaluations as well as some considerations for smaller allocators when seeking to evaluate governance. In this section we will outline where the rubber hits the road so to speak, actually conducting a governance review of a fund. One of the first questions to consider, however, is what standards should we apply? What exactly do we mean by governance evaluation standards? To clarify what we are talking about here, we are referring to the evaluation standard or benchmark against which we are comparing the hedge fund under review. For example, should a multibillion dollar hedge fund be compared with the same governance standards as a $100 million fund? What about comparing a fund in Hong Kong with one in New York or London; should the same governance standards be applied? Should factors such as asset size or regional considerations matter? There are two schools of thought on the subject. One takes a hard-line approach and says that all hedge funds should be judged on the same best practice standard. Frankly, the thinking goes, it's not the investor's problem that a hedge fund can't implement best practice. The second school of thought argues that "best practice" is actually a bit more of a flexible term. This thinking considers that, while there is certainly an absolute or universal standard of best practice, there are also subclasses of best practice that are appropriate in different situations. Examples of these different situations would be for funds of different asset sizes or in different regions. The point of this line of thinking is not to give these funds a free pass, but rather to acknowledge the practicalities of the situations. In many cases, it is not economical for funds to implement certain governance protocols. In other cases, the governance oversight changes that may be considered applicable from a universal best practice approach aren't expensive to implement but they are simply not appropriate for a firm of smaller sizes. For reference we will provide an analysis of such a case in our example of a business continuity plan discussed later in this chapter. When reviewing the following information in this chapter regarding governance evaluation, it is worth nothing that, depending on which school of thought you subscribe to, the actual assessment of how well a hedge fund stacks up from a governance perspective could be up for debate in certain instances. So where to begin in analyzing governance? The chances are that you've already begun. By this we mean that, as we highlighted earlier in this chapter, often the raw data that facilitate a governance assessment come from the operational and investment due diligence review processes. Once again, the goal of our discussion here is not to provide details on how to conduct ODD or investment due diligence reviews; rather it is to highlight how to evaluate governance. Due to the interrelated nature of governance, the best way to proceed with beginning a governance assessment is to focus on examples of investment and operational procedures and data. In our discussion of these items, we will highlight how governance can be assessed as an overlay in each area. "Wait a minute!" you may be thinking. "What a cop out, isn't this a bit of a circular reference argument?" Isn't that like saying we will evaluate governance "holistically" by evaluating the components that make up governance? You may feel that this does you little good in the real world. While I empathize with your frustration, this is, for better or worse, the way governance should be evaluated. It's not likely, for example, that hedge funds employ Chief Governance Officers whom you can just interview. Instead governance is simply one of those interdisciplinary areas that touches on many parts of the firm. Therefore, to thoroughly review governance you have to review these other areas by association and then analyze the quality of the governance oversight and control environment overlaid upon them. Ok, I know you're unhappy with my answer. Let me try and make it up to you. Would it be better if I told you that I reviewed the entire universe of hedge funds and developed a cheat sheet of governance best practices? Would you like me to tell you I've boiled this down into a governance due diligence questionnaire you could just ask every hedge fund you review to fill out? That way, if they do poorly on the questionnaire, then you know they have bad governance. Since I feel so badly about my conduct earlier, what if I take it a step further for you? Remember I said I evaluated every hedge fund ever. Ok, now assume that when I did these reviews, I used my proprietary black box governance scoring system and assigned a governance risk assessment to every fund. They have either "good governance" or "bad governance"-et voilà, Bob's your uncle. See, you wouldn't have to do any work at all! Is this too simple? Ok, let's say I get technical about it and on a scale from 0 to 10, I rate the governance in place at each fund. This seems more precise. Let's say I even have a predetermined set of categories such as "control environment" or "director capacity constraints" and I further assign more detailed ratings across each category. Sure, I could bundle it all together under a governance assessment system. You trust that I'm doing detailed due diligence, and I'm assigning what seem to be somewhat intricate ratings. Do you feel better now? We're not trying to be facetious. Seeking to apply such ratings and detail in governance assessments is not necessary a bad thing. In many cases, however, such approaches can oversimplify the issue. While making everyone feel better, this type of analysis often does not get to the heart of the issue. That said, let's discuss some practical ways that you can begin to conduct your own assessment. Once again, this list is by no means comprehensive. Rather our discussion will highlight the interrelated nature of governance to investment and operational factors through examples. You can certainly select a whole host of other factors that we have not addressed and analyze the governance frameworks in place in those areas as well. If you've been reading this book in order, by now you're likely sick of directors. Love them or hate them, we've talked about them a lot. With good reason, of course, as they are not only a critical cog in the overall governance gearbox but also an area of increased investor governance focus. As such, we would be remiss in this chapter not to discuss some of the additional considerations investors should consider when evaluating governance. There is an old joke about a patient who goes to visit a doctor. The story goes something like this. There is a man waiting in the doctor's office. The doctor comes in and before the man can even speak the doctor starts to examine him. The doctor continues his examination without asking any questions or asking what the matter is. Several times the man attempts to interrupt the doctor but the doctor asks the man to be quiet. Finally the man stands up, the doctor and states that he isn't even the patient; it's his wife who is parking the car that is sick. This story is a good analogy for analyzing the role of the board of directors. Sometimes investors are so quick to dismiss directors that they may not even review who they are, much less actually engage with them. Many investors would be surprised to find out what they might learn from directors if they actually asked. Still others, just like the doctor in our story, are so sure of themselves and of what questions they need to ask directors that they forget to take a step back and actually listen to what directors may have to say. Of course, the same is true of many other elements of analyzing fund governance. Many investors simply do not think that certain factors are important or risky and simply minimize them. Others may not realize the full extent of the information they could obtain from hedge funds and their service providers during the due diligence and governance analysis processes if only they would ask. Directors are not immovable. Hedge funds may indeed fire and hire directors. In certain cases, the change is often made because the surviving directors view the new director to be an upgrade over the previous one. In more recent times, this has been the case when investors have increasingly focused on legacy directors and raised questions concerning a number of factors that we previously discussed in this book ranging from capacity considerations to general qualifications and level of support staff. Obviously, directors may, in certain instances, resign from a fund. In previous chapters we outlined the prevalence of such situations surrounding the aftermath of the 2008 financial crisis. Investors, when seeking to analyze directors, tend to focus on the here and now. That is to say, their focus is on the current board of the fund that they are investing with today. Sometimes, however, it may be useful to look backwards with regards to the historical makeup of the board. In certain instances, such as when the opportunity is taken to upgrade, board turnover can be a good thing. In other cases, the reason a director was fired may be for other reasons. For example, let's say a director decided to ask a number of questions and demand a great deal of information from the fund. Such inquiries may have indeed been merited based on practices or decisions made at the fund. As we outlined in other chapters, some funds may not have been overly interested in what directors have to say. Instead they just want them to collect a check and sit quiet. As such, hedge funds may have decided to terminate these noisy directors in favor of others who know how to fall in line. Most investors would likely be quite interested to know about situations such as these. The problem is that the hedge fund will not likely volunteer such information. So what's to be done? Well, to start off, an investor can inquire directly about fund director turnover. If indeed there has been any historical turnover, then the next question should be: why? Furthermore, when directors get let go under contentious circumstances such as those described above, it can often present an opportunity for investors to gain further insight as to the governance practices at play. In certain instances these former directors may be willing to have off-the-record conversations with you. They are, of course, precluded from discussing the specifics of any particular fund relationships, but they could discuss generalities that may give you a sense of what kind of directors they are. For example, how many funds have they been associated with besides the one in question that terminated them? What other kinds of hedge fund boards do they serve on? If they had never been fired from anywhere else and they serve on the boards of large funds, perhaps this suggests that it might have had more to do with the fund itself than the hedge fund may have let on. To play devil's advocate, could it be that this person is a bad director, and is simply popular because they don't rock the boat and the hedge fund did the right thing by terminating them? As an investor seeking to evaluate the governance implications, you really can't get a sense of such issues unless you put in the time to ask the questions from a due diligence perspective. Investor-performed background investigations on key fund personnel have become increasingly popular in recent years. The reasons for this are obvious. With the deluge of hedge fund frauds, nobody wants to invest with a criminal. Beyond that, of course, there are numerous stories of multiple issues arising including overexaggeration of credentials, claims of degrees never earned, unreported arrests, and undisclosed lawsuits. It should also be noted that, in order to cast a broader net in this area, many investors increasingly perform investigations not only on key individuals but on fund management companies as well. Depending on a number of factors including the number of jurisdictions, the individual under investigation has lived in, and the scope of the investigation, background investigations can appear to be quite expensive. Often times, investors are increasingly penny wise and pound foolish in this area. If you're making a multimillion dollar investment, is a few thousand dollars too much to spend to cover your bases in this area? Some may argue yes, while others say no. Additionally, there are considerations as to which individuals to investigate. There are a number of models in this area such as those individuals who have equity ownership in the firm, those with the ability to move cash, or those with the ability to execute trades (Scharfman, 2008) . Due to the increasing focus on governance and the board of directors, it has slowly become popular among investors to run background checks on fund directors. The question could be asked as to why directors get this special attention. After all, as we have highlighted earlier in this book, aren't administrators equally important from a governance perspective? One of the reasons directors may be singled out is because of the ostensibly more personal nature of directorships. When a hedge fund hires an administrator, they are hiring a firm. On the other hand, when a hedge fund hires a director, it often is based more on the personal relationship with a particular director. As we know by now, however, this is not necessarily the case as the director is often supported by associate directors and may not even be the one attending the fund's meetings. Nonetheless, the fiction is that a single director fills the role and, as such, they frequently are the ones who receive additional scrutiny from a background investigation perspective. This is not to say that investors should just pass on performing background investigations on directors because of this arrangement. Nor should they necessarily seek to perform checks on all the associate directors. Rather, here we are just highlighting why directors receive more background investigation attention from investors as opposed to other service providers. Additionally, as a practical matter, due to the expenses involved as noted above, most investors simply do not have the budgets to run detailed background checks on everyone. Let's assume that you decide to run a background investigation on a director. How would you undertake such an investigation? Due to the nature of these searches and the types of information required, investors often find it more economical to work with third-party firms to conduct these reviews. That being said, investors can still often perform basic searches on their own such as high-level media reviews and regulator searches via publicly available regulator databases. These databases, of course, may not be as complete as those that require subscriptions, which many third-party firms have access to and are experienced in using efficiently. As such, rather than obtain their own subscriptions, third-party firms can be a cost-effective solution. What are some of the key areas that you could investigate? For reference, the areas of investigation typically covered by my employer, Corgentum Consulting, are generally grouped into five main categories. Corgentum typically performs these investigations on behalf of investors investigating both fund managers and directors. While we have outlined them below, please note that this list is not necessarily inclusive of all areas of search and is provided for example purposes only: Criminal checks: l Arrest records l Parole and probation records l Sex offender searches l Driver's license search/traffic citations Litigation searches: l Docket searches across all federal and state courts l Bankruptcy, foreclosures, and tax case searches l Judgments and liens Regulatory: l Regulatory records searches l OFAC and global sanctions searches l Judgments and liens Factual information: l Employment and education verifications l Asset searches including property and vehicles l Social security verification l Fictitious names/doing business as searches Media: l Web content searches l Broad media searches l Industry-specific periodicals and scholarly articles l Social media screens A few words about the list above. First, these types of searches are not necessarily applicable in all jurisdictions. Second, privacy laws vary among different jurisdictions and performing such searches may require liability releases. Additionally, you may need to obtain releases from directors themselves in order to verify items such as previous employment and educational history. It is also worth noting that the list above could also apply to investigations conducted on hedge fund managers themselves. As we noted above, investors have increasingly focused on conducting investigations on key hedge fund personnel to mitigate what is commonly known as reputational risk. The oversight by the hedge fund itself of such reputational risks through mechanisms such as preemployment screening of potential candidates to monitor for criminal activity can be another item that investors evaluate as part of a review of not only the reputational risks of the hedge fund itself but also the governance oversight of reputation management in general. This can apply not only to new hires via preemployment screening but also to ongoing reputation oversight. In certain cases, to facilitate such efforts, select hedge funds have taken to conducting reviews of key personnel, such as annual criminal checks, to ensure that no new reputational risks have arisen that, among other things, would likely signal poor governance oversight to investors in this area. It is also worth noting that investors are increasingly integrating such background investigations with ODD reviews. Corgentum Consulting is a leader in this field and one of the first firms to assist investors in implementing this hybrid background investigation and ODD model. The benefits of this model to investors include the fact that, during the ODD review process, third-party ODD consultants such as Corgentum already engage with, in this case, directors as part of the broader ODD review. For administrative process issues, such as, the signing of releases, the integration of the processes streamlines and reduces the overall time and cost of services for investors and directors. Additionally, should any issues come up during the background investigation, most investors feel more comfortable with having the group assigned with ODD discuss the issue as opposed to another third-party investigator. Finally, during the ODD process, the group responsible for ODD will likely become familiar with the directorship firm as well as the hedge fund and associated entities. When reviewing any historical litigation in particular, a party who has not been involved in the rest of the ODD review process, such as a third-party investigator, may be less effective. This could include not conducting searches on appropriate directorship-related entities as well as thinking certain litigation represents a negative issue, when, in fact, it came up during the standard course of business as part of the directors' relationships with the funds. As such, investors are increasingly combining the ODD and background investigation process with industry's leading ODD groups such as Corgentum that offer integrated background investigations as well. Another key component to most due diligence reviews, be they investment or operational in nature, is the on-site visit. In the case of directors who reside in offshore jurisdictions, such visits may be either cost prohibitive or not practically feasible for investors to conduct prior to subscribing to the fund. Consider, for example, a United States-based pension fund that is allocating to the offshore vehicle of a fund. This pension fund may have already conducted the on-site visit with the fund manager, wherever in the United States their offices may have been located. Now the investor would have to make a separate trip internationally, let's say to the Cayman Islands, to visit with the offshore directors. Just because it's more complicated and expensive to go on-site with directors, does this mean they shouldn't do it? As you can imagine, there are two sides to this argument. On the one hand, it should matter. Hedge fund investing may be a long-term commitment, and particularly if the investor is managing money on behalf of others, they should have duty to visit directors. On the other hand, the world is becoming increasingly virtual. Yes, there are benefits to an on-site visit, but if it is not practically feasible, then can't due diligence via emails and conference calls be sufficient? Obviously, an on-site visit is preferred, but the level and detail of review in place depends on the circumstances of each arrangement. Therefore, an inflexible set of rules would not be prudent in this regard. As an aside, why should directorship firms get special attention? After all, does a prime broker deserve less scrutiny than a fund's directors? What about an administrator or law firm? The notion of how important a service provider is can inform this decision, but ultimately, the investor has to analyze the specifics of each situation. To put it in perspective, in many cases, investors do take measures to conduct on-site visits with administrators and prime brokers. In Chapter 5 we outlined some critical hedge fund internal governance mechanisms. As part of that discussion we discussed a number of internal hedge fund operational procedures such as business continuity and disaster recovery ("BCP/DR") planning and internal oversight committees. Many of these types of considerations are also applicable to investor analysis of fund directorship firms. That is to say, in the same way that a hedge fund may maintain a BCP/ DR plan, so too can a directorship firm. Of course, there are differences. For example, a directorship firm does not execute trades as a hedge fund does. As such, there are no director counterparties such as prime brokers to review. This, however, does not mean that an investor cannot evaluate the process by which a directorship firm vets new service providers that they may use before they hire them. Directorship firms may also share common core operational governance considerations with hedge funds across multiple other areas. Another example would be the directorship protocol for information security management. In the same way that it would be considered best practice from a governance perspective for a hedge fund to not only maintain such committees and protocols but also provide appropriate implementation of oversight and controls in such areas, so too are these concepts applicable to directorship firms. Consider an example where an investor is considering two operationally identical hedge funds with two different directors. The director of one fund is associated with a directorship firm with detailed BCP/DR planning and testing, and the other is not. Which one has a better overall governance infrastructure? As we noted above, it of course depends on the specific implementation involved, but in general it is considered to be an indicator of better governance to have such planning in place. It should also be noted that it is increasingly accepted among investors that such considerations of best practice governance requirements at the hedge fund level should be reviewed for service providers other than directors as well. This would include, continuing our example, the information security, BCP/DR planning, and committee structures in place at service providers such as fund administrators and prime brokers. As we highlighted in our discussion of service provider governance in Chapter 3, administrators continue to be a focal point of investor's service provider reviews during the due diligence process. In light of the importance of the administrator's role in implementing governance oversight, the focus on fund administration relationships has continued to increase. Further increasing their importance is the fact that administrators are expanding their relationships with funds and providing more services beyond the traditional shareholder services and fund accounting. Service providers such as administrators can provide investors with a key source of information about fund governance. Such information may be particularly useful because it is coming from a source other than the fund manager themselves. As the frequency and scope of investor ODD has increased, administrators have become increasingly willing to interact with investors. Investors should not pass up the opportunity to communicate with administrators as part of the overall governance assessment process. Similar to our discussion of director engagement above, investors may gain useful insights by seeking to evaluate the level of administrator engagement with the hedge fund. In seeking to provide a resource for investors in analyzing the governance role played by service provider such as administrators, some key questions investors should consider asking in order to start off the fund review process should include: (1) How often do you speak to the fund? Do you ever visit the fund's offices? Does the fund ever visit you? (2) Has the fund accounting team that services the fund account experienced personnel turnover? If so, how does this turnover compare with industry standards? How did the firm deal with that turnover? (3) What systems and technology are utilized by the fund's administrator? How does this compare with the software, such as fund accounting systems, utilized by the fund itself? (4) Has the administrator undergone an SSAE 16 or equivalent review? If so, will they share a copy of the report with investors? (5) How does the administrator deal with fair valued positions? Are they actually making any attempt to independently value these positions themselves? Or instead, is the administrator simply collecting documentation and taking the manager's word for it? (6) Can the administrator, independent of the fund, provide a list of brokers utilized by the fund? If so, how does this compare with any broker information provided by the fund? Furthermore, how is the administrator notified of new brokerage accounts? (7) What is the administrator's role in overseeing cash movements? For example, how often does the administrator reconcile cash (i.e., daily or monthly)? Is the administrator involved in reviewing invoices to process fund expenses? (8) What pricing sources are utilized by the administrator? How does this compare with valuation sources utilized by the funds? (9) How does the administrator resolve pricing variances or disputes between itself and the fund manager? (10) What is the month-end NAV distribution timeline? Has this timeline changed (i.e., become longer or shorter) over time? How does this compare with the timeline presented by the manager? In addition to asking questions such as those outlined above, investors may be surprised to learn that an administrator may share a wealth of documentation with investors if they simply ask for it. For example, many administrators will share with investors basic marketing materials about their firm, BCP/DR plans, and copies of engagement letters (or the actual reports) of their SOC1 or similar reviews. By engaging in dialogues with fund service providers such as administrators, investors may gain not only useful insight into the working of the fund's administrators but also the broader picture by which fund managers interact with their service providers. This type of information often provides meaningful insights into the hedge fund's overall attitude toward implementing governance. Investors should seize this opportunity to not only evaluate administrators but also understand the work they perform in order to conduct a more complete ODD review. In Chapter 4 we provided an introduction to the role prime brokers have in influencing fund governance. As an example of the risks to investors of dismissing this primer broker governance oversight, we highlighted the example of the failure of Lehman Brothers. As we highlighted in this discussion in that chapter, after Lehman failed investors increased their due diligence focus on prime brokers. That was a positive step toward more thorough diagnosis of overall fund governance. Unfortunately, investors have short-term memories when it comes to frauds and financial crises. A 2012 Corgentum Consulting study demonstrated that, in the post-Lehman environment, investors have increasingly and somewhat dangerously downgraded the roles of prime brokers (Hedge Fund Law Report, 2012). The majority of those surveyed ranked fund administrators and auditors as being more important than prime brokers. Specifically, only 17% of those investors surveyed indicated that they felt that prime brokers were the most important hedge fund service providers (McCann, 2012) . When investors perform due diligence on hedge fund managers, evaluating the fund and firm service providers is a critical element of the process. Included in this list of service providers should be a fund's prime brokerage relationships. These survey data suggest a trend whereby investors are increasingly minimizing the roles of prime brokers. As a result of this minimized importance, resource-limited investors run the very real risk of focusing their due diligence efforts away from prime brokers, and instead on other service providers that they view as being more important. As the failure of Lehman Brothers has demonstrated, investors cannot solely rely on the fact that a prime broker is a big name bank or a leader in the industry. Additionally, different fund managers may be receiving different levels of services from prime brokers. Without delving into the specifics of such relationships, during the due diligence process, investors may not have the information they need to make an effective determination as to the service provider risks to the hedge funds. Investor due diligence on prime brokers also provides investors with a useful avenue for independent fund manager asset verification. Investors who do not even attempt to contact prime brokers, or who are only confirming a fund manager's relationships with a prime broker and doing nothing more, are missing this valuable opportunity. For those investors who wisely perform evaluations of fund manager prime brokerage relationships during the due diligence process, a word of caution is necessary. Perhaps taking a cue from the audit industry and on the advice of their legal departments, prime brokers have become increasingly difficult to deal with. So, for example, if an investor reaches out to a prime broker to ask certain questions regarding the nature of their relationship with a fund manager, many times prime brokers will send back generic responses that do not address the investor's questions in detail. Furthermore, such responses are often rife with legal disclaimer language, making them difficult to evaluate in certain circumstances. The onus is then put back on investor to follow up with the prime broker to attempt to have their specific questions answered. In many cases, prime brokers may be unresponsive or slow to respond that can elongate the due diligence process and make it more difficult. However, just because it may be difficult does not mean that investors are not up to the challenge. By acknowledging the importance played by prime brokers in implementing fund governance and constructing a detailed service provider review program that encompasses the specifics of prime brokerage relationships, investors will develop more comprehensive ODD solutions, and perhaps avoid indirect exposure to the next Lehman. When evaluating service providers during the due diligence process, many investors may tend to focus their initial efforts around certain specific service provider functions. The short list of the common cast of characters includes fund administrators, auditors, fund directors, and counterparties such as prime brokers. This is known as service provider clustering because investors cluster their efforts around certain select groups of service providers that they feel are important. By association, as a result of this increased attention, these service providers often receive more weight in the overall governance evaluation process. Other service providers may, unfortunately, receive less attention that, as noted above, can set a dangerous precedent, not only from a total due diligence perspective but also with a specific focus on governance evaluations. After all, several years ago many investors would not have necessarily added fund directors to the list of so-called important fund service providers, yet attitudes in this area have progressed over time. In regard to governance analysis, certain service providers may have traditionally received less attention because of the perceived importance, of the roles they play. For example, investors may feel, and rightly so, that valuation is a key issue for hedge funds. Therefore, understanding the role played by the service providers related to valuation oversight such as the fund administrator may receive more attention at the expense of the analysis of other service providers. Another motivation for many investors in clustering their service provider evaluations around a limited subset of all the hedge fund's service providers is the notion of a risk-based approach. Continuing our valuation example above, many investors view valuation as not only a highly important issue for hedge funds but also one that is fraught with potential risk. That is to say, there would be direct negative implications for investors if a hedge fund began playing games with valuations. Such a risk may be compared, for example, with the risks associated with a hedge fund, or even a director or other service provider, utilizing a slightly less than cutting-edge piece of hardware for data storage. While we will address the example of information technology (IT) hardware as a tool for governance analysis in more detail later in this discussion, for now let us consider the implications of IT hardware as simply representative of a type of risk factor here. When framed against valuation concerns, investors may feel that the valuation risks outweigh the technology concerns. For some investors, this trade-off unfortunately results in a lesser degree of analysis of third-party IT service providers that may have participated in assisting the hedge fund in overseeing its hardware management. Often this service provider clustering effect also influences the ways in which certain investors overlook the role played by service providers such as a hedge fund's legal counsel. During the governance assessment due diligence process, some investors may simply check to see if a hedge fund is working with a large, well-known law firm. Other investors may go further and attempt to confirm the relationship with the legal counselors, but may be unsure what other items they should evaluate. The role played by a law firm working for a hedge fund is not cookie cutter in nature. As could be said with all service providers, they are not created equal. This is particularly true when it comes to fund legal counsel. A number of differences may exist with regards to not only the quality of work they perform for the hedge fund but also the type of areas they cover. The specific nature of such relationships can not only provide indications of the quality of governance in place between the hedge fund and its lawyers but also have a signaling effect with regards to governance practices in place at the fund itself. As with all hedge fund service providers, investors would be well served to capitalize on the opportunity to vet the role played by a hedge fund's legal counsel during the initial governance assessment process. For starters, investors should endeavor to cover what could be considered the nuts and bolts of the relationship with a law firm by attempting to understand answers to questions including: l What is the hourly billing rate charged to the hedge fund? l Are any hourly billing rate or fee caps in place? l Is a blended rate charged or instead does the rate vary by the experience of the law firm employee (including non-attorneys) performing the work? l Is the hedge fund notified if fee caps are being approached? l Are flat fees charged for any projects? l Does the law firm have any particular expertise that may be applicable to the hedge fund (i.e., jurisdictional expertise, or experience in performing legal work related to certain investment products)? This above list is, of course, not comprehensive, but is intended as a guide with which an investor could start a conversation with a law firm in order to gauge certain basic issues regarding its relationship with the hedge fund. You could, of course, take issue with any of the items of the list above. For example, what does it matter from a governance perspective how much a hedge fund pays its attorneys? As we outlined previously throughout this book both in our conversations related to fund employee compensation and more germane to our conversations related to the rates of service providers, questions such as this can have direct governance implications. For example, if a hedge fund is blatantly overpaying for legal services, couldn't it be argued that this suggests that the firm has poor governance with regards to oversight of the reasonability of fees paid to service providers? Beyond the basics, an investor could inquire further into a number of different topics in an attempt to understand the extent of the law firm's work with the hedge fund. Examples of some items an investor could cover may include: l Does the law firm provide any compliance-related services to the hedge fund? l If the hedge fund works with a separate compliance consultant, does the law firm interact with them? l Has there been any personnel turnover among the key individuals servicing the hedge fund's account? l Can the law firm provide an example of a recent matter on which it has worked for the funds? l If the funds or hedge fund management company was (or currently is) involved in any litigation, can the law firm walk the investor through the litigation (and any outcomes)? l Does the law firm interact with any other law firms used by the hedge fund? l Can the law firm provide a summary of the routine legal tasks performed for the firm? Additionally, other more broad questions could be asked of the law firm to gain an understanding of how much they interact with and understand the hedge fund's business. Examples of these questions may include: l Does the law firm generally understand the hedge fund's investment strategy? l If there have been any recent material developments that have occurred at the hedge fund, is the law firm aware of them? l Who at the hedge fund does the law firm primarily deal with? l Has the scope of the work the hedge fund has given the law firm increased or decreased over the past two years? If so, why? A law firm can play an important role in supporting the successful overall management of a hedge fund. In particular, in light of the increasingly complex regulatory and legal environment, investors should be cautious not to minimize the due diligence they perform on third-party service providers such as law firms. This can be stated in regards to both the functional operations between the hedge fund and the law firm and the overall governance in place in such relationships. Similar to other service providers, including fund directors, by delving into the details of such third-party relationships investors will likely be surprised at the useful governance insights they may learn. It is increasingly common for many hedge fund managers, especially smaller ones, to leverage the efforts of external IT consultants. As we outlined in Chapter 4 with the information security example regarding the use of IT consultants, the actual work performed by these consultants within the hedge fund itself, similar to other service providers, can have direct governance implications as well. These consultants can support the work of internal IT personnel as well as be fully outsourced consultants. Specifically, IT consultants come in many different forms and can provide a wide array of services for fund managers. In general, common services provided by IT consultants can include: l Help desk support l Software development and support l Hardware maintenance l New software or hardware vendor and package selection l Implementation of new systems or hardware l BCP/DR program design, testing, and maintenance During the due diligence process, investors may sometimes find it difficult to obtain a straight answer from their hedge fund managers with regards to the nature of the work of these IT consultants. Perhaps it is because certain fund managers want to emphasize the arguably more important role played by dedicated in-house IT personnel, be they dedicated or shared, while minimizing the external resources. Such evasiveness may provide a signal with regard to the governance oversight and extent of use of such providers. Said another way, certain investors may think that if a manager is coy in their response to such questions, what are they trying to hide? Invariably, such evasiveness can cause certain investors, particularly those focused on the governance controls in place surrounding such consultants, to ask more questions, in an attempt to kick the tires harder as it were. Additionally, many hedge funds may utilize certain consultants on an ad hoc or as-needed basis and, therefore, perhaps don't feel that highlighting such relationships matters much to investors. Investors should not be discouraged, however, and should take measures to evaluate the role of IT consultants. A good starting point is speaking directly with the hedge fund managers about the use of such consultants. From a governance standpoint, there are direct diagnostic benefits to gaining a hedge fund's perspective regarding the use of such consultants. Similar to the ways in which we described the benefits of letting directors explain in their own words what they do, so too can it be useful to hear from the hedge fund what exactly it is a service provider does. By comparing the two sides of the story, investors can often gain valuable governance insights with regard to any potential operational as well as oversight and control discrepancies that may arise. By inquiring about these third-party firms, investors will likely learn about the duties performed by different IT consultants. Investors can also learn where a hedge fund may be weaker internally from a technology perspective and feels the need to augment these deficiencies with external resources. Examples of the types of questions that can provide valuable insights in this area include: l Has there been turnover among IT consultants in a particular function? If so, why? l If the hedge fund utilizes a consulting firm, as opposed to an individual freelancer, what personnel from the IT consultant are actually doing the work? l How often are the IT consultants in the offices of the hedge fund manager? If not frequently, do they access the firm's systems remotely? In addressing the governance oversight of IT consultants, we should follow up in more detail regarding the example we provided in Chapter 4 relating to information access and control protocols. Specifically, after an investor has obtained a detailed understanding of what a third-party IT consultant may actually do for a hedge fund, investors should next inquire as to how the hedge fund controls the third-party's access to, and use of, fund data. Some questions investors may want to consider asking in this regard may include: l Has the hedge fund taken policy-based measures to ensure IT consultants keep information confidential (i.e., signing a confidentiality agreement)? l Are technological measures in place to limit the IT consultants' access to certain information? Or does the hedge fund trust the IT consultants blindly? l How does the hedge fund oversee the implementation of any data security measures either agreed to with the IT consultants or in place from a technology perspective (i.e., is there any testing of such controls)? Hedge funds are information-based organizations. Technology supports the way in which a fund organizes, utilizes, and trades upon this information. When a hedge fund effectively opens up its doors to a third-party firm to assist in managing or improving upon this technology, investors should take notice. By incorporating an analysis of the role of third-party IT consultants into the larger governance assessment process, investors may learn new pieces of information, which can provide valuable insights into their overall assessment of a hedge fund's IT function. From a due diligence perspective, investors have long focused on analyzing the hedge fund audit process. As an offshoot of this process, investors also typically collect and review a hedge fund's audited financial statements. The focus on the analysis of such statements has become increasingly popular in recent years in conjunction with the overall increased focus on hedge fund operational risk analysis. The analysis of audited financial statements can also highlight a number of related governance issues. In this section, we will analyze three such issues: the source by which investors collect such statements, related-party transactions, and expense disclosures. As we noted above, audited financial statements have increasingly become a critical part of the investor's due diligence process. Today, it certainly would be considered prudent for prospective investors in a particular hedge fund (i.e., those who have not already allocated to the fund) to request historical audits as part of the due diligence process. While many investors tend to justifiably focus on the content of the statements, the source of the statements however, tends to often be overlooked, particularly from a governance perspective. To clarify, the source in this case refers not to the auditor; they of course produce the audited financials. Rather here we are referring to what organization the prospective investor is receiving the financial statements from. Many times the hedge fund itself will maintain an internal library of audited financials and simply forward them along, directly to the requester. When receiving documentation such as audited financials that were supposed to be prepared by a third party directly from the fund, however, there are legitimate governance concerns that may be raised relating to both the authenticity and accuracy of the documentation. Taking authenticity first, an investor may be concerned about whether or not the auditor themselves actually produced the audits that the investor received. A hedge fund manager, for example, could simply steal the letterhead of an existing auditor or make up their own digital facsimile. Indeed, by reviewing the audits of other hedge funds produced by any big four accounting firms, it would not be overly difficult for a hedge fund manager to go online, download a logo, and make what may look like auditor letterhead. Similarly, taking a skeptical perspective, we could consider, for example, a fund that, for whatever reason, did indeed have accurate information in the financials (i.e., the liabilities figure on the balance sheet was indeed the correct liabilities amount for the fund); however, perhaps they prepared these figures themselves and used fake documentation to imply they were audited. If you don't believe that someone would go to such lengths to manufacture false documents to hide impropriety, consider the case of fraudster Marc Dreier, which included the use of such fraudulent statements (Wesier, 2009 ). Next, consider the question of accuracy of documentation. Of course, creating fraudulent numbers, which appear to make sense, that go into the actual audits may be slightly more difficult; however, this is certainly not outside the realm of possibility. As we noted above, to those unfamiliar with such practices, it may be thought that it would be highly unlikely that any hedge fund would ever take such measures. Indeed, for the most part, the skeptics would be right. However, there certainly have been historical cases of hedge fund managers claiming relationships with auditors they did not have, such as the case of Andrey Hicks and Locust Offshore Management (Corgentum Consulting, 2013). There have also been other cases of hedge funds altering existing financial statements such as the Pinn fund case in 2002 (Murphy, 2002) . Taking matters further, some hedge fund managers have even created fake audit firms to produce their own fraudulent audits. This scheme most famously took place in the Bayou fraud, but has also unbelievably been repeated as recently as March 2012 in the James Michael Murray case, where a hedge fund manager not only created a fake audit firm but went so far as to make a website for it as well (Egelko, 2012) . Recognizing the potential risks outlined above, some investors may feel it is better to obtain historical audited financials from a source other than the hedge fund manager. Of course, the most logical source would be to go straight to the horse's mouth, so to speak, and obtain the financial data directly from the auditor. As any investor who has tried to conduct a review on an audit firm in the past will know, it is a bit of thorny issue. Indeed, many audit firms will barely confirm their relationship with a hedge fund. Seeking to obtain historical audited financials from them is virtually unheard of. As an aside, do such difficulties in dealing with auditors promote governance of the overall hedge fund investing relationship? After all, isn't the emphasis supposed to be on transparency? If investors aren't privy to the details of such audit relationships, how can they be expected to make any sort of assessment on the nature of the auditor's oversight and controls? While hedge funds and investors may be unhappy about it, perhaps as a proposed compromise toward independence, the next party looked to is the fund administrator. The way it typically works is that the administrator, in the course of their business, interacts with the fund auditor and obtains the financial statements. The administrator can then forward the audited financials from the auditor directly to the prospective investor performing the review. It seemingly would give investors some level of comfort to know that the audits are not coming directly from the manager, but instead from a third-party source. But are such notions of independent oversight misplaced? When an administrator sends an investor audited financial statements, they are merely acting as a messenger. By transmitting these statements directly to investors, the administrator is not in any way attesting to the authenticity or accuracy of the statements. Of course, it would be nice to believe that the administrator at some point is not simply receiving the statements and filing them away, but actually reviewing them. In practice, in recent years auditors and administrators have increased the level of interaction between them. Although there is delegation of duty considerations among service providers that we discussed earlier in this text, such enhanced collaboration is, in general, believed by most to be beneficial for the overall governance relationship. This increased collaboration is, in part, likely a result of the need for more transparency and information to perform each group's respective role, as well as a desire to better insulate themselves from allowing a manager to overly manipulate one relationship (i.e., an administration relationship) without the other firm (i.e., the auditor) knowing about it. That being said, the theory behind receiving audits from a source other than the manager does rest on some solid governance ground. Principally, the more third parties that are involved, the more difficult it is to coordinate some sort of fraudulent deception. So when the administrator is placed in the financial statement distribution loop, assuming of course that they are not involved in the scheme, the manager would then need to trick the administrator into somehow believing that they received the audits from the auditor. Once again, not impossible, but a bit more complicated. At the end of the day, the information contained in the audited financial statements should not be viewed in isolation during the due diligence process. This includes not only the actual financial data but the source of the financial statements as well. Certainly, just because a financial statement comes from an ostensibly more "independent" source such as the fund administrator as compared with the manager, this in no way means that an investor should not take measures to independently confirm the audit relationship outside of the manager. Furthermore, investors should not let hedge fund managers attempt to dodge further inquiry regarding the auditor or the financials, simply because they were forwarded to the investor from the administrator. It is ultimately up to each investor if they take any additional comfort from receiving the audited financials from the administrator as opposed to the manager; however, for the reasons outlined above, the addition of a third-party-audited financial statement source to your governance assessment toolkit certainly couldn't hurt. Continuing our examples and discussion of governance-related considerations that may arise throughout the analysis of audited financial statements, we can now turn our attention to related-party transactions. When reviewing audited financial statements during the due diligence and governance assessment process, investors should consider not only the actual numbers contained in the different sections of the financial statements but the financial statement notes as well. One key part of the notes is the so-called "related-party transactions" section. For reference, related-party transactions typically refer to transactions among the firm's funds, or between the fund and the management company. These entities typically share common ownership and are therefore related. One reason related-party transactions are particularly important from a governance perspective is because of the enhanced potential for conflicts of interests among the firm's entities that engage in related-party transactions. It may be easy for investors simply to look at this section and dismiss it as a boilerplate language; however, often times meaningful details may be buried within this section. The financial statement disclosures pertaining to related-party transactions often start off with a general summary of the fees the investment manager receives and how often they receive them. This section then typically proceeds to include general disclaimer language, which, unfortunately for investors, effectively gives the fund manager a great degree of fee flexibility. This language generally mimics similar language in the fund's offering memorandum, and reads something to the effect of "The Investment Manager, in its sole discretion, may reduce or waive the management fee with regards to certain limited partners." The fee section then typically concludes with the actual amount (i.e., not a percentage) of what the fee actually was. This last piece of information, the actual amount of the fee, can be used by investors to further analyze the various sections of the financial statements contained earlier in the audits. For example, the actual amount of the management fee provided in the related-party transaction section can be compared with the management fee figures in other parts of the financial statements such as in the Statement of Income. Similar comparisons can be made for other related-party fees such as the incentive allocation. Additionally, it may also be useful to compare the fee information disclosed in this section with fee details that may have been disclosed in previous year's audit. Returning to the related-party transaction disclosures in the financial statement notes; generally this section also includes details of related limited partner capital balances. This figure can then be compared with "skin in the game"-type asset information provided by the fund manager outside of the audited financials. The amount of capital invested by managers is often considered to be a powerful governance mechanism to better coordinate the interests of fund personnel with investors. The thinking is, the more personal capital a hedge fund manager has invested in the firm's funds, the less likely they are to try and lose it. Similarly, these figures may provide clarity with regard to the balances of actual funds that are invested in other funds. This information can then be used to facilitate a comparison to provide insights into any discrepancies on a vehicle-level basis between the fund's reported figures and those contained in the financial statements. In addition to the information listed above, related-party transaction disclosures may also contain other pieces of information including any specific fee waivers among related parties and transactions made among the firm's different funds. Items such as fee waiver disclosures should be considered by investors, not only in the context of a review of the audited financial statements themselves but in the broader governance assessment as well. For example, during an on-site interview, a fund's representative may have made a statement to the effect that "all employees invest with the same terms as everyone else." If a fee waiver is then disclosed in the audits, does this mean that the fund employee was lying? Not necessarily, the argument could perhaps be made that the fund employee was referring to liquidity terms and not necessarily fee waivers. As this example highlights, certain disclosures made by the funds in this instance may be open to interpretation. As such, it is better to not blindly take the fund's word for it and instead perform your own double checking with regard to related-party transaction terms that may benefit the fund such as fee waivers. Such analysis can serve as a useful tool during the governance assessment process to assist in determining not only the accuracy of manager statements but also the seriousness by which the fund manager takes items such as the equitableness of fee arrangements between fund personnel and investors. Transactions among the firm's funds is another area that investors should inquire about during the broader due diligence process, particularly when focusing on a governance assessment. One reason for this is that, in a master-feeder complex, investors may run the risk of having one vehicle (e.g., the offshore fund) take advantage of another vehicle (e.g., the onshore fund). As an example of the potential risks related to an interfund complex transaction, one could look at the SEC allegations in the Martin Currie China fund case (US SEC, 2012) . Once again, general information learned during the ODD process regarding the potential for funds to participate in transactions with each other can be revealed and supported by disclosures in the audited financial "related-party transaction" section. In certain cases, specific details related to the transactions may be disclosed in the audits. Often times such disclosures can give investors another perspective on the magnitude, nature, and frequency of such transactions. From a governance perspective, there is nothing inherently wrong with relatedparty transactions. In some cases they come up during the normal course of business of a fund complex. When analyzing fund governance, the aim should be for investors to understand the nature of such transactions, controls in place surrounding any such transactions, and their economics to both the fund and investors. By reviewing related-party transaction disclosures in the audited financial statements, maintaining a focus on potential conflicts, and the associated overseeing of such transactions during the governance due diligence process, investors may gain useful insights into the risks surrounding such arrangements. When considering a hedge fund's audited financial statements, another common consideration relates to the nature of fund expenses. The typical concern in this area is whether such expenses are reasonable. The next logical consideration is: how do we define what reasonable means? There are also a number of governance considerations with regard to the oversight and control of fund expenses. When considering fund expenses from a governance perspective, investors should also be conscious of the aforementioned related-party transaction considerations that may be related to the allocation of such expenses as well. Within the audits themselves, investors are generally provided with some guidance through a series of expense-related disclosures. But do these disclosures add any real value to investors in analyzing fund expenses? Additionally, what should investors' governance goals be in analyzing fund expenses? For risk assessment purposes within the context of a due diligence review, many investors would most likely agree that, in general, fund expenses can be grouped into two categories. The first category could be so-called legitimate expenses. That is to say, those expenses that occur as part of the course of a hedge fund's normal business and trading activities. These expenses could include both investment and trading-related costs such as interest and dividend expense and stock loan fees. Other expenses that many investors would likely place in the "legitimate" bucket would include performance and management fees. Fees for items for operational or noninvestment-related purposes such as fees paid to members of the board of directors, audit, and legal expenses could also be placed in the legitimate bucket with little investor argument. The second category of expenses investors tend to look for could be called illegitimate expenses. These are effectively the polar opposite of legitimate expenses, and, as the name implies, would not be items investors expect to be charged to the fund during the normal course of business. These could be items such as lavish expenses for fund-raising, paying for the fund manager to travel to a sales meeting in a private plane, or the unreasonable salary of any individual employee being charged directly to a fund. During the due diligence process, from a governance perspective, investors who come across any of these illegitimate expenses should certainly raise a red flag and inquire further as to why such expenses are being charged to the fund. Beyond this fairly basic legitimate versus illegitimate framework, investors face more complex additional governance assessment challenges in reviewing fund-level expenses. As noted above, it may be easy for investors to classify expenses at either end of the spectrum as being legitimate or illegitimate. The classification of expenses may become less clear, however, when investors start to dive into the details of actual fund expenses. It is with regard to these gray area expenses that difficult governance questions may arise and, as is the case with many similar gray area issues, more than a cursory expense analysis is often required before a comprehensive assessment may be made. For example, consider a hedge fund manager that invests in the distressed debt of companies. As part of their research process, the fund manager sends analysts to visit with the management of the target companies in which it is considering purchasing debt. Most investors would likely agree that such research trips are not lavish or excessive, but rather part of the hedge fund manager's standard operating procedure. Where investors may differ in their opinions is whether the expense of such research trips should be charged directly to the funds themselves, or rather if the expense for such trips should be posted at the management company level. From a best practice governance perspective, do you believe such trips should be covered by the fund or the management company? Perhaps the answer may depend on other information such as what other types of expenses are charged to the fund? This type of example highlights the necessity to conduct a comprehensive review of multiple factors before making a rash, uninformed governance assessment. There are many other examples of areas where investors and fund managers may disagree as to the appropriateness of allocating all or a portion of an expense to the funds versus the management company. Additional examples of these types of expenses may include the allocation of a hedge fund's office rent expense and expenses related to acquiring and maintaining the IT function including hardware that may be used to execute the fund's trading strategies. Regardless of which side of the argument a particular investor lands on, from a governance perspective, it is important that investors have transparency with regard to such expenses. Additionally, investors should seek to evaluate the consistency of a hedge fund manager's approach in allocating gray area expenses. Said another way, from a governance perspective, it is up to the investor to understand what a particular hedge fund's rules of the expense allocation game are before they can evaluate if a manager is following them. At this point, you may be asking yourself, how is an investor supposed to figure out what the hedge fund's policy is with regard to allocating such expenses in order to facilitate a governance review? A hedge fund's offering memorandum might be a good start. The offering memorandum often contains valuable information about not only what expenses are anticipated to be charged to the fund (i.e., legitimate vs. illegitimate) but also the way in which they will be allocated. It is worth noting here the importance of incorporating documents other than the offering memorandum and audited financial statements into the overall governance expense analysis process. Clearly, investors should not be hesitant to seek out information from other sources to guide their analysis. This produces a more comprehensive, well-rounded review, which runs less of a risk of ignoring key risk areas simply because they may be interdisciplinary in nature. Returning to our discussion of expense allocation rules, it is instructive to discuss the information that can be gleaned from the audited financial statements themselves. Often times the statement of operations, also known as the income statement, will provide valuable information about the detail of total fund-level expenses. The problem, however, is that the figures presented in these statements are often in summary format. For example, the statements may indicate that interest and dividend expense was $100. It would arguably be more useful for investors to know more detail. For example, something to the effect of interest expense was $30 and the dividend expense was $70. Another problem investors often encounter when attempting to make a detailed governance inquiry of fund expenses relates to so-called rollup categories of expenses. These are groups of expenses that are bundled together into a single line item. An example of such an expense category would be "Professional Fees and other." Under US GAAP, there is no universal rule as to what exactly should be lumped into such a category. Furthermore, there is not even a general agreement among hedge funds or investors as to what exactly may go into this line item. Typically, an expense category such as this would contain items such as board of director's fees and legal fees; however, investors should not make any such assumptions. A hedge fund manager could just as likely use such a broad category to bundle gray area expenses that, if brought to the attention of some investors, may raise questions. Some investors may feel that the fund manager should be more transparent with such fund expense details, particularly when they have the information available. Furthermore, it could be argued that providing investors with such transparency would promote enhanced governance oversight of such issues by investors. Are investors left with any options when faced with such rollup categories? One resource investors should consider when faced with such issues is the notes accompanying the financial statements. These notes can sometimes provide additional clarification as to what is included in rollup expense categories. Although there are some general guidelines under US GAAP with regard to minimum mandatory disclosures, once again there is no universal requirement to provide such detail in all cases. Furthermore, as we have outlined earlier in this discussion, a typical hedge fund auditor is not generally incentivized from either a financial or liability perspective to write detailed, clear disclosures. In this case, investors should then not be afraid to approach the fund manager directly and inquire as to what actually goes into each category. If a manager is willing to engage in such discussion, it may be a signal, subject to further inquiry of course, that the manager supports enhanced governance transparency in other parts of the firm as well. As noted above, manager's expense allocation disclosures may provide investors with more data to judge whether allocation rules are being followed. Additionally, investors engaging in such discussions with managers may be surprised to learn about how much discretion a fund manager may have in making determinations as to how expenses are allocated. One of the goals during expense analysis therefore should be not only to diagnose the way in which a hedge fund allocates expenses but also to oversee that discretionary choices by the manager are equitable to all investors and in the best interest of the particular fund vehicle in question. By engaging with fund managers to conduct such reviews, investors may find their review of the fund expenses and disclosures may bear fruit, with regard to transparency as well as other parts of the overall governance due diligence process. As noted earlier, during the due diligence process, one of the key areas frequently reviewed is BCP/DR. As we discussed in Chapter 5, the assessment of BCP/DR plan implementation and testing, as overseen by internal BCP/DR committees, is an example of an in-house hedge fund governance mechanism that investors can assess to gauge the competence and risk associated with a given fund's governance. Part of the investor review process of BCP/DR plans typically includes requesting that a hedge fund provide investors with actual copies of their BCP/ DR plans. The response to this request may, in and of itself, contain revealing governance data. For example, some funds may not have a separate BCP/DR plan and instead may incorporate this into other documentation such as a compliance manual. Other firms may have a document entitled "BCP/DR Plan," but instead the plan may be heavily focused in one specific area such as technology planning. Assuming that a fund does provide a BCP/DR plan that covers more than just technology, however, investors may find several pieces of interesting governance information that may not be immediately available on reviewing a short summary of the BCP/DR plan in another document, such as a DDQ. One point of information that may surprise investors is that certain BCP/DR plans may address how the firm would respond to a wide range of exogenous events including terrorism and even epidemics of infectious diseases known as pandemics. At first glance, investors may think such planning is surely overkill. Of course, employees can become sick, or during the winter season there may be a spread of diseases such as the flu, but generally they do not rise to the point of a widespread pandemic. Are such concerns completely unfounded and representative of the use of boilerplate documentation and, therefore, representative of poor governance as evidence by prefabricated recycled documentation? On the other hand, is planning for such unlikely, outlier events representative of well-thought-out governance planning? After all, isn't that the point of BCP/ DR planning to make plans so that the fund can continue operations should an unexpected or unlikely event occur? A real-world example of a pandemic event that directly affected the hedge fund industry was the 2002 severe acute respiratory syndrome ("SARS") outbreak in Asia. At the time, many Asian hedge funds, including those in the hedge fund centers of Singapore and Hong Kong, were suddenly faced with the problem of attempting to continue their operations in the face of regional travel advisories and compulsory quarantines. After the outbreak had subsided, many Asia-Pacific hedge funds put SARS plans in place (AsiaHedge, 2003) . Another more recent example was the 2009 global swine flu outbreak. In such situations, a fund with a detailed and tested pandemic plan would have likely fared much better than those who had never considered it. If a fund does have a BCP/DR plan in place, the next question facing investors is whether the plan is appropriate for the firm. A good place to start when analyzing pandemic plans is with the language in the plan document. First, investors should consider if the language in the plan is appropriate for the size of the firm. Investors may realize that in some cases, perhaps in their eagerness to provide what they deem to be complete BCP/DR plans, funds may include wide-ranging boilerplate descriptions of pandemic planning that may be more in line with episodes of The Walking Dead zombie-type apocalyptic breakouts, and may not be appropriate for a firm of their size. Disconnects between the realities of the scale of practical planning based on the firm's size and broad, widespread plans more appropriate for large publicly traded corporations suggest not only that was there poor governance oversight in the creation of such plans but also that there is little ongoing oversight or control regarding actually implementing such plans. This is certainly not representative of good governance practices. Consider, for example, a BCP/DR plan for a hedge fund with less than 10 employees that has a detailed pandemic plan with 9 levels of different escalations depending on the nature of the outbreak. On first glance, does this seem appropriate for a fund of this size? As we outlined above, this isn't to say that a small hedge fund shouldn't plan for a pandemic event. An excessive level of detail, however, suggests that the plan may not have been designed with the firm in mind, and may not be practically implementable for the firm. It would be likely considered better from a governance perspective, once again depending on the specific facts at hand, that a relatively small firm such as this may benefit from a smaller-scale BCP/DR pandemic plan that is more appropriate for a firm of their size. This, by association, suggests that poor governance oversight regarding the development of such plans may be in place. Regardless of the firm's size, investors should also consider whether they feel the language contained in the fund's BCP/DR plan is something the firm will actually follow or is just boilerplate in nature. Consider, for example, the following sample language from a BCP/DR plan related to pandemic planning: "In the event of the first human outbreak case in North America, the fund will minimize face to face contact by conducting transactions with vendors, investors/investees via email, telephone, and electronically wherever possible. Face to face interactions will only occur when every other option has been used." Do you think that such planning would be appropriate for a smaller firm? Is such unrealistic planning likely inappropriate for the firm and representative of poor governance? When assessing governance, investors should not simply take language from the BCP/DR plan at face value and instead inquire further with the firm. An investor could perhaps start such questioning by asking a fund to generally describe its BCP/DR plans. If they omit the subject of pandemic planning altogether, perhaps they don't take this subject too seriously from a governance perspective. Furthermore, if they have a BCP/DR that does address pandemics, but they do not address it when describing the plan, then how can investors be reasonably expected to believe some of the detailed descriptions contained in such plans? Consider the following sample language from a BCP/DR plan related to pandemic planning structured in a Q&A format: Question: In the event of an outbreak in the United States, describe how you will provide for new employee onboarding to familiarize replacement resources with their duties as quickly as possible? Response: The fund's business function processes have been documented in our policies and procedure manuals. The fund's teams consist of multiple investment professionals. Weekly meetings are held for all investment professionals for status updates of active investments as well as potential investments. New employees would be familiarized with the documented procedures and policies and included within the weekly meetings. Putting aside the fact that the response doesn't really answer the question, does such boilerplate language make an investor feel as if the fund really has a detailed plan in place to onboard new employees in the event of a pandemic? Furthermore, do investors really believe that the fund will go on a hiring spree in the event of a pandemic? This is an example of where there may be a discon nect between practicality and overplanning to feign good governance. Analyzing the language of a BCP/DR plan and having frank discussions with fund managers regarding the fund's planning can not only provide insights into how seriously the fund takes BCP/DR but also alert the reviewer of other potential yellow flag governance issues that may be in place at the fund. Focusing on areas such as pandemic planning may seem to be outside of the scope of governance assessment, but as recent examples demonstrate, there are situations where such planning can insulate funds from risk should a disaster strike. Reviews of a fund's BCP/DR infrastructures, however, are a bit counterintuitive from a governance perspective. The goal of evaluating a fund's BCP/DR plans seems simple enough on its face-can a fund continue operations in the event of a disaster? As we have outlined above, however, from this simple enough question comes a myriad of quite complex technology, process, and planning considerations. One such area that we will focus on in this chapter relates to backup power generation. Similar to pandemic planning examples above, the way a hedge fund approaches the concept of backup power generation in regards to BCP/DR planning can also serve as a valuable governance indicator. At this point, you may be asking why we are seemingly focusing on such minutia of details such as pandemics and backup power. The reason is that these are exactly the types of issues that run the risk of slipping through the cracks. The level of transparency, oversight, and controls in areas such as these are often the best indicators of how genuinely a fund approaches governance. It may be easier to address so-called big-ticket governance items, such as the board of directors, but an additional level of effort is typically required to institute good governance in these seemingly ancillary areas. The concept behind a fund manager's backup power generation capabilities may seem to boil down to a singular goal-can a fund manager keep the lights on, literally and figuratively, if the power goes out? From a due diligence perspective, the question of how a fund manager approaches this issue can actually be further distilled into two distinct questions. First, does a fund manager have backup power capabilities to allow for an orderly shutdown or protection of the firm's hardware? Second, can the firm continue operations, and perhaps most importantly, investing activities, in the event of a prolonged power outage? Let us consider each of these questions individually. When considering backup power that provides an orderly system shutdown, we first have to understand exactly what hardware is being turned off. On its most basic level, fund managers generally have two primary types of hardware: desktop computers and servers. When the power is suddenly cut to either of these types of equipment, bad things could happen if they were to immediately just shut down. First, important data that was not saved properly before the shutdown could be lost. Besides the loss of data, a sudden power loss could potentially cause actual physical damage to the hardware itself. To combat these problems, a fund manager can typically install a piece of hardware known as an uninterruptible power supply, which is commonly referred to as a UPS. On their most basic level, a UPS provides protection from a power loss. It does this by automatically switching on when the power is cut. Once switched on, a UPS will minimally provide sufficient battery power to the computer or server so that it may be properly shut down without data loss or hardware damage. The length of battery power provided by a UPS can be relatively short (i.e., 15 minutes) or may even extend up to a number of hours. A UPS may not only serve as a backup to power loss. These devices can also protect equipment against power surges, spikes, and high-frequency power oscillation from other equipment. All UPSs are not created equally, and there are many different types including offline/standby UPS, line-interactive UPS, double-conversion online UPS, double-conversion on demand, ferroresonant UPS, and diesel rotary UPS. While UPSs range in price and capabilities, it is generally considered best practice for a fund manager to have dedicated UPSs for both their desktop computers and servers. Additionally, it is important for fund managers to perform ongoing testing of UPSs to ensure that they are appropriately holding battery power. We can now turn to the second primary concern most investors have to backup power generation: the ability of a fund manager to continue operations in the event of a prolonged power loss. This area is most likely the more common of the two major investor concerns related to backup power generation. To clarify, a prolonged power loss generally refers to a loss of power that extends for more than a few minutes. Depending on the fund manager's geographic location, inclement weather such as snow storms or hurricanes may potentially cause power outages that can extend for a number of days. The problem, of course, is that the entire world does not lose power all at once, and the markets remain open. A fund manager who cannot continue trading operations for an extended period of time is likely to be at a severe disadvantage and may potentially pile up serious losses. As an aside, it should be noted that a fund manager's approach to continuing operations may encompass a number of concepts not directly related to backup power generation including securing alternative work locations and maintaining backup phone lines and Internet connections. Returning to the issue at hand though, what approaches is an investor likely to encounter during the governance assessment process? The most common solution that fund managers take to address this issue is a backup generator. Backup generators are different from UPSs in that they actually have the ability to generate power for an extended period of time. Emergency backup generators come in multiple types including natural gas, gasoline, and diesel powered. Generators must be sized to meet anticipated demands and must be capable of starting automatically when needed unless on-site personnel are capable of operating the units. Regardless of the type and size of generator employed, a preventive maintenance program needs to be implemented to ensure the unit will function properly when needed. Additionally, standby generators need to be run under load several times throughout the year to ensure that the equipment will function reliably when needed. It is important to ensure that the generator has an appropriate supply of relatively fresh and contaminant-free fuel in its tank and provisions to refill the tank as needed during a long-duration power outage need to be in place before the event. Depending on their location, a fund manager may have a dedicated generator or one that is shared with multiple tenants in the same office building. Large generators, which may need to generate power for periods of multiple days, certainly require a significant investment of capital and ongoing maintenance expense from a fund manager. Depending on the nature of the fund manager's strategy, some investors may consider the importance of such extended generator capabilities to be more or less important. For example, some investors might be of the opinion that a high-frequency trading hedge fund would likely suffer greater losses by having an extended power outage than a low-frequency event-driven manager. Regardless of the particular specifics associated with a given manager's funds, it is generally considered best practice for a fund manager to have both UPSs and a dedicated emergency backup power generator. Investors who take the initiative to evaluate the way in which a fund manager approaches loss of power issues lessen the risk of being left out in the dark when the power goes out. As noted above, in addition to providing a sense of comfort with regard to the actual backup power practices employed, this can also be a strong indicator that the hedge fund is focused on governance. Of course, investors should reserve judgment until a more detailed review of the unique circumstances of each fund is conducted, but certainly, detailed planning in this area is representative of overall management attention to detail and can't hurt the situation. Although elements of BCP/DR planning often incorporate many aspects of IT, reviewing additional IT-related factors can also provide valuable indications of overall fund governance. In this section, we will discuss several typical hedge fund IT issues. Like our BCP/DR examples highlighted above, we will utilize the opportunity to focus on these specific IT issues as illustrative of the type of governance analysis that can be employed across the wide variety of operational and investment-related factors reviewed during the investor due diligence process. Specifically we will analyze the use of the cloud including its use in BCP/ DR planning, information security risk frameworks, and approaches to technology hardware management. Cloud computing-based IT and cloud-based BCP/DR solutions have becoming increasingly popular in recent years among the hedge funds. Indeed, many investors performing due diligence on fund managers may have come across more and more funds utilizing the cloud. The question could be asked, however, whether the increased use of this technology, or really any new technology for that matter, is representative of best practice governance. On the other hand, does this show that the hedge fund is merely an aggressive early adapter of new technologies that it may not have fully vetted but are simply the flavor of the day? While considering such questions, it is perhaps useful to provide some background before seeking to answer them. It is important for investors to understand exactly what the cloud is and both the challenges and opportunities it presents to fund managers, particularly in relation to BCP/DR. In the context of evaluating fund BCP/DR infrastructures, the cloud can effectively be thought of by investors as an Internet-based off-site IT solution. There are three types of cloud computing, all of which are typically classified with the ending "as a service." They include: l Platform as a service ("PaaS")-Under this model service providers provide a computing platform solution to funds such as an operating system or web server. l Software as a service ("SaaS")-This model allows funds to run and access applications on cloud-based servers. l Infrastructure as a service ("IaaS")-Under this model, service providers offer funds access to virtual computing equipment, storage space, and data centers via the Internet. Depending on the way these different PaaS, SaaS, and IaaS services may be applied, hedge funds may be exposed to more or less governance risks. For example, under an IaaS, virtual equipment is utilized. Has the hedge fund appropriately taken measures to institute robust controls regarding the information sharing through the use of these virtual machines? Similarly, what oversight mechanisms have the fund put in place to ensure any controls are being appropriately implemented? This is an example of the ways in which governance consideration can play into issues such as the use of the cloud. Hedge funds are increasingly incorporating cloud-based components into their BCP/DR plans in several ways: As noted above, the cloud can present a number of attractive benefits to fund managers. As part of an evaluation of a hedge fund's BCP/DR planning, investors should take the time to understand how their fund managers may make use of such technologies. Some key issues investors may want to consider addressing when conducting a governance assessment include: l What measures has the hedge fund taken to evaluate the BCP/DR planning procedures of the cloud provider? l How does the hedge fund monitor the testing and oversight of the BCP/DR plan at this provider? l What measures has a hedge fund taken to address security concerns related to storing data and running applications at third parties? l Does the fund manager incorporate testing of access to cloud-based data and applications as part of its own BCP/DR tests? l Has the fund performed a cost-benefit analysis of the use of cloud-based technologies versus bringing such technologies in house? At what point would any cloud benefits be outweighed by internal cost considerations? While the increased use of the cloud may be a hot trend among hedge funds for functions including BCP/DR data storage and application development, investors should take care to understand if a hedge fund has carefully evaluated their use of this new technology, or if they are simply jumping on the bandwagon. Additionally, by taking measures to ensure not just the technical implementation of the cloud but also the overall governance oversight environment including controls on data integrity, investors will likely be able to make more informed governance assessments in this area. Hedge fund managers are often undertaking a number of different technology projects at once. These can range from mundane software updates to full-scale hardware upgrades. Additionally, with the increased acceptance of virtual work environments and increased cloud usage noted above, many fund management organizations are eschewing further investment in more traditional technologies and ramping up the resources allocated to these emerging technologies. As we have discussed, some investors question whether the aggressive adoption of such technologies represents good governance. With all of these changes taking place, investors may be tempted to focus the efforts they make during their due diligence review on these more cutting-edge advances, in lieu of spending appropriate time and effort reviewing technology basics. These basics can typically include an evaluation of the appropriateness and quality of software systems utilized across a number of operational functions including order management, settlement and reconciliation, and fund accounting. Other traditional IT-related items that may be covered during due diligence reviews include hardware-related items such as understanding the types and number of servers utilized and the type of network connections in place. A common item that may become lost in the due diligence shuffle between an increased focus on a fund manager's use of new technologies and more traditional technology concerns is information security. The focus on information security and cyber attacks on hedge funds has rapidly increased in recent years. Indeed, there have been continued reports that hedge funds have undergone attacks from hackers who have stolen data and disrupted high-frequency trading operations (Strohm, 2014) . As another sign of the increased risks in this area, in April 2014, the US SEC Office of Compliance Inspections and Examinations announced that its 2014 examination priorities would include a focus on hedge fund cyber security preparedness (US SEC, 2014) . With the increased focus on risks in this area, it is relevant to consider the governance implications of the way in which funds address such risks. A fund manager is not like a traditional factory-they do not manufacture anything an end user can touch. Rather, a fund manager is in the investing business-and this is a field that is centered on information. Funds deal with all types of information, not limited solely to investment data. For example, they typically maintain data related to daily operational procedures (i.e., books and records, data from accounting systems, trade confirmations, etc.) as well as information about their employees (i.e., employee addresses, payroll figures, etc.), and data about who their clients are. During the due diligence process, a key question to consider is, "how does a fund manager go about protecting this data?" Are appropriate governance controls and protocols in place to adequately ensure initial and ongoing data security? Perhaps the more appropriate question from a governance perspective should be, "who is this fund manager protecting this data from?" The most common consideration that first comes to the minds of most investors is that a fund manager's approach toward protecting data is often focused almost exclusively on external threats. For example, it would obviously be a serious threat if a hacker were able to log onto the fund manager's internal network and steal data. During the governance assessment process, investors can take a number of steps to evaluate the quality of a hedge fund's information security defenses from external threats including: l Has the firm performed any penetration testing? l If yes: (i) Has the firm employed a third-party firm to conduct an evaluation or did they perform the testing themselves? (ii) What were the results of the penetration testing? l If not, does the firm have any plans to perform such testing in the future? l What are the firm's standard information security procedures to prevent external attacks? l What types of firewalls are in place? Another often overlooked area of information security due diligence relates to segregating and protecting data within the fund management firm itself. Often, particularly in a larger fund management organization, different employees will have access to certain pieces of information. This can be both to protect the confidentiality of certain employees (i.e., the administrative assistant does not have access to everyone's personnel files in the same way a human resources professional would) and to implement checks and balances throughout the firm. In this regard, a fund manager who takes measures to protect or limit access to certain pieces of information would do so among the firm's employees itself. Some key considerations investors may want to consider when evaluating the governance framework in which a fund manager attempts to protect data internally may include: l Are IT consultants utilized? If so, how does the firm monitor consultant access to and use of proprietary data? l Can employees utilize remote storage devices such as zip drives? l If employees can access the firm's systems remotely, are equivalent data protection procedures in place to system access from within the office? A fund manager that does not take measures to appropriately protect data from threats, both internal and external, can have critical information literally walk out the door. From a governance perspective, putting aside any loss of competitive advantage from loss of investment-related data, a fund manager that does not protect data may be exposing their client's information to others and run the risk of future fraudulent activity or even identity theft. Clearly, neglecting to protect data using best practices does not represent good governance. By asking the right questions, an investor can effectively diagnose whether a fund manager approaches this subject seriously or instead is in denial that such attacks won't happen to them. Even if a fund manager does have some controls in place, conducting a thorough governance assessment can make headway in determining what ongoing oversight is in place to prevent ongoing cyber threats. Without such ongoing oversight, it is likely only a matter of time until a fund manager is hacked. When performing due diligence on IT-related matters, investors have a tendency to focus intently on software applications and less on the actual infrastructure in place. Software is, of course, crucial to a fund manager's operations and certainly evaluating the ways in which software interacts with other functions can provide critical insight into the operational infrastructure of a fund. But what about hardware? Isn't all hardware created equal? Often times analyzing the way in which a fund approaches hardware management can provide a better understanding of governance approaches in place. To take a step back for a moment we should clarify what type of hardware we are addressing here. First of all, in evaluating a fund manager's hardware it is important to clarify what exactly we are talking about. Fund managers effectively interact with hardware in one of two ways. The first is that they purchase or lease hardware that is under their control. We can classify this type of hardware as internal hardware. The second type of hardware is not owned by the hedge fund but by a third party, and is where a fund manager's data is stored or passes through in the case of trading platforms. We can classify this type of hardware as external hardware. One of the more recent examples of the ways in which fund managers interact with external hardware is the increased use among fund managers of colocation solutions, such as cloud computing and cloud-based storage solutions. In these cases, managers are often utilizing large, third-party servers on which they have space allocated to them. It is important for investors to understand the distinction between internal hardware and external hardware in order to effectively evaluate a fund manager's hardware infrastructure. As we noted above, with the increased use of third-party off-site services, there are increased concerns of maintaining the control and integrity of such data. Similar to the concerns outlined earlier in this discussion, from a governance perspective, investors should inquire how a fund has achieved comfort with colocation solutions. Additionally, what oversight protocols have the fund put in place to appropriately monitor colocation oversight? Often times the equipment utilized in both internal hardware and external hardware situations is similar. Common types of IT hardware and peripherals include desktop computers, routers, and servers. In addition to this standard equipment, many fund managers may also have additional hardware that provides backup power generation capabilities such as generators or UPS devices. It is worth noting that each of these types of equipment is a broad umbrella term, which encompasses a wide variety of meanings. So, for example, a fund manager could have several different types of servers (i.e., email/Exchange Server, SQL Server, BlackBerry Server, etc.). It is important for investors to understand the different types of equipment in each category so that they can effectively evaluate the overall IT function. Investors should take stock of a manager's hardware inventory when reviewing the IT function during the ODD process. With this inventory in place, investors will have a road map by which they can navigate and evaluate the hardware review process. After an investor has developed an understanding of the types of hardware utilized by a fund manager, it is also important for investors to learn of the brand names of the manufacturers of such hardware. Brand names do not necessarily imply better operations, or that better governance was employed in the purchasing of such hardware. That being said, certain types of hardware are considered to be of higher quality than others. Some manufacturers may be better positioned to support the equipment they sell after the purchase. Additionally, different types of hardware from different manufacturers may have different capabilities. By inquiring not only as to the types of hardware in place but also as to the brand names of the manufacturers of such hardware (in conjunction with evaluating hardware capabilities), investors may be able to make more fully informed decisions when evaluating the overall governance oversight of the IT function. During the due diligence process, investors will often take a tour of a fund manager's IT closet. This room is often loud, due to the buzzing of cooling fans, and cold so that the equipment does not overheat. When many investors walk into these rooms, they often see large columns of equipment in racks with numerous flashing lights and wires running between them. Many investors may not be able to distinguish between different types of hardware, because they may not be aware of what these different pieces of hardware actually look like. Putting this aside, investors seeking to evaluate the strength and scalability of a fund manager's IT function may also be unable to answer a more basic question: how much hardware is enough? Can too much hardware signal poor oversight and control of hardware management? This question is perhaps most easily thought of in terms of data storage space. Consider the following two fund managers: Fund Manager A is a small fund manager who has five employees and has been in business for three years. Fund Manager B is a larger firm with 35 employees and has been in business for eight years. Which Fund Manager is likely to need more data storage space? The answer is obvious when such a stark comparison among organizations is in place. Although it is clear that Fund Manager B would require more data storage space, the next logical question is: how much is enough? Consider a prospective investor who is considering making an allocation to Fund Manager A. During the due diligence process, they take the tour of the aforementioned standard clean, cold, and loud server closet. To most investors, unfortunately, if everything looks and sounds good, they stop their hardware due diligence. Evaluating a fund's hardware infrastructure can provide valuable insights beyond just the specifics of the hardware. By asking more detailed questions during the ODD process, investors can glean information as to how the firm approaches other operational issues, such as business planning and scalability as well. This in turn can lead to insights with regards to governance approaches. Returning to our question of how much storage space is enough, there is no definitive answer. Each fund manager's situation will be different. However, to gain perspective in this area investors should consider asking the fund manager questions such as: l How do you evaluate how much storage space you need? l How much space do you currently have? l Have you taken measures to plan ahead so that the firm's storage architecture is scalable? By digging deeper into the hardware evaluation process during due diligence on IT, investors will not only have a much more detailed picture of a fund manager's overall IT framework but be also able to gain perspective on how to gauge the manager's approach to the governance of not only purchasing hardware but also maintaining it. Such an analysis can also be augmented by combining the information garnered during a hardware review with reviews of related governance mechanisms such as a hedge fund's IT planning committee. In this chapter we have introduced topics related to developing a framework for analysis of hedge fund governance. We covered a wide variety of topics ranging from approaches taken by institutional investors in this area to conducting analysis of fund directors. We also provided a number of examples of governance considerations when analyzing specific hedge fund issues such as fund expense analysis, BCP/DR planning, and IT analysis. As we noted above, the items covered in this chapter were by no means meant to be a comprehensive list of all the governance-related factors investor can analyze during due diligence. On the contrary, we only scratched the surface in this chapter. As we outlined earlier in this chapter, for the purposes of facilitating an investor's analysis of governancerelated factors, we framed our analysis of governance as an overlay on top of the analysis of operational and investment risk factors. This type of analysis framework represents the interconnected nature of governance. By leveraging off the operational and investment-related due diligence reviews, investors can conduct more comprehensive governance reviews of funds with a focus on transparency, oversight, and controls. This focus on governance will typically not only enhance the other aspects of an investor's due diligence process but produce an overall more detailed picture of the risk landscape of funds under review. Managers Put SARS Plans in Place Global Principles of Accountable Corporate Governance Calpers aims director list at increasing board sway Corgentum Consulting, LLC, 2013. The preposterous fraud of Andrey C. Hicks and Locust Offshore Management. Corgentum Consulting Blog SEC accuses James Michael Murray of investor fraud. SFGate CalPERS proves oversight of two outside hedge fund advisors Corgentum Survey Illustrates the View of Hedge Fund Investors on the Roles, Duties and Performance of Service Providers Ex-CalPERS chief to plead guilty Investors downgrade prime brokers, new survey shows. Opalesque Hedge fund operational due diligence: understanding the risks Improving the Relationship Between CalPERS and Its Hedge Fund Partners Hedge-fund hack is part of bigger siege, cyber-experts warn. Bloomberg SEC Charges Scotland-Based Firm for Improperly Boosting Hedge Fund Client at Expense of U.S. Fund Investors SEC Charges Former CalPERS CEO and Friend With Falsifying Letters in $20 Million Placement Agent Fee Scheme Lawyer get 20 years in $700 million fraud. The New York Times CalPERS tightening its control over hedge funds. Pensions & Investments