Spotting a firm's weaknesses under regulatory due diligence

Spotting a firm's weaknesses under regulatory due diligence

Q – What gets examined as part of regulatory due diligence?

A – As part of a company that carries out regulatory due diligence often, I’ve had a privileged view into the common trends, and therefore the main areas that will be looked at.

There are distinct differences in the issues we see in small companies compared with large ones, but there are some common areas of weakness. 

I’ve spoken before in this column about the red flag of defined benefit transfer advice in a company’s back book.

And given the Financial Conduct Authority’s statistics for the level of unsuitability in pension transfer advice, this is certainly an area that will be closely looked into as part of any regulatory due diligence.

Indeed, the current market uncertainty is likely to increase this focus.

But other areas also come under the spotlight.


We know how fundamental cultural influences are to the overall risk profile of a business.

But cultural misalignment is also a big factor in how successful a transition will be post-acquisition.

So we’ll look at the target company’s culture using data, business structures, committee minutes and interviews.

In large businesses, the issues tend to be that cultural considerations are only skin-deep and aren’t demonstrated throughout the organisation, whereas in small businesses, culture is often not given sufficient consideration. 

A warning sign during regulatory due diligence is when a target company has a lack of independent challenge to the business’ activities.

Outside influences are crucial to ensuring a business adheres to wider standards of customer care and risk management. 

In small companies, we sometimes find a complete absence of any external review, and as a result plenty of shortfalls that should have been picked up.

In larger companies we see a lack of challenge from non-executive directors, sometimes resulting in commercial outcomes dominating customer considerations.

These present significant risks for an acquisition.

We also look at a target company’s ongoing service processes.

Suitability reviews

Mifid II introduced the requirement for annual suitability reviews.

We’ve found that many businesses are behind when it comes to contacting customers, usually because of insufficient processes, systems and controls in the background.

Whatever the reason, it suggests a wider lack of customer focus, which prompts us to look further.

We take a look at the processes to see the percentage of customers who are likely to be receiving the right outcomes, as well as conducting a sample file check to see if the process lines up with regulatory expectations in practice.We’ll also review processes and procedures in the target company.

We find businesses that have grown rapidly rarely have a controls environment that is up to scratch. 

Are processes set up to ensure customers receive the right outcomes? Are processes followed in practice? These are all questions we’ll investigate, and often the answers are no.