A step-by-step guide to assessing new suppliers and not getting fired, with quiz
The need for due diligence
Every business person likes to think of themselves as a leader, but the law of averages means they’re more likely to be followers.
Both need to use due diligence, but they respond differently.
The biggest fish in a company pond tend to become less assertive and confident once they find themselves in a larger pond with their competitors, and lot more risk-averse.
Think of the Tour de France. Every year, 200-odd of the world’s top cyclists have gone through astonishingly gruelling tests to make it to the world’s premier cycling race, yet only 3-4 of them have any realistic chance of winning, and only one can finally prevail.
For 98% of them, their role is to support one of the 2% if they’re part of their team, and to survive as best they can if not. The strategy for ‘staying in the race’ is clear:
- lurk in the middle of the peloton
- seek safety in numbers
- don’t get left too far behind
- keep an eye for the 2% when they make a break
- try not to crash or get injured
It’s possible for an unexpected winner to emerge from the peloton domestiques and journeymen, but such events are vanishingly rare.
In the real world, they all know that though they may dream of being leaders, and even though they’ve risen to the elite, they are one of the 98% destined to follow.
Their role is more defensive than offensive. They don’t want to take too many risks, and their top priority is not winning, but not screwing up. Just stay in the race, and don’t risk looking stupid.
Which means they need to think very hard about due diligence.
Due diligence is what every business must do when considering changing anything, be it a new supplier, partner, collaborator, investor, customer.
Will they be the revolutionary new aerodynamic helmet that will make them one of the 2%?
Or will that new gear changer leave them in a heap at the bottom of the mountain, as their competitors disappear over the peak?
Due diligence, pre-Internet
Before the Internet, in the days when the ‘computer department’ consisted of middle-aged men with beer-bellies in the basement, who’d mastered the art of stacking and folding punch cards and inserting them into ‘mainframes’, the tech industry had a common adage:
‘no one ever got fired for buying IBM’
This was a sector-specific version of other common phrases involving ursine excrement, papal millinery, or the imperviousness of amphibian anuses. Those things haven’t changed, but, although no one knew it at the time, this wisecrack about IBM very soon proved itself to have a very short shelf-life.
In the 1980s, IBM was the no-brainer choice for IT system procurement managers because it:
- Had been around since 1911
- Had a market share of around 80%
- Was the biggest company in the world, 2.5 bigger than the next-biggest, Exxon
IBM still survives, but ‘Big Blue’ is now much diminished. Mainly a software company, one of many, and a long way from number one.
The phrase ‘no one ever got fired for buying IBM’ is as popular as ever, but means the exact opposite. Instead of a ‘duh’ response to anyone considering buying a smaller, newer or more innovative upstart, the phrase is now deployed as a cautionary tale of not doing so.
In the age of disrupters, thinking-outside-the-boxers, move-fast-and-break-thingers, forgiveness-not-permission-askers, the notion of going with the ‘safe bet’ is proof of folly, not wisdom.
So what’s the new mantra?
Due diligence, post-Internet
Today, the stock market is dominated by companies that didn’t exist when most purchasers were at school. How can a risk-averse manager avoid getting fired for picking the wrong supplier?
These days, it would be suicide for a big business to crow about its market dominance. As behemoths like Google, Microsoft, Apple, Facebook et al take their place at the top of the tree, they need huge advertising, lobbying and legal budgets to convince anti-monopoly legislators their market share is fragile, temporary and fair.
Instead, advertising yourself as an innovator, start-up, and disruptor has become the norm. Like fading stage stars turning to cosmetics, flattering lightning and botox, today’s IBMs are desperate to keep appearing youthfully vigorous.
To survive, today’s dinosaurs need to keep gobbling up the agile proto-mammals, buying out the competition through acquisition before they become threats, crushing them with their weight advantage, or ripping them apart with their legal talons.
Their greatest fear is that they’ll miss one of those nimble mammals dodging between their tottering, galumphing legs, and within a couple of years it will have grown so large and powerful they’ll be toppled.
With the Internet dominating every aspect of our lives, the new ‘Buy Innovative and Nimble’ mantra has spread beyond tech companies. Even Jaguar, a car company founded in 1922, has had to ‘reinvent’ itself as ‘fresh’ and ‘innovative.
This has made the process of ‘due diligence’ one of the greatest challenges for businesses today.
It has become more akin to picking stocks. How is a poor purchasing manager to tell the genuine innovator from the delusional, corrupt, or incompetant, when they all tell you the same thing?
How can you avoid getting sacked, or looking stupid, when everything is new all of the time?
The answer to that would be ‘due diligence’.
The old tools
Many of the familiar tools in the purchasing manager’s toolbox still work. It always makes sense to apply them first.
Financial records
Go to the government body that keeps compulsory public statements, and carefully examine any published annual reports.
To be taken seriously, companies have to demonstrate they’re legally compliant with financial reporting obligations, which are lodged and on public display wherever it’s a statutory obligation.
- USA: Securities and Exchange Commission (SEC)
- EU: European Business Registry Association (EBRA)
- Japan: Ministry of Economy, Trade & Industry (METI)
- UK: Companies House
But you’d be a fool just to rely on this information.
Enron, Lehman Brothers, FTX, Bernie Madoff are just some of a long roll of Dishonour of big companies, audited by big accountants, who were extremely bad picks for a procurement manager looking not to get fired.
Many huge companies, famously Amazon, made huge losses for years on their journey to global dominance. Their balance sheets needed a lot of ‘interpreting’.
What if the company’s ultimate owners turn out be registered under some shell company in a ‘discreet’ tax haven like the Cayman Islands, where your regulatory paper trial suddenly dries up?
And with so many start-ups funded by private equity, with limited obligations to be too transparent about their finances, how can you prevent the wool from being pulled over your eyes?
So what other sources might keep you in your job?
Affiliates
Many businesses these days are parts of more complex entities.
When being linked with a bigger or better-know beast helps, this connections are trumpeted. Brands from Virgin to Trump are good examples. This makes due diligence easy.
But not all businesses are so keen to advertise their links to their funders, investors or affiliates, usually when corporate-owned entities are posing as homely local ones. That’s why British local newspaper The Salisbury Journal advertises the fact that it was first published in 1729 on its masthead, but you need to scroll to the bottom of its website to discover it’s actually owned by corporate agglomerator Newsquest. You then need to do your own homework, or find a useful article, to discover that Newsquest is owned by US media giant Gannett, and dig even deeper to discover that Gannett itself is owned by New York hedge fund the New Media Investment Group.
It always pays to follow the money, and following affiliate threads, however well concealed, can provide important insights..
Investors
Looking at the list of investors is a common due diligence shortcut.
It’s a legitimate form of buck-passing, until it doesn’t work. The logic is appealing – ‘if Warren Buffet thinks it’s a safe bet, that’s good enough for me’, but the problem with outsourcing your due diligence is that they may be wrong.
Would a business that Rupert Murdoch invested $125M in be a safe bet? You’ve just bought shares in $9Bn fraud Theranos.
All the banks who bought up sub-prime mortgages pre-2008? Well, you can always argue you’re in good company.
What else might a responsible businessman, doing their due diligence, find at the bottom of the old toolbox?
Customers
Seeing who else has already bought a supplier’s goods or services can be a good indicator of trustworthiness, stability, credibility or gravitas.
This is a different version of outsourcing your due diligence to investors, but you should be wary of being fooled by two possibilities.
First, start-ups, by definition, don’t have any customers. You may be the first one. Rule out a start-up because no one else has yet bought their product, and you miss out on being a first adopter, which could supercharge your business. Think of all those record companies that turned down The Beatles, or publishers that rejected J. K Rowling.
Secondly, even if you do only do business with businesses with lots of customers, things can go horribly wrong. The herd isn’t always right. Think of lemmings.
Or, to be more specific (and to be fairer to those Nordic rodents, as misunderstood as the Nordic King Cnut), think of who lost their jobs after the 2008 financial crash.
Most banks survived the crash. None of their bosses went to jail (unless they were Icelandic). Huge numbers of staff were fired, made redundant, or otherwise victims – but in 2009, or today, would your due diligence processes disqualify the companies that laid them off?
The richer the business you’re checking, the less due diligence matters. Money is its own guarantor. Why bother doing due diligence on, say Elon Musk?
Most very rich people are prudent enough not to put all their eggs in one risky investment, and smart enough not to go to jail if one fails. Even when the super-rich screw up, they’re usually first in line for any compensation or hand-outs like Rupert Murdoch when they worked out how much cash Theranos had left, or Tesla and Space X now.
If financial records need to be taken with a bucketful of salt, complacency is risky.
If outsourcing your due diligence to ‘smart guys’ isn’t foolproof, how else can someone assessing a new potential supplier guarantee their job security?
New Tools
There’s nothing truly new under the sun, when it comes to due diligence in assessing new suppliers, partners or collaborators.
In many ways the new tech giants are simply retellings of old stories from the Book of Capitalism.
For every old-school oil baron who made his fortune from ‘black gold’ or ‘Texas tea’, there are now Silicon Valley Overlords raking it in from ‘eyeballs’ and ‘data’ (they’re also still nearly all male, and predominantly white).
The old due diligence tools are therefore still as useful – or useless – as ever.
But while the Digital Age hasn’t produced many significant new tools in the due diligence toolbox, it has made some of the more neglected old tools more useful.
Legal notices have been around for as long as business has been governed by legal institutions. Humanity’s first example of writing was a business ledger written by a Mesopotamian accountant around 3,200 BC.
But what used to be pro forma boilerplate now attracts more attention, and has become a useful go-to for executives looking to mitigate risk through due diligence.
This may be because we can now see them online on websites, without having to blow the dust from archived documents. Maybe it’s because the gap between the Silicon Valley disrupters and the antiquated laws that are supposed to regulate them has grown so wide.
Whatever the reason, bog-standard legal instruments have become a critical new tool for assessing risk when taking on new suppliers, partners and collaborators.
Data Privacy Notices
Now that ‘GDPR’ has entered common parlance, and we’re all waking up to the eyeballs=data=monetisation business model of our Silicon Valley Overlords, we’ve also become much more aware of what businesses do with all our data they vacuum up whenever we use an internet-connected device.
The new legislation that generates all those annoying cookie notices is designed to protect us from the more rapacious data-collectors, or at least make us aware of what we’re giving away in return for:
- ‘free’ services like Google, Facebook or TikTok
- retailers when we buy from them
- services when we use them
The language is still dense and hard for non-lawyers to follow, but Data Privacy Notices now provide rich pickings for due diligence, so long a you can mine the sub-clauses and small print for gold nuggets.
End User Licence Agreements
EULAs are the things we all click ‘Agree’ to when we sign up to any kind of online services. Most of us accept this as inevitable.
Unlike Data Privacy, where regulations now enable us to pick and choose which data we choose to share or not, agreeing to Terms & Conditions is a binary, all-or-nothing choice.
There’s no á la carte option. Either you permit the business to feast on the data buffet as they define it (probably on page 76, sub–clause 8Ci, in font size that would challenge a sniper), or you go elsewhere.
Recent court rulings have called the point of such obfuscation into question, as judges are unimpressed by corporate defendants claiming they’re in the clear because Joe Bloggs shouldn’t have clicked ‘Agree’ without checking that the small print included giving away his first-born male child.
Still, for due diligence experts prepared to wade through the legalese, licence agreements can be excellent tools for assessing the business model, ethics, values and market competitiveness of the entity that wrote them.
MoUs, LoIs, Contracts and JV Agreements
There are different ways for two parties to agree, in formal language, their intention to work together and the terms on which they will do so.
A Memorandum of Understanding (MoU) and its beefier relative the Letter of Intent (LoI) are not legally binding.
Each is signed by the two parties, and lays out their agreed:
- Nature and scope of their collaboration
- Contributions from each party, and how big they’ll be
- Benefits accruing to each party, and who will own them
An MoU/LoI are light on specifics. This is both an acknowledgement of reality (the unpredictability of unforeseen events at the start of their journey together) and good faith (we won’t sue you if it fails).
If this sounds like a legal expression of ‘suck it and see’, they have their uses.
An MoU provides a useful point of reference for any future disagreements if the collaboration goes wrong. If it goes right, an MoU serves as a draft for a legally binding agreement.
Legally binding legal instruments, like a contract or joint venture agreement, carry greater liabilities. They specify legally enforceable penalties for non-compliance.
All, however, require some degree of due diligence from each party on the other.
Whether we’re flirting at a party, or getting married, we all want to know something about new relationships…
When it comes to due diligence, the degree of detail contained in MoUs, Letters of Intent, Contracts and Joint Venture Agreements not only make them essential tools for responsible entities entering a business relationship. They are potential due diligence goldmines.
The problem is that they tend to be secret, locked in the offices of the two parties and their lawyers.
Government bodies demonstrating prudent use of public funds might occasionally publish an MoU, but commercial enterprises would risk making sensitive commercial information public for no discernible gain.
Non-disclosure Agreements
Familiar from gossip columns, legal disclosure resulting from the famous seeking to conceal their sexual predation, or ‘pre-nup’ contracts between the super-rich and poorer spouses, ‘non-disclosure agreements’, (NDAs) are probably the best known of these legal instruments.
In personal matters, court cases have demonstrated they’re more useful as tools of intimidation than legal defences, NDAs are a routine part of any IP-heavy business transaction.
When your fortune depends on your ideas, you need to protect your ideas, and NDAs form your first line of defence, before you dig in with patents.
While they may be of variable legal force, NDAs are due diligence gold.
By specifying exactly what a company doesn’t want you to tell anyone else, they reveal what they think is their key value proposition, and how they intend to monetise it.
The oldest tool of all
In case all this legal jargon, and thicket of acronyms, seems beyond you, bear in mind they’re only fancy, modern, versions of dogs sniffing each other when they meet, cavemen cautiously extending a hand in greeting, or samurai sheathing their swords in order to bow.
The oldest tool of all resides in your brain. Call it what you will – using the noggin, common sense, judge of character, spider sense, reason, logic. It differs from person to person, and situation to situation, but ultimately we all place a high value on it.
Venture capital fund managers, having crunched all the numbers on a start-up, will say ‘I have a good feeling about this one’.
Presidents and prime ministers, after carefully considering the pros and cons delivered by their trusted advisors and hand-picked cabinets, will go with their gut.
Business leaders, after hearing from their Sales, Research, Legal and Business Development heads, will fall back on their instincts.
We’re only human, and no one really knows anything.
Due Diligence Quiz
To test what you’ve learned from this article, here’s a short quiz, based on one UK-registered company, with the relevant links.
Q1 Website: what does a quick glance at its website tell you about what it does?
Q2: Affiliates: does this affiliate website help with your due diligence?
Q2: Financial Records: What useful clues can you find in its Companies House entry to enhance your due diligence?
Q3: Investors: Can you find any investors listed on its website? If not, how does this inform your due diligence?
Q4 Customers: Can you find any existing customers listed on its website under the ‘Pilots’ sections? If not, is that cause for concern in relation to due diligence?
Q5 Data Privacy Notice: These usually run to at least a couple of thousand words. Should this company’s brevity be a red flag, or a green light?
Q6 End User Licence Agreement: Standard templates are usually around 10,000 words. Should you be concerned that this one is only 150?
Q7 Memorandum of Understanding: Why is this company publishing its MoUs? What possible benefit can either party gain from making it public?
Q8 Disclosure Agreement: Does the particular wording of this template alarm or reassure you?
Q9: Noggin Test: What does your gut tell you about this company? Are you likely to get fired for using it, or promoted?