Network managers continue to grapple with virtual due diligence format

Virtual meetings cannot fully replace onsite visits for network managers conducting due diligence, however the framework is adapting and holding strong for now.

By Jonathan Watkins

Network managers are adjusting to virtual meetings as part of a broader due diligence framework but are finding it difficult to replicate the benefits of an onsite visit.

A line-up of network managers, speaking at The Network Forum Autumn Meeting, agreed that while virtual replacements are helping them in an environment where onsite meetings can’t be held due to the pandemic, a hybrid approach in the future will be more beneficial to appease regulatory requirements and conduct a comprehensive review.

“Our risk department is already comfortable that we have a robust framework in place to evidence that we are taking those steps. We’ve been clear that onsite visits are just one element of a due diligence visit. If we can show that we’ve taken all the reasonable steps to conduct that due diligence, then our oversight models can be made up of these varying elements, methods and tools,” said one panellist. “So we’re not solely reliant on onsite visits and we should be able to use those other mechanisms to demonstrate that we have sufficient controls in place.” 

Overall, the sentiment from the line-up of network managers was that regulators, clients and internal risk departments have been satisfied with the virtual meetings approach in addition to questionnaires, group calls and ongoing monitoring. 

However, the panellists said virtual meetings are not a long-term solution, stressing the importance of in-person meetings when carrying out due diligence.  

“There are definitely things you can’t evidence virtually,” said one panellist, highlighting the benefits of in-person meetings and reading body language and actions. “I would never expect someone to sign off on someone who was walking through security, looking at the security around a vault, there would be too much risk around that, so there will definitely always be elements that you can never do virtually. 

“Everyone would ask to see a set of procedures, that’s not something you can send in a virtual response. When I’ve been onsite, you’d expect them to obtain those procedures, print them off and that should be at your fingertips.” 

While many processes in the securities services world are changing and adapting to the ‘new normal, panellists believed that while onsite visits will reduce in the future, they are unlikely to be replaced and will start up again as soon as possible. 

According to an audience poll, 85% of respondents believed a mix of virtual and onsite in alternative years would become market practice, while 15% said only onsite would suffice. No audience members said virtual only would be acceptable or that the due diligence questionnaire works well enough by itself. 

There was scepticism over group virtual calls where challenges exist over multiple firms being on the same call and Q&As being arduous. One speaker said that any confidential questions may have to be asked in a follow-up call and that the format “removes spontaneity”.  

Interaction with market infrastructures also remains a crucial part of the due diligence process but has become much more difficult during the pandemic. With information about market changes critical for network managers, virtual meetings are proving a struggle when it comes to engaging with central counterparties and central securities depositaries. 

One speaker suggested the ability to engage with those players is a testament to the network managers relationships with the market infrastructures.

Network managers have been required to add COVID-related questions to their due diligence questionnaires (DDQ), aimed at obtaining very granular details about the disaster recovery processes of sub-custodians in individual markets.   

While the AFME DDQ covers business continuity processes (BCPs), many network managers expect the template will need to undergo significant revisions to take into account remote working readiness and preparing for unexpected threats, such as the COVID-19 pandemic.   

In addition, cyber security questions have become much deeper with a heightened risk due to mass remote working. 

“We’ve definitely seen an increased focus on cyber security, and I think that’s the same for all organisations out there,” said one panellist. “We’re operating in a working from home environment and that makes organisations and their employees susceptible to cyber-related attacks.”

While network managers appear to be hoping onsites will return as soon as possible, it seems a virtual alternative will suffice for now, however in the long term if physical visits are not viable, then new standards and methods may be need to be defined for the process to be as comprehensive as the managers would like.