Common Operational Red Flags Investors Miss in Due Diligence

The most dangerous operational failures rarely arrive with a warning. They develop over months or years, concealed behind confident presentations and clean compliance filings, visible only in retrospect, and only to those who knew what to look for. This article examines the red flags that experienced operational due diligence practitioners have learned to take seriously, and that less seasoned investors too often overlook.

The Limits of the Standard Questionnaire

Most operational due diligence processes begin with a questionnaire. A manager completes it; an analyst reviews it; findings are documented. At its best, this process surfaces material issues and establishes a baseline for ongoing monitoring. At its worst, it provides false reassurance, a checklist of boxes ticked without genuine interrogation of what lies beneath.

The managers who present the greatest operational risk are rarely those whose questionnaires look obviously deficient. They are the ones who have learned to answer the questions well. The skill of experienced ODD practitioners lies not in identifying obvious failures, any investor can spot a fund with no administrator or no segregation of client assets, but in recognising the subtler signals that indicate deeper structural or cultural problems.

The following red flags are drawn from patterns observed across operational failures in the asset management industry. None of them, in isolation, necessarily indicates fraud or imminent collapse. Together, or in combination with other concerns, they warrant serious attention.

1. Concentration of Authority in a Single Individual

The most consistent precursor to operational failure, and to fraud, is the concentration of authority in a single person. When one individual controls investment decisions, client onboarding, trade execution, and accounting, the segregation of duties that constitutes a basic internal control has broken down entirely.

This is rarely framed as a risk. It is usually presented as efficiency, or as the natural consequence of a founder-led culture. “We’re a small team, everyone wears multiple hats.” The problem is not the small team, it is the absence of any independent check on the individual at the centre.

Investors should ask not just who performs key functions, but who independently reviews them. If the answer to “who checks the portfolio manager’s trade allocations” is “the portfolio manager,” that is a material red flag, regardless of the manager’s track record or reputation.

The Madoff case remains the most instructive example. The warning signs were visible for those who looked: an in-house administrator with no independent verification, a tiny auditing firm with no meaningful capacity to audit a fund of that scale, and an investment process that no outside analyst could replicate. Each of these was a red flag. Together, they were a catastrophe.

2. Reluctance to Provide Transparency

A manager’s willingness to provide information is itself informative. Genuine transparency, not just the provision of documents, but a genuine openness to interrogation, is one of the most reliable positive indicators an ODD practitioner can observe. Its absence is equally significant.

This reluctance takes many forms. A manager may answer questionnaire questions with minimal detail and resist follow-up. They may provide documents that satisfy the letter of a request without its substance, an organisational chart that lists titles but not responsibilities, for example. They may be unwilling to facilitate direct conversations between the investor and the fund’s administrator, auditor, or prime broker.

Managers will sometimes frame this reluctance as concern for proprietary information or investor confidentiality. These are legitimate concerns in narrow contexts, but they do not justify opacity about basic operational controls. A manager who will not allow their prime broker to confirm the existence and value of the fund’s assets has no legitimate reason for that refusal.

Investors should pay close attention to the texture of manager responses, not just their content. Defensive answers, excessive caveating, and the careful management of what information reaches whom are often more revealing than the information itself.

3. Misaligned or Poorly Structured Service Providers

The quality and independence of a fund’s service provider network, administrator, auditor, prime broker, legal counsel, is one of the most important structural safeguards an investor can assess. It is also one of the most frequently underweighted.

Investors typically check whether service providers are reputable. Fewer ask whether they are genuinely independent, whether the scope of their engagement is appropriate, and whether they have the capacity to perform the functions they are nominally assigned.

Specific warning signs include: an auditor whose client base is primarily composed of funds managed by a single firm or individual; an administrator that relies on the manager’s own records rather than independently sourced data to produce NAV calculations; legal counsel that also advises the general partner on matters where investor and GP interests may diverge; and service provider relationships that appear to have been selected primarily on the basis of cost rather than capability.

Unexplained changes in service providers mid-cycle, particularly auditor changes, warrant careful investigation. While there are legitimate reasons for such changes, they can also signal that an independent check has been removed because it became inconvenient.

4. Operational Infrastructure That Lags AUM Growth

Rapid growth in assets under management is typically treated as a positive signal. In operational due diligence terms, it is a risk factor that deserves careful scrutiny.

A manager who has grown from $200 million to $2 billion in three years may be operating with the same team, the same systems, and the same processes they had at launch. The operational infrastructure that was adequate for a boutique fund is frequently not adequate for a mid-sized institutional manager. The pressure points, trade operations, risk management, compliance, may not have been stress-tested at the new scale.

Investors should ask how the operational team has grown relative to AUM, and what specific investments in infrastructure have been made to support increased scale. A manager who cannot articulate a clear answer, or who responds with vague reassurances about the team’s experience and flexibility, has not thought carefully about this question, which is itself a concern.

The converse is also worth examining: a manager whose AUM has contracted significantly may have reduced their operational team to match, potentially creating capacity gaps that are not visible in the current organisational chart.

5. High Operational Staff Turnover

Turnover in investment and portfolio management roles is commonly tracked by allocators. Turnover in operational roles, COO, CFO, head of compliance, head of risk, receives far less attention, and often matters more from an operational due diligence standpoint.

Experienced operational staff leave firms for many reasons. But a pattern of high turnover in key operational roles, particularly when it is accompanied by other yellow flags, is worth investigating carefully. People who work closely with a firm’s internal processes are well-positioned to identify control failures, governance problems, and cultural dysfunction. When they leave in quick succession, it raises an obvious question about what they observed.

Investors should map the tenure of key operational staff across multiple review cycles, not just the current snapshot. Reference checks, conducted on departing operational staff where possible, not just investment professionals, can provide information that questionnaire responses cannot.

A related concern is the absence of operational depth: a firm where the entire operational function resides in a single individual who has been in post for many years. This is often presented as a strength, continuity, institutional knowledge, but it creates acute key-person risk and frequently masks the absence of any meaningful succession planning or independent oversight.

6. Inconsistencies Between Reported and Verifiable Facts

Small discrepancies between what a manager states in their questionnaire and what can be independently verified are among the most significant red flags in operational due diligence, and among the easiest to overlook, precisely because they are small.

These inconsistencies can appear in many places: a headcount figure that does not match LinkedIn; a regulatory filing that contradicts a stated AUM; a stated educational credential that cannot be verified; a prime brokerage relationship that the prime broker’s records do not reflect. Individually, each discrepancy may have an innocent explanation. Together, they indicate either carelessness or deliberate misrepresentation, and neither is acceptable.

The discipline of independent verification, checking questionnaire responses against primary sources rather than accepting them at face value, is fundamental to effective ODD. It is also time-consuming, which is one reason it is often done superficially. Technology platforms that automate data cross-referencing can significantly increase the coverage and consistency of this verification process.

7. Vague or Untested Business Continuity Arrangements

Every manager of any meaningful size has a business continuity plan. The relevant question is not whether a plan exists, but whether it has been tested, whether staff are aware of it, and whether it would actually function in a genuine disruption scenario.

Many managers treat business continuity planning as a compliance exercise: a document produced to satisfy a due diligence questionnaire, reviewed annually, and otherwise ignored. When asked in detail about specific scenarios, what happens if the primary office is inaccessible for two weeks? who has authority to execute trades if the head of trading is unavailable? how would investor redemptions be processed if the administrator’s systems were offline? They frequently cannot give specific answers.

The COVID-19 pandemic was instructive in this respect. Many firms that had robust-looking BCP documentation found, in practice, that their plans had not anticipated the specific combination of circumstances that a prolonged, firm-wide remote working requirement created. The firms that managed the transition well were those that had invested in genuinely operational plans, not merely documented ones.

8. Cybersecurity Posture That Does Not Match Operational Complexity

Cybersecurity has become a standard section of most ODD questionnaires, but the depth of scrutiny it receives often falls well short of the risk it represents. Investors frequently accept high-level confirmations of policy existence “we have a cybersecurity policy,” “staff receive annual training” without probing whether those policies are operationally meaningful.

The red flags in this area tend to be specific. A manager whose employee endpoints are not centrally managed, whose staff use personal email for business communications, or who cannot identify which third parties have access to investor data has materially elevated cyber risk, regardless of what their policy documents say. The absence of multi-factor authentication on any system that touches investor assets or data is, in the current threat environment, a basic control failure.

Investors with the resources to commission independent cybersecurity assessments of their managers should do so for any allocation of meaningful size. Those without those resources should at minimum ask for evidence of third-party penetration testing and review the results, rather than accepting a manager’s self-assessment.

9. Returns That Cannot Be Operationally Explained

Unusually consistent or unusually strong returns are an investment signal that typically triggers scrutiny from investment teams. They are also an operational signal that ODD practitioners should take seriously, and that is sometimes overlooked because the performance analysis is treated as the investment team’s responsibility.

The operational question is whether the stated returns are consistent with the operational infrastructure in place. A manager claiming to execute a high-frequency statistical arbitrage strategy with a team of three and no meaningful technology investment is describing an impossibility. A fund reporting positive returns in every single month across a five-year period, with near-zero volatility, is presenting a statistical profile that warrants serious investigation of how those returns are being generated and verified.

ODD practitioners should not feel constrained to leave performance analysis entirely to investment colleagues. Operational plausibility, the question of whether the stated strategy could physically be executed with the resources in place, sits squarely within the ODD remit.

10. Governance Structures That Exist on Paper Only

Most funds have governance documents: a limited partnership agreement or equivalent, an investment management agreement, board minutes, compliance committee records. The existence of these documents is necessary but not sufficient. What matters is whether the governance structures they describe are operationally real.

A risk committee that meets quarterly but never escalates a concern, modifies a position limit, or records a dissenting view is not functioning as a risk committee. A board that has never rejected a management proposal is not providing independent oversight. An independent director who holds board roles across thirty funds managed by the same promoter is not, in any meaningful sense, independent.

Investors should ask to see evidence of governance in action: instances where the risk committee escalated a concern, where a compliance finding required a management response, where a board-level discussion resulted in a change to policy or process. Managers who struggle to provide these examples, or who provide only examples that are flattering to management, are likely operating governance structures that are decorative rather than functional.

11. Regulatory History That Has Been Minimised or Omitted

Regulatory disclosures, SEC Form ADV filings, FCA register entries, equivalent records in other jurisdictions, are a standard part of ODD review. They are also a part that investors sometimes review too quickly, accepting a manager’s characterisation of disclosed items without independently assessing their significance.

A manager who describes a regulatory sanction as “a technical matter that has been fully resolved” may be accurately characterising a minor administrative issue. They may also be minimising something more significant. The investor’s obligation is to read the underlying filing, not just the manager’s summary of it.

Equally important is checking the regulatory history of key individuals, not just the registered entity. A fund principal with a regulatory sanction from a previous role that is not disclosed in the fund’s own filings is both a legal issue and a significant character and integrity concern.

The Pattern Beneath the Flags

Looking across these red flags, a pattern emerges. The most significant operational risks are rarely visible in a single data point. They appear in the combination of factors: the concentration of authority plus the reluctance to provide transparency; the governance structure that looks robust on paper plus the operational team that has never been tested at scale; the strong returns plus the service provider network that lacks genuine independence.

This is why portfolio-level visibility matters. An investor reviewing each manager in isolation may conclude that any individual concern is manageable. An investor who can see patterns across their entire allocation, who notices, for instance, that three of their managers share the same independent director, or that four have changed their auditor in the same twelve-month period, is in a fundamentally better position to identify systemic risk.

This kind of cross-portfolio analysis is extremely difficult to conduct with spreadsheet-based ODD processes. It requires a common data structure, a persistent record of change over time, and the analytical tools to surface correlations that would not be visible in individual manager files. It is one of the strongest arguments for investing in dedicated ODD infrastructure, not because it makes the qualitative judgements for you, but because it gives you the information base from which those judgements can be reliably made.

Red Flags Are Only Useful If You’re Looking

The operational red flags described in this article are not obscure or theoretical. Many of them were present, and documented, at least in retrospect, in the major operational failures that have shaped the industry’s current approach to due diligence. The reason they were not acted upon is rarely that the information was unavailable. It is that the process for gathering, analysing, and acting on that information was not rigorous enough.

The investors who identify these flags reliably are those who approach ODD as a structured, systematic discipline, not a periodic box-ticking exercise. They ask the same questions consistently across every manager. They verify responses independently rather than accepting them at face value. They monitor continuously between review cycles, not just at the point of initial investment. And they maintain a longitudinal record of what they have found, so that changes over time are as visible as the current snapshot.

Operational due diligence done well is not a defensive exercise. It is a genuine source of competitive advantage, for the investors who practice it rigorously, and for the managers who can demonstrate that they meet its standards.