One indispensable part of due diligence is to check for regulatory sanctions. Was a company found by the SEC or FINRA to have misappropriated investor money? Put them in unsuitable investments? Lied on a filing to induce people to invest money under false pretenses?

While we never pronounce “Invest” or “Don’t Invest,” “Hire” or “Don’t Hire,” regulatory sanctions are something our clients can put into their personal mix that determines risk tolerance.

But what about when you don’t find any regulatory problems? That too can flag a problem. And the bigger the prospective deal, the more the complete absence of regulatory problems becomes. Two issues in the news today come to mind on this front: Cryptocurrency and ESG investing.

As we saw with the Bernard Madoff scam (and countless others), it’s what is not in evidence that should cause the greatest concern. In Madoff’s case these can’t-be-founds included an independent custodian, a Big Four auditor, reasonable variability in returns for equities, and in the last couple of years before he was caught, evidence of billions of dollars of equity holdings in his 13F SEC filings.

Bad, cheap, check-the-box due diligence, could and did robotically report to you that “No sanctions were found” for Madoff’s operation. Plenty of people refused to invest with him because of what they expected to see but did not. Still, a lot of the due diligence failed them. Even the SEC was unable to nail Madoff after repeated approaches by a whistleblower.

Unlike with Madoff, I am not suggesting any evidence of criminality with the examples below. It is just that there is a lack of what I would want to see in an investment that was not high risk: That they are governed by rules and that they follow those rules.

  1. Environmental, social and governmental (ESG) investing. What’s remarkable about the categorization for investors of ESG investing is that there is no accepted definition of what ESG is. While regulators can come down hard on companies for violating accounting standards, there are no ESG standards to violate. This was explained beautifully in a Bloomberg article, The ESG Mirage, last year.

If someone is selling you a bond fund, you would expect it to be full of bonds. A gold miner’s ETF should be about investing in gold miners. But investing in companies with good ESG scores is a matter of sorting through more than 160 different, competing standards for what makes a high ESG score – what Bloomberg calls “a foundational yet unregulated piece” of a multi-trillion dollar business.

If you have a business worth tens of trillions of dollars, you would expect some wrongdoing to pop up here and there, but it’s down to Bloomberg and other journalists to tell you that ESG can mean nearly anything Kick out Tesla, upgrade Exxon Mobil. How is an investor to tell the quality of the ESG product he’s considering?

  1. We are now seeing the early stages of litigation meant to determine what kind of regulatory regime will govern cryptocurrency in the U.S. The industry says it’s a commodity and should be governed by the Commodity and Futures Trading Commission (CFTC). But the Securities and Exchange Commission (SEC) is having none of that. Even though Congress hasn’t spoken specifically about which agency ought to regulate crypto, the SEC is proceeding as if there is a clear answer to what cryptocurrency is.

It’s not an absence of regulatory activity, as with ESG, just the very early days of it.

When the rules are unclear, risk goes up. At around $1 trillion, the crypto market (including cryptocurrencies and non-fungible tokens), presents a huge amount of regulatory risk.

None of this means you shouldn’t pay attention to ESG ratings or crypto. But the idea that these are well-settled concepts with anything like low risk is an idea a serious investor should dismiss.