You want to invest $3 million into a real estate project. Time is tight because it’s closing in 12 days. The developer (51 years old) seems to have a decent track record and takes credit for billions of dollars of projects, but this project doesn’t yet have zoning approval and the previous owner dumped the property because his plans to develop it got tied up in court by angry neighbors.

  • Scenario one: You find the developer has no criminal record and no bad press. Your lawyer looks over the contract and you send the developer your $3 million because the return looks attractive. Four years go by and the project is mired in delays, cost overruns, and your guy gets the project into expensive litigation with another partner (something it turns out has happened in a prior project of his). In the end, as he considers selling the land, you are happy to have him buy you out at a loss.

Cost: $1.25 million. But you saved $3,500 by not paying for good due diligence.

  • Scenario two: You find the developer has a history of litigation against close associates, plus got into a loopy lawsuit over a $5,000 dispute that he says knocked down his credit rating. He has billions in past projects but he’s taking time to litigate over $5K. You see that the project doesn’t have approval and that he’s been unable to refinance his large mortgage even though rates have fallen. Maybe he’s too highly leveraged in his other projects. Maybe he hasn’t done those billions he claims he has. You pass on the project.

Cost: $3,500. And you have $3 million in dry powder to invest somewhere else.

$3,500 buys back your $1.25 million mistake, not to mention any excess returns a different project could earn.

 0.28 percent seems like a fair price to have paid.

Think of due diligence the way you think about car insurance above the minimum amount your state requires. In New York, you could get insured for just $50,000 in case the other person in an accident should die. But what happens if they die and you get sued for $2 million? Inadequate insurance could result in a lien on your house.

You will try your best to drive defensively, but if  you make a mistake you’ve prepurchased the cost of the mistake with a higher premium.

There is no state law anywhere in this country that says you have to spend a minimum amount of money in due diligence on a proposed business transaction. You are fee to lose millions on a bad deal.

But if you are insured for more than the minimum coverage allowed for a car accident, why are you risking big money with your investment by foregoing good due diligence?

 

Want to know more about how we work? Our website has a wide range of publications and videos. You can also read my book, The Art of Fact Investigation which is available at bookstores online and for order from independent book sellers. And check out our other blog, The Divorce Asset Hunter.

One indispensable part of due diligence is to check for regulatory sanctions. Was a company found by the SEC or FINRA to have misappropriated investor money? Put them in unsuitable investments? Lied on a filing to induce people to invest money under false pretenses?

While we never pronounce “Invest” or “Don’t Invest,” “Hire” or “Don’t Hire,” regulatory sanctions are something our clients can put into their personal mix that determines risk tolerance.

But what about when you don’t find any regulatory problems? That too can flag a problem. And the bigger the prospective deal, the more the complete absence of regulatory problems becomes. Two issues in the news today come to mind on this front: Cryptocurrency and ESG investing.

As we saw with the Bernard Madoff scam (and countless others), it’s what is not in evidence that should cause the greatest concern. In Madoff’s case these can’t-be-founds included an independent custodian, a Big Four auditor, reasonable variability in returns for equities, and in the last couple of years before he was caught, evidence of billions of dollars of equity holdings in his 13F SEC filings.

Bad, cheap, check-the-box due diligence, could and did robotically report to you that “No sanctions were found” for Madoff’s operation. Plenty of people refused to invest with him because of what they expected to see but did not. Still, a lot of the due diligence failed them. Even the SEC was unable to nail Madoff after repeated approaches by a whistleblower.

Unlike with Madoff, I am not suggesting any evidence of criminality with the examples below. It is just that there is a lack of what I would want to see in an investment that was not high risk: That they are governed by rules and that they follow those rules.

  1. Environmental, social and governmental (ESG) investing. What’s remarkable about the categorization for investors of ESG investing is that there is no accepted definition of what ESG is. While regulators can come down hard on companies for violating accounting standards, there are no ESG standards to violate. This was explained beautifully in a Bloomberg article, The ESG Mirage, last year.

If someone is selling you a bond fund, you would expect it to be full of bonds. A gold miner’s ETF should be about investing in gold miners. But investing in companies with good ESG scores is a matter of sorting through more than 160 different, competing standards for what makes a high ESG score – what Bloomberg calls “a foundational yet unregulated piece” of a multi-trillion dollar business.

If you have a business worth tens of trillions of dollars, you would expect some wrongdoing to pop up here and there, but it’s down to Bloomberg and other journalists to tell you that ESG can mean nearly anything Kick out Tesla, upgrade Exxon Mobil. How is an investor to tell the quality of the ESG product he’s considering?

  1. We are now seeing the early stages of litigation meant to determine what kind of regulatory regime will govern cryptocurrency in the U.S. The industry says it’s a commodity and should be governed by the Commodity and Futures Trading Commission (CFTC). But the Securities and Exchange Commission (SEC) is having none of that. Even though Congress hasn’t spoken specifically about which agency ought to regulate crypto, the SEC is proceeding as if there is a clear answer to what cryptocurrency is.

It’s not an absence of regulatory activity, as with ESG, just the very early days of it.

When the rules are unclear, risk goes up. At around $1 trillion, the crypto market (including cryptocurrencies and non-fungible tokens), presents a huge amount of regulatory risk.

None of this means you shouldn’t pay attention to ESG ratings or crypto. But the idea that these are well-settled concepts with anything like low risk is an idea a serious investor should dismiss.

 

When not at work, I like to do many things, and one of my favorites is to watch New York Mets baseball. Since moving to New York I’ve grown to love the team and I make common cause with the many Mets fans I run into (even in my Bronx neighborhood just a few stops from Yankee Stadium).[1]

Keith Hernandez, 1986: Barry Colla Photography, Public domain, via Wikimedia Commons

One benefit of watching the Mets is that our team has what many consider to be the finest broadcasters calling their games. The radio team led by Howie Rose is unmatched for its knowledge of the game and willingness to criticize the home team if that’s merited. Most of my intake is via the TV broadcasters, often rated the best in the game. Included in most of these games is Mets alumnus Keith Hernandez, who provides an education on hitting each and every time he sits down in the booth. [2]

Some of what I’ve learned watching Mets baseball turns out to be applicable to my work life.

  1. Not everything is under your control. If your umpire that day is a “pitcher’s umpire” (one who calls a generously-large strike zone), then some close pitches are, in the words of Hernandez, “too close to take.” You had better try to hit them or foul them off. Passivity can send you back to the dugout. Hernandez doesn’t criticize umpires for large or small strike zones, and goes out of his way to praise the umpires who keep their zones consistent. If an umpire is calling inside strikes all day long, shame on you for watching as a close one goes by you for strike three.

Our “umpires’ are the circumstances in which we find ourselves. If we are investigating on a tight deadline and need to get records in a county that does not permit on-site searching in the courthouse, we prefer to over-order any record that could be relevant so we can sort them out later. If someone is going to rule out a document as being irrelevant, we want control of that process. If we get too many documents and need to discard some as being of no use, that’s like a two-strike foul. Better that than to fail to order the document that could turn out to be the one we need. That would be looking at strike-three.

On the other hand, if we’re in a county that has a nice full set of records online, we can be much more selective up front because we can read the dockets ourselves and sometimes figure out whether the case relates to “our” John Smith or someone else with the same name.

Overseas, some countries have nice public record systems that permit searching and unambiguous reporting. Other nations have no concept of a public record. All the information you get in these places is unofficial, even if highly informative. It’s no good cursing your bad luck that the investigation takes you to a difficult location. You’re at bat and you make the best of it.

  1. You may need to change your approach a few pitches in. Hernandez talks all the time about “good two-strike hitting,” which means that you may need to change the way you want to swing when there is a much greater price to pay for being unsuccessful on the next pitch. Instead of trying to hit the ball in the most powerful way (“pulling” toward the right for left-handed hitters and vice-versa), many good hitters just “slap” or “poke” the ball through an opening the other way for a single.

In other words, if you’re not going to hit a home run, better to hit a single than to strike out.

We love investigations that turn out to be “home runs” right away. The million-dollar fraud we discovered being perpetrated by our client’s litigation opponents that forced them to drop their suit; the $60 million in traceable assets we found in even less time during a divorce asset search.

But what if you don’t find that kind of thing that quickly? Two strikes for us can mean we are running out of time (before a court-imposed deadline), running out of budget (you can’t afford to look everywhere); or both. We try to concentrate on the jurisdictions most likely to yield records about our person, rather than all thirty counties he may have lived or worked in over the past 20 years. This is what’s called Bayesian analysis – refining search terms based on what you learn as you go along to increase your odds of success.[3]

If we’re trying to impeach the credibility of a witness, we may find no prior conviction for fraud (a home run), but the omission of a job on his resume eight years ago could turn out to be valuable if it leads to evidence that he was fired for incompetence there (long single or double).

  1. Analytics are helpful, but you also have to trust your eye and what the pitcher is doing today. The data may tell you that with two strikes a pitcher is x% likely to throw a breaking ball, but what if the third time through the batting order you notice he has started “tipping” his pitches (involuntarily signaling what he will throw next)? That won’t be in the data, but it will be obvious if you’re watching.

We too have access to lots of data. Databases give us nice head starts on where people have lived, what companies they’ve associated with, some criminal convictions, and names of relatives. But we still subject all of that data to verification by checking it ourselves. It’s often right, but it’s wrong often enough that you can’t just trust it blindly.

One database thinks I still live in the home we sold 12 years ago, based on a grocery store discount card I obtained while living in the old house and which I continue to use today. The grocery store continues to sell my data to aggregators, who continue to report that I live where I don’t. Anyone checking the county record at the old place can see it was sold, but if they don’t check they’ll get it wrong.

Along with his equally brilliant commentators Ron Darling and Gary Cohen, Hernandez is also brimming with tips about fielding, especially regarding the placement of infielders given the situation (the hitter at bat, the score, the count). These tips also pertain to investigation. That article will be appearing before the Mets next win the World Series.[4]

[1] There are many Yankee fans around too, and I also count them among my friends. There is even, for some reason, a lifelong Bronx resident who roots for the Phillies. It only took him two years to admit it.

[2] Hernandez will have his number retired by the Mets on July 9. He has not been elected to the Baseball Hall of Fame, though his career on-base percentage of .384  is close to that of Detroit’s Miguel Cabrera, often referred to as a shoo-in for Cooperstown. His WAR (wins above replacement) of 60.3 is better than those of Yogi Berra, Willie Stargell or Vladimir Guerrero, and just 0.1 below Harmon Killebrew’s. He was also famous for revolutionizing play at first base, where he won eleven consecutive Gold Gloves.

[3] I discuss this further in Legal Jobs and the Age of Artificial Intelligence, Savannah Law Review Vol. 5, No. 1 (2018).

[4] Date to be determined.

Many of us love optical illusions. It’s a safe thrill to know we’re being tricked, and yet are still unable to tell our brains to “get real” and stop the illusion.

Bridget Riley, section of Blaze 4 (1964)

When you’re doing an investigation, the same kind of thing can take over your brain: You want to look at facts in one way, but your brain won’t let you. That can lead you to the wrong conclusions. There’s a great explanation for the evolutionary reasons optical illusions work on us, at the American Museum of Natural History site.

I wrote about illusions in my book, The Art of Fact Investigation, and was recently reminded again of their power when viewing a wonderful retrospective of the paintings of Bridget Riley, at the Yale Center for British Art.

Sometimes in Riley’s work, what you know to be a static picture looks as if it’s moving (scroll quickly as you look at the section of the work above). As the AMNH site explains, we evolved to focus attention on movement because it can be a sign of danger.

“Even when you stare at a still object, your eyes dart around. Normally, your brain can tell the difference between your eyes moving and an object moving. But because of the strong contrasts and shapes in the illusion, your brain gets confused. Your motion sensors switch on, and the image seems to turn.”

Or take a look at the picture to the left. It’s the famous “Duck-Rabbit” with a duck looking left and a rabbit to the right.

Even after we know that we are looking at something unusual, this image is fascinating. While the information on the page never changes, we can see only a duck or a rabbit, but not both at the same time. It’s very hard to take in simultaneously two facts that we know to be mutually exclusive.

Investigation can feel like that too. In forming theories as we investigate, we gather evidence that may end up supporting what appear to be incompatible or contradictory conclusions. Our instinct is to favor the evidence that supports the conclusion we think is more likely, but we must resist that tendency. We will not find a man who is/is not bankrupt at the same time in the same jurisdiction (impossible), but we may find someone who was extremely wealthy in January and is broke in March.

Looking at the duck-rabbit takes more energy than looking at a conventional picture of a duck or a rabbit, because it clashes with our understanding of what kinds of animals exist on earth. A man who goes from riches to rags in six weeks will, similarly, be harder to investigate because we will have to overcome our own skepticism before we can consider the entire picture of events.

The tendency to find evidence to confirm the case we are trying to win is called confirmation bias, and lawyers are bursting with it. Lawyers are competitive by nature. Evidence they need is something they will naturally want to believe they have uncovered.

Consider the scope of the investigation. Since we “know” Robert Jones is strictly a “New York guy,” we will not even look outside New York to see what else he may have done or acquired outside the state. That’s a mistake.

In screening witnesses, we see that an expert witness has testified dozens of times, so we “know” he has no embarrassing personal history that could affect his credibility since “someone” is bound to have found it by now. Wrong again. At least, wrong not to check.

Optical Illusions in Finance

As for a static picture that appears to be moving, think about Bernie Madoff’s scam. Talk about bold colors and contrasts: He was a leading light in finance, apparently very wealthy, and highly exclusive about who would be allowed to invest in his apparently successful funds.

Master Illusionist

The movement in the Madoff picture was something now known as FOMO (fear of missing out). So much was apparently going on in his universe that you were a fool to pass up a chance to give him money.

In the end, it was an illusion. An accountant in a shopping mall, no independent custodian, and SEC filings that showed just a few million (not billions) under management.

Bridget Riley’s illusions are enjoyable, thought provoking and sometimes disturbing, but the fact that they are illusions is not a secret.

They are worth keeping in mind the next time your investigator comes back with a “sure thing.”

Where do you start in deciding which investigator to hire for a sensitive job?

.

It should be a business of trust, just as it is when choosing someone to come up with an estate plan, to sue a former business partner, or to handle a complex tax situation. Despite the seriousness of the question, some people just do the electronic equivalent of calling the person with the big ad in the Yellow Pages. But many of us ask for recommendations.

What happens when nobody you know can recommend an investigator who not only delivers results, but does so in a way that doesn’t break the law or the rules of professional responsibility that bind lawyers and their agents?

Try these five screening questions on any investigator you are thinking of hiring:

  1. Can you get bank account information?

The answer you should hear is, “Not without a court order.” You could then ask them about the Gramm Leach Bliley Act (which protects bank secrecy) and what that federal law lets them see without the approval or a judge or a subpoena. If they tell you it’s all legal to find out where someone banks and what their balance is, think about this: Do you think anyone should be able to find out exactly what you have in the bank, just because they feel like it?

Not only should they not be able to do that. It’s illegal for them to do that unless you meet a tiny list of exceptions (such as being behind on child support payments).

I’ve written extensively about this issue for years and have called many investigators who claim that getting bank account information whenever they want is legal. The funny thing is, they can never explain how they do it. It’s always a  matter of “good contacts” with the right banks, as if banks don’t mind violating your privacy if they give the information to a friend who happens to be an investigator.

Of course, you can take your chances and participate in the violation of federal law. Just don’t be completely shocked if the other side finds out about it and gets the evidence excluded and, possibly, brings a professional responsibility claim against you the lawyer who approved this.

  1. With Google and all your databases, you can do your whole investigation remotely, correct?

Anyone who tells you they can always do everything electronically should be avoided. The United States contains more than 3,000 counties, and state court records are stored at the county level in most cases. Most counties do not have all their records on line. Some do, and some will show you the dockets (the list of documents in a court case) but not the documents themselves.

As for Google, it’s an indispensable tool but consider this: If you Google yourself, you will probably find one or two percent of all the information you know about yourself. You won’t find a complete list of former colleagues, of people you’ve tangled with, dated, done business with.

If there’s only a one or two percent hit rate for you, why should there be so much more for the person you want to investigate?

  1. What phone calls do you think you would make first?

The answer here need not be a deal-breaker, but if the investigator launches right in with a big list of people, beware. If you want to send an immediate signal to the other side that you are looking at them, then by all means, call up all their best friends (or even their worst enemies). The minute you call anyone, you create a chance that word of your investigation gets back to the subject.

Imagine you are doing an asset search for someone who is considering filing for divorce but hasn’t done so yet. Do you want to tip off the monied spouse that you’re looking around?

  1. Do you know what the no-contact rule is and how to make sure you don’t violate it?

They had better know exactly what this rule is (model rule 4.2 that deals with communications with people represented by counsel). The states vary somewhat in their interpretation of whom this rule covers, but your investigator ought to know the rules where he works. Get him to tell you what they are. If he just says something like, “Don’t worry, we’ve been doing this for years and we’ve never had any trouble,” run away and find someone else.

They may indeed have had trouble but even if not, do you want to be the client they use to break the mold?

We did an entire article on this issue last year here in talking about interviewing someone’s ex-employees. It’s got some helpful examples of other things you can ask about.

  1. When you interview someone, how will you introduce yourself?

It is of the utmost importance that your investigator does not lie about who she is or why she is calling. Beyond the obvious illegality of pretending to be the police, for instance, there are professional responsibility concerns at play. Lawyers are not allowed to tell lies (“make untrue statements”) according to the rules. Sure there is some “dissembling” allowed in contract negotiations, and you can be vague without being completely misleading.

But if you are caught telling an outright lie (or allowing your agent to do it), watch out.

In defending himself in an anti-trust case, Uber CEO Travis Kalanick hired an investigator. That investigator then mispresented the purpose of his calls while compiling background information about the plaintiff’s lawyer. Reuters reported on it in 2016. Instead of saying he was working against the lawyer, the investigator pretended he was compiling information for an article about excellent lawyers in the area.

The judge was not amused and ruled what had happened was enough to provide a reasonable basis to suspect that a fraud took place.[1]

Investigators should always use their real names and companies. If you don’t want them to reveal their client’s identity, that’s fine. Let them say they have a client who prefers to remain unidentified. Lots of people will agree to be interviewed even if they don’t know who the information is going to help.

Will all of these tests mean the investigator will do a great job? Not necessarily. You should still get recommendations if you can, but passing the test questions above will reduce the chances of getting into legal or ethical trouble, and who doesn’t want that?

 

A longer version of this article appeared in the American Bar Association’s Journal “Litigation” in 2017. Link for ABA members only.

Want to know more about how we work? Our website has a wide range of publications and videos. You can also read my book, The Art of Fact Investigation which is available at bookstores online and for order from independent book sellers. And check out our other blog, The Divorce Asset Hunter.

[1] Meyer v. Kalanick, U.S. District Court for the Southern District of New York, 1:15-cv-09796, document 76 filed Jun. 7, 2016.

Specializing in financial investigations as we do, I am always fascinated when new financial frauds come to light, and I always want to know how the person got caught.

In the case of the recent Yale School of Medicine fraud in which an administrator took more than $40 million in fake computer purchases (desbribed in The Washington Post) the end came down to an anonymous tip.

It should not have required a tip to catch this one. It needed someone who can do percentages. To do that going into an investigation, you need to make sure you know what sizes and distances you are talking about.

A percentage is the answer to the question, “Compared to what?” Is a million computers sold in a year a lot? We all intuitively know that a million computers sold in one year in China is a drop in the ocean among a billion people, but a million computers sold in Plattsburgh, New York in one year sounds far-fetched. [I thought Plattsburgh had maybe 50,000 people in it. The real answer is 19,500 – and a million units is nuts with either figure.]

 

The Yale Facts

Jamie Petrone-Codrington was an administrator at the Yale School of Medicine’s Department of Emergency Medicine. She bought equipment on behalf of the department, some of which would be extremely expensive. But she didn’t need higher approval to buy any lot of goods under $10,000. Since one X-ray machine or MRI costs a lot more than $10,000, she decided to fake purchases of things that cost less than that – computers.

According to the criminal complaint and plea agreement, Petrone bought some $30 million worth of goods for the medical school between 2018 and this year. Since January 2021, she bought 8,000 iPads and Surface Pro tablets for use by the department. She broke up all the purchases into lots of less than $10,000. Her fraudulent purchases (at least the ones she’s paying back) started in 2013 with a mere $82,825, but like most fraudsters she started taking increasingly as the years went by and she didn’t get caught.

[“But she’s been here for years!” is what co-workers often say when they learn that a colleague has been robbing the company under their noses for many years. That’s because it takes years to make sure the systems are so lax that you can start taking really big money.]

Petrone pleaded guilty to two counts of wire fraud and filing a false tax return. In addition to prison time, she agreed to make restitution of some $47 million.

The fraud was basic. Petrone would buy these thousands of unneeded computers for the medical school, and then would have them shipped to a company she controlled. The company would then sell the equipment on and she would keep the money.

 

The Crazy Percentage Nobody Noticed

While it’s true that Petrone broke up her thousands of computers into lots of $10,000 or less, at the end a certain period her department still had those thousands of machines on its books.

This made no sense. Just as a million computers for Plattsburgh is nonsense, so is the idea that this department needed 8,000 computers in a year.

If you work at the medical school as Petrone’s supervisors would, you know that for the 476 students enrolled there you have more than 11,000 faculty and staff. Is it remotely reasonable to be buying 8,000 computers a year? These things last 3-5 years, so maybe if you hadn’t bought any computers in years you might buy 8,000 for the entire medical school.  But Petrone was only buying for one department. The 8,000 number is bonkers.

 

All Size is Relative

I have seen suspect purchasing before, and there too it all turned on the size of the place being bought for.

We were hired by one of two warring unions, asked to examine the rival union’s LM-2 financial returns filed with the Department of Labor.

The first thing we did was to find out how big our target local was. How many members did they have? How big was their office and how many people worked there?

We then started looking at the financials and noticed something odd: For a really small local, they bought an awful lot of office furniture. Either they were buying for phantom members who didn’t work there, or they were buying top-of-the-line office furniture that had no place in a union local representing hard-working people doing dangerous work for less than what your average plumber charges.

It all turned on percentages: this many dollars compared to this many people.

A good investigator fills in the blanks. Not just the dollars on the page, but the number of people the dollars service.

Raw numbers mean nothing without context.

I’ve done a lot of interviews about people over the years, but you can always get better.

A fascinating conversation last week with an angel investor about what he looks for in a candidate to run a new company gave me a question I will always ask from now on, but not just about people running startups.

The word for this investor is coachability and it’s a big thing when you have a person running a company for the first time. The idea for more experienced managers might be expressed as open-mindedness, but it all comes from the same place: Can a person in charge admit he doesn’t know everything, and then work to get up to speed on that weak area?

First some definitions: Angel investment is the first-stage investment in a company, also known as seed capital. Often it’s family and friends that get the entrepreneur started – funding the equipment or employees working out of a garage, a WeWork space or, as was the case with Dell, Microsoft and Facebook, a dorm room.

All the rounds of fundraising after the angel stage, including when venture capital and private equity usually get involved, are explained at Crowdcrux. In the end, while some companies remain private, the usual goal is an initial public offering (“IPO”) when you sell shares to the public.

The angel investor I talked to said that ten percent of all of his investments provided his entire return over the past few years. In other words, nine out of ten are losers, but the others make him a lot of money. A typical angel investor would put in anywhere from $5,000 to $50,000, sometimes alone and sometimes in a pool of investors. Many then set aside two or three times that amount for the next round of funding. If they don’t, their initial stake gets diluted if the company moves forward toward profitability.

What is Coachability?

The exchange that provided me with my new great question about a CEO went this way:

Q: What do you look for most of all in someone who is going to run a company you’ll invest in?

A: The track record of running other companies. If they’ve done well with three or four companies before this one, we’re comfortable.

Q: What if there isn’t much of a track record, or no track record of being a CEO at all?

A: Coachability.

He explained that this means, “How open is the person to learning? Do they know what they don’t know?”

It struck me that coachability is a virtue many of us could stand to improve a little bit. There’s taking direction, but then there’s the ability to recognize that even though you think you know a lot about real estate, marketing or whatever it is, there is always something more to learn.

That may not mean just delegating. If you say, “I know semiconductors but I just don’t understand real estate” and hire someone to take care of the real estate end of the business, (warehouse, office and retail space), how will you know if that real estate person is doing  a good job?

As we’ve written before, including in Google is Not a Substitute for Thinking most of what you know about yourself is not available through a Google search, and that goes for everyone you are trying to evaluate before investing money. The qualities of a manager or entrepreneur won’t be a matter of public record. You will need to talk to people who have interacted with them.

The Value Proposition for Due Diligence

No service is free for long if it provides a great benefit. Either you pay for it, or someone is donating their time and money to bring the service to you or someone who can’t afford it.

If you can afford to put down $10,000 on a high risk investment, spending $1,800 to $2,400 on due diligence is a high fee, especially if you make ten such investments a year. On the other hand, many angel investors pool their money. Now you are talking about, for instance, eight investors each with $20,000, but they will be sharing that $2,000 check on an executive. A one percent charge

It makes sense for many angel investors, and at later rounds of investment, the $2,000 cost just keeps dropping as a percentage of the money at stake. Before a Series A investment of $8 million, don’t you want to know more than whether or not someone has been convicted of a crime? Good due diligence gets you there.

Strange then that Ycombinator’s Series A due diligence checklist makes no mention of looking into the people running the whole enterprise.

One hopes that can change. TechCrunch wrote last year about a stampede out of a company appearing at a Ycombinator event after easily discoverable things about one of the principals was, finally, discovered: “… it’s net positive to vet your future partner, back the right startups…”

The more carefully you hire, the less you may need to hit the ejector button on the candidate who probably shouldn’t have been hired in the first place.

 

Want to know more about how we work? Our website has a wide range of publications and videos. You can also read my book, The Art of Fact Investigation which is available at bookstores online and for order from independent book sellers. And check out our other blog, The Divorce Asset Hunter.

Due diligence is about trying to look around corners. Not only do you look backward at a person’s history, but you also want to try to anticipate potential problems for the client if they hire Mr. X. or go into business in Country Y.

Country Y for the purposes of this blog today is Canada.

Things are moving quickly under Canada’s new emergency powers regime, yet there appears to have been little legal guidance published in the U.S. about the new world for banks in that country.

This is Know Your Customer on steroids, and it applies not only to banks but to payment service providers and fundraising platforms, which will now have to file suspicious transaction reports.

First a little background. Even after the three weeks of demonstrations against Canada’s Covid policy were cleared from around the country’s Parliament and from several border crossings, Canada’s government declared a Public Order Emergency, which suspends certain rights in the country (some forms of assembly, but also permits the freezing of financial accounts with a court order). You can see the sweeping rules in the Canada Gazette, published Feb. 15.

The law in Canada allows for the government to declare an emergency but then needs to have the emergency confirmed by Parliament. The House of Commons voted this week to confirm the emergency, though it is still being debated in the country’s appointed Senate, which rarely overturns a Commons vote.

In the meantime, the rules are sweeping and changing by the day. It would make sense for any U.S. financial institution operating in Canada to pay close attention. In addition, the rules cover accounts by certain people held anywhere, not just in Canada.

The rules prohibit banks from dealing with a “Designated Person… dealing in any property, wherever situated, that is owned, held or controlled, directly or indirectly, by a designated person or by a person acting on behalf of a designated person.”

We asked ourselves: If an American bank operating in Canada has a U.S. account for a lawyer who represents one of the demonstrators, does that lawyer get swept up in the rules that require an account freeze?

So far, it appears the answer is no, but who knows what next week will bring?

Last week the Justice Minister said donors to the demonstrations were subject to having their bank accounts frozen. “Trump supporters,” he said, “ought to be worried” about this. Then last night, an Assistant Deputy Minister of Finance told a House of Commons committee that the Royal Canadian Mounted Police were working with financial institutions to unfreeze such accounts. How many have been unfrozen? Who knows?

Still, banks are under a duty to “determine on a continuous basis whether they are in possession or control of property that is owned, held or controlled by or on behalf of a designated person.”  Canadian law firm Blakes writes that this means doing an information sweep at least once a week. Their commentary on the rules is here.

We are not experts in banking law in either the U.S. or Canada. But when,

  1. New sweeping rules are put into place and then (perhaps) reversed, we know enough to recommend proceeding with extreme caution.
  2. The rules say on their face that they apply to bank holdings the world over, that is something an institution would want to get a grip on right away.

After all, if more demonstrations break out this story could be back on the front pages of the world’s papers, from which it has now largely disappeared.

After years in business, one of my biggest marketing challenges is still explaining to potential clients why an investigator can’t just use a few mysterious databases and “deep Googling,” as one hopeful person described it, and produce an answer in an hour or two.

Someone’s well-hidden assets? The eight-month job in 1998 that ended badly and was conveniently less off the resume by expanding the dates of the jobs before and after? The ugly fallout with a business partner last year over a company you didn’t know about?

Those things take time to find. Following is a typical assignment and what each step costs:

Assignment: Background of new CEO of a tech company with sales of $2.5 billion a year. Client is considering a $3 million investment.

Databases: Some of these are pay as you go, and sometimes we use databases such as Lexis Nexis ($300 a month) and Bloomberg Law ($600 a month) that are fixed price. We allocate a portion of the monthly bill for the fixed ones to each case we do. In this case, total database costs are $140.

Courthouse Retrievers: The CEO has lived and worked in five counties around the U.S. since 1996. We want to check civil and criminal cases in which he was involved in all of these. Remember, not all litigation is online, and sometimes even the dockets (case summaries) are not online either.

In our current assignment, one county (Miami-Dade in Florida) has all the cases we need online. But three counties are in California, and we need to send someone to the three difference county courthouses to search and retrieve any records. The CEO has a moderately common name, so they will need some time to sort through all the records to make sure the case relates to our person. Finally, the CEO has a home in Montana. In that state, not only are cases not online, but the clerk has to do the computer search for you. That means two trips to the courthouse – one to drop off the search and one to pick up the records. This step could cost about $700 even if we find nothing. If we find cases, those run to $1.25 a page (at cost, but note that Bloomberg and Westlaw charge $2 a page if you get them to retrieve documents).

Say we find eighty pages of litigation, and say we want copies of his mortgages in California. Call that $150 in copy costs. That a retriever bill of $850 and a running total of $990.

In addition, we found three securities class actions on PACER, the website of the federal courts. Running total is now $1,030.

Our Work: On top of the time it takes for us to search the databases, find and manage the subcontractors who go to the courts across the country, we need to put in time. For instance, our man worked for years in the auto industry, a business that is intensively covered by the media (as opposed to vitally important companies that make braking systems of trucks or trains and get very little coverage). We needed to look through some eight hundred news articles mentioning his name. We had to fine-tune the search parameters to get the field down from 4,500 stories. That took time. In the end, we found an early story that revealed a job he left off his LinkedIn profile.

We spent some time looking for people who might have worked with him at that job – people we or our client could interview to find out why he lasted such a short time there. We also had to add the newly-found company to our searches for legal and regulatory issues. There was every possibility that the company got sued for something our man participated in, but got sued two years after our man left. That would be significant and reportable even if our man were not named in the litigation.

Also, our man had formed two limited liability companies over the years. What did they do? What did they own? It took some time to find out.

We also looked at the man’s social media and that of his wife and grown children. Some people say nasty things on social media or display themselves in a way that might call into question their fitness for the job. (One person we once examined commuted back and forth between the east and west coasts for many years, and interviews painted a picture of someone who was always halfway out the door to get to the airport and who drank too much).

We look at electoral contributions (they sometimes list place of work), whether he’s ever been to tax court, whether any of his data ever turned up on the Dark Web.

 

The Value Proposition

Even if we did all this in four hours (and that can be done with someone who is not that complicated and has a light litigation and corporate structure), you would be up to a bill of $2,390.

You are thinking of investing $3 million into this company. Even a $3,000 investigation taking one to two weeks that could alert you to a big problem constitutes one tenth of one percent of the investment. Doesn’t it make sense to look before you write that check?

If you think you would be able to do it yourself and save money, go right ahead. Subscribe to the databases, find the courthouse retrievers (and pay their copy markups), figure out the many techniques we have for reverse searches based on addresses, phone number and social media handles. Play around on the Secretary of State websites to turn up secret LLCs.

Chances are, someone who does this all the time will think of a few things you did not, which is only natural. This is all we do. In the same way an immigration lawyer would be foolish to  handle even a mildly complex bankruptcy matter, we recommend that experienced litigators and transactions lawyers let us help them with this kind of research.

 

Want to know more about how we work? Our website has a wide range of publications and videos. You can also read my book, The Art of Fact Investigation which is available at bookstores online and for order from independent book sellers. And check out our other blog, The Divorce Asset Hunter.

We were asked recently about the ethics and legality of Dark Web searches, increasingly part of many investigations. I realized we had never posted on this issue and it’s about time.

Since a lot of what we use from the Dark Web is stolen information, can we make use of it?

In short, the answer is yes as long as we have the right reasons.

Firstly, a few terms. The Dark Web is a subset of what’s known as the Deep Web. That’s everything on the internet that you can’t get to by using a search engine such as Google. Think not only about all the proceeds of crime on the dark web, but useful legal things including your credit card statement or your medical test results. You can’t get the results for such pages from Google because we don’t want just anyone looking at confidential banking, medical and other information that is on the internet but is private. The Deep Web is vastly larger than the Web you can get to with a search engine.

The Dark Web refers mostly (but not entirely) to illicit activity that includes human trafficking, drug dealing and all sorts of other criminal activity including the theft of personal data. In some authoritarian countries, political dissidents exchange information on the Dark Web that would get them arrested at home if they did so out in the open.

Is it Legal?

In many cases, handling Dark Web material is forbidden by law. If they find child pornography on your computer, you’re probably going to prison. But what about stolen information?

In January 2020, the U.S. seized a web domain weleakinfo.com, which provided “a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records,” according to the government release. These included names, email addresses, usernames, phone numbers, and passwords for online accounts. The seizure was part of an international operation that involved U.K., Dutch and German law enforcement.

You would think that any remaining such business in the U.S. would be rolled up, but that would be wrong. What’s the difference?

One obvious case is that it should always be OK to research your own information. Many people pay for Dark Web monitoring, so that someone with access to the Dark Web itself or databases derived from the Dark Web can let you know if any of your personal information has been hacked and publicized.

But what about looking at someone else’s information? You didn’t steal it, you didn’t pay anyone to steal it or tell them how to do it. You’re just getting access to something already published.

In the United States newspapers have had the right to publish stolen information since the famed Pentagon Papers case, New York Times v. U.S., 403 US 713 (1971). When newspapers publish private company information such as the Panama Papers they are publishing the fruits of stolen property. The decision of what to publish and what to withhold belongs to the publisher, not to the victim of the theft.[1]

If the authorities catch the party that engineered the theft, they go after that party. Chelsea Manning and now Julian Assange have been in trouble not for publishing but for stealing. But the publishers are legally in the clear. It’s explained in a helpful article by the Nieman Foundation. The big discussion among journalists is not whether it’s legal to publish certain material, but whether it’s ethical in some cases.

Since the United States does not license journalists, anyone can “publish” anything they want and be subject to the same First Amendment protections as well as limits (the First Amendment makes no exception for libel, for instance).

And yet, some websites get rolled up and others don’t, even though they operate in the open.

Justice Department Guidance

A month after they seized weleakinfo.com, the Justice Department issued a guidance memo in February 2020 called “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources.” You can get it here.

Remember, this is a group of prosecutors (not a court or a legislature) opining about what’s legal. The salient part of the guidance for our purposes:

… many of the federal criminal statutes associated with the type of stolen data that tends to be sold in Dark Markets—e.g., passwords, account numbers, and other personally identifiable information—only apply if there is intent to further another crime: for instance, an intent to use the information to defraud. For this reason, a purchaser of the stolen data who lacks a criminal motive is unlikely to face prosecution under those statutes.

So, if we are using the data we buy to find a witness in a case, to track down someone defaming our client, or just doing regular anti-fraud due diligence on a prospective borrower who wants $50 million of our client’s funds, we feel as if we are on solid ground.

But the DOJ cautions that when you buy someone else’s stolen data, it’s much more likely to “raise questions about the purchaser’s motives and result in scrutiny from law enforcement and the legitimate data owner, particularly if a trade secret is involved.”

So for anyone buying this data, you need to ask, “Why do you need it?”

Things We Will Do with Dark Web Data

We have used Dark Web data to try to figure out who is behind a website defaming one of our clients. In another case a client was being harassed and there was no way to know who had bought the throwaway (“burner”) phone making the calls.

In both cases, we went to the databases of information gathered from data breaches. We hoped to find numbers and email addresses that we could link to physical addresses in order to identify who was behind the suspect activity.

Sometimes, you can take a “handle” from an email address (say paulb3222) and see if that prefix is associated with any individuals. You then need to do more work to make sure the paulb3222 you are looking for is the same person as the guy in Australia who goes by paulb3222. Believe it or not, such handles are more common than you would think.

We think this kind of work is permissible and ethical because we are not engaged in fraudulent activity. Indeed, we are trying to stop what is allegedly criminal or tortious activity, and we are using data that has already been published.

Things We Will Not Do with Dark Web Data

Beyond the obvious – reselling illegal images, dealing in drugs, violating medical privacy – there are uses of the data we can find on the Dark Web that are illegal. If you find out what someone’s password used to be when their Target account was hacked and dumped on the Dark Web, it would be illegal to use that password to hack into other accounts they may have. And as the DOJ makes clear, you shouldn’t be in the business of stealing trade secrets.

Post-Breach Security Tips

If you want to find out if your email address was part of a data breach, you can do so for free at https://haveibeenpwned.com/ The site has no specifics beyond where the breach took place, but if you see your breach happened with Target, it would be a good idea to change your Target password — if you haven’t already — and to change all other passwords that are identical or very similar.

Our recommendation: get a password keeper that assigns a different, long, randomly generated password for every site you use. You only need to remember the one password for the password keeper. That way if there is a breach, they only have the one password they stole which won’t resemble any of your other ones.

[1]One caveat: All of the law referred to in this article is American law, and American law is probably the most permissive when it comes to what you can publish without worrying about state intervention.