News & Insight

Due diligence January 24, 2023
A sea change for due diligence in tech

A sea change for due diligence in tech

Tech has come to the end of a ten-year-plus bull run.  Investors had been fighting to get into the hottest deals in town.  But the years ahead will see investors thinking about due diligence in a way not seen for a generation.

Warren Buffett may have said, “Only when the tide goes out do you discover who’s been swimming naked.”  With the right eyes in the middle of 2022, you could see the waters in venture tech receding.  Although many investors have always executed robust due diligence processes, there has been a search for swimwear in some quarters.

Anyone reading this will likely be familiar with the FTX story.  The crypto exchange collapsed into Chapter 11 bankruptcy in November 2022.  And with it the alleged loss of up to US $8 billion in other people’s money.  Questions have been raised about the due diligence that was carried out.

Group structure

If not already VC ‘101’, investors will typically want to know that they are being issued with shares in a group holding company.  They will want to know that ‘Holdings’ 100% owns each of the subsidiaries.  If that’s not the case, then they want to be sure that there is a good reason why.  Anything not within the group is probably not part of their investment.

The way you get comfortable with that is with warranties (‘reps and warranties’ on US deals).  And due diligence: carefully inspecting certified registers of members up and down chains of corporate ownership.

It appears that FTX had no holding company.  Instead, there is a collection of companies (or groups of them) that were formerly under the control of the CEO, Sam Bankman-Fried.  Investors seem to have invested into different parts of the FTX network of companies at different times.  Some of the institutional investors must have considered the obvious risks involved, but it is not clear why those cheques were still written.  We may never know what was said in those investment committees.

See here an attempt by the Financial Times to untangle a March 2022 group structure chart for FTX.  They did not get very far, and the story now plays out in the courts.  Bankman-Fried still claims at time of writing that “US FTX” was solvent when the business went into bankruptcy.


FTX appointed John Ray III as CEO as it filed for bankruptcy.  He commented:

“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here.”

And he had led Enron through a similar process two decades earlier.  That scandal also involved off-balance sheet related-party transactions with non-group companies.

We expect to see from here greater focus from investors across the spectrum of corporate governance.  That may include some of the following.

  • Greater representation for investors on the board of directors. (Note that there do not seem to have been any investor directors at all on the FTX board).
  • An emphasis on the quality of the management accounts and the audit. (Bernie Madoff’s ‘fund’ did not have auditors in any recognised tier and had no independent custodian of the assets.)
  • Increased diligence on financial reporting standards generally. (FTX were using Quickbooks, software advertised as being designed for small businesses).
  • More prescriptive information rights for investors generally, and perhaps step-in rights if there is non-compliance.
  • A focus on who the investee company’s advisors are. Do they have the necessary skill set?  Are they independent?  Is the business being advised at all?

Regulatory status

What regulations apply to the investee business?  Does it have the necessary authorities and licences?

Tech’s ‘move fast and break things’ era is now well in the past.  Businesses operating in regulatory grey areas will come under greater scrutiny.  Founders will need to work harder if regulators do not understand their business.

Going offshore

There are many good reasons to incorporate companies and seek to operate offshore.  But we expect to see greater focus from here on the reasons why.  By offshore, we mean of course away from the major jurisdictions (such as the US, the UK, the EU, etc).

One of the reasons given for going offshore has been to seek out lighter touch regulation.  Sam Bankman-Fried and FTX moved from Hong Kong to the Bahamas looking for that very thing.  There may be nothing wrong with that approach; but when the business comes to trade onshore it will invariably find itself needing to comply with onshore regulation.

Tech ventures incorporating offshore may find themselves under greater scrutiny generally, if nothing else being asked to explain why they chose to do so.

Eyes open on co-investors

If they were not doing so already, we expect then to see lead investors taking greater interest in the other names on the cap table.

  • Who is co-investing with them?
  • Who are the existing investors?
  • In either case, who are their beneficial owners?
  • Where has their money come from?
  • Are they at risk of sanction?
  • Might national securities laws apply?

Compliance with AML rules and regulations is now – or should be – a major part of every venture capital deal.  Every investee company should know who owns and controls its investors.  And it needs to understand where the money to be invested has come from.

Investors should already be enquiring as to AML compliance on prior funding rounds before they invest.  There is though no global AML compliance regulation.    The rules in the US are different to the rules in the EU; and different jurisdictions prioritise different issues.  In some of the more exotic offshore jurisdictions there may be an absence of robust regulation.

But breach of AML regulation in any jurisdiction is usually a criminal offence.  Those in breach will usually face draconian penalties.

If an investee company is in material breach, then it has a major problem.  And that can become a bona fide investor’s problem if the company dies as a result and takes the investment with it to the grave.

So too if a co-investor becomes subject to sanction and has its shareholding frozen.  That may then stymie the next funding round or may scupper an exit.

National security and the danger of an unwinding

National security laws are proliferating across the globe.  Here in the UK, we now have – as of January 2022 – the National Security and Investment Act.  The UK government can now scrutinise and intervene in deals affecting national security.  And there is mandatory pre-reporting for certain sectors.  Investors will want to understand to what extent the Act will apply.   In the US, CIFIUS has been around for a good while now and that committee has broadly similar powers as now possessed by the Secretary of State in the UK.

Old fashioned due diligence

Last, we expect to see more VC deals where investors want to carry out old fashioned due diligence.  That is, a reading of the documentation and then rounds of questions and answers on core topics such as:

  • historic acquisitions;
  • intellectual property;
  • key commercial contracts;
  • data protection;
  • real estate;
  • employment contracts;
  • pensions; and
  • disputes.

That process ends up with the writing of a report, to which the provider will want to add robust exclusions and assumptions not least because its professional indemnity insurance policy will be on the line.

Third party due diligence reporting comes with a cost.  The cost reflects not only:

  • the effort of reading the documentation and writing the report (including its scope, assumptions and exclusions); but also
  • if the report is inaccurate, access to an insurance policy.

Reports are usually expensive.  On early-stage VC deals there is usually a limited budget to be paying lawyers and accountants.  We do not think that is going to change.

And on all but the largest VC deals and even on those there will always be those Rumsfeldian known unknowns and perhaps unknown unknowns.

Investors on early-stage deals will therefore have to continue to make decisions without conducting full-scale due diligence.  But it will be ever more important to make a correct qualitative analysis of which subject areas to look at.

FTX, Theranos and Madoff may be outliers when it comes to failings in due diligence and are not necessarily representative of general market practice.  But the fact remains that when markets get hot and capital is cheap then the fight to get into the hottest deals often acts so as to drown out those seeking to ask the hard questions.

This piece was written by Henry Humphreys.  It does not necessarily reflect the view of Humphreys Law and other lawyers at this firm.  Most of the above will not be news to well-managed institutional investors.

All the thoughts and commentary that HLaw publishes on this website, including those set out above, are subject to the terms and conditions of use of this website.  None of the above constitutes legal advice and is not to be relied upon.  Much of the above will no doubt fall out of date and conflict with future law and practice one day.  None of the above should be relied upon.  Always seek your own independent professional advice.

Humphreys Law


If you would like to contact a member of our team, please get in touch by filling in the form below.

"*" indicates required fields

Humphreys Law