This is the second of a two-part series that explores due diligence in the fintech space. Click here to read our article on commercial due diligence in fintech.
“Due Diligence” (DD) is the term applied to assessments conducted by a potential investor when they are looking to invest in or acquire another company. This is usually conducted by a third party with the right experience and knowledge to accurately assess and evaluate the target company. The third party – usually a specialist consulting firm – works with the target company to compile a comprehensive report that is provided to the potential investor, which helps them better understand the value of their investment.
At Penser, we specialize in commercial due diligence (CDD) and technical due diligence (TDD) in the financial technology industry. We have successfully guided the investment decisions of private equity and venture capital investors, as well as corporations, across their investments in payments, digital banking, wealth management and lending.
Considering our experience in this sector, we wanted to share some insight into how the process works, and what we look for when conducting fintech IT/technical due diligence.
Technical Due Diligence
Technical due diligence involves a deeper understanding of the technology used by the target company. We conduct a very detailed analysis of the underlying technology platform and infrastructure and examine its architecture, scalability, flexibility, resilience, and more.
Again, we’ll break it down into five key segments:
1. Scalability assessment
Scalability is a vital factor to ascertaining the health of the company’s technology. In many instances, especially when the target company is in earlier stages of its growth, the infusion of capital might be like pouring lighter fluid on a flame as the company spends on user acquisition and scaling up.
To ensure that the target company can handle this increase in activity, we assess how adaptable the company’s technology stack is, and whether it can handle multi-fold increases in volume. We check on the hardware and the software, as well as the technology infrastructure the company has in place. We outline where improvements have to be made, and highlight where a good foundation has been laid, so that our client knows that the target company can handle rapid growth that is expected from the investment.
2. Security and compliance
In our technology-centric world, security is a major concern. There have been several data breaches in the recent years, and any technology-based company needs to ensure it has secure data protocols. We assess their security and data protection system against global best practices, call out any deficiencies and recommend changes.
Equally important is ensuring that the target company is compliant with industry regulatory requirements. While technology is changing rapidly, regulation in financial services is evolving as well. For example, depending on the nature of their business, a payments company needs to stay on compliance with PCI, EMV standards, PSD2, SCA, GDPR and much more! This can be tricky as regulations tend to vary by geography. With our extensive experience in this sector, we know what regulations to track and how to assess compliance.
3. Infrastructure and architecture assessment
It’s important for our clients to know how robust the target company’s technology is. We analyse the company’s hardware and software, as well as their network and infrastructure. We also assess the integrity of the licenses the company holds during our IT DD analysis.
Another important factor when assessing a technology platform is its flexibility, i.e. its ability to easily integrate with other technologies, and how easily it can adapt to developments in technology that could require new builds and upgrades.
4. Resilience and business continuity
Today, we are dependent on technology for most activities and transactions. Therefore, anything that could disrupt the delivery of that service poses a risk to the entire business. Alongside assessing the company for security, we also assess the company’s ability to bounce back from disaster and keep business running despite external obstacles.
We also check how strong the company’s backup policies – how secure is the data, how easily can it be restored, and how frequently the data is backed up. This helps provide a clear picture of how the target company has planned for eventualities, which is, in turn, an indicator of the strength of the company’s leadership.
5. Customer Support
Lastly, we examine how the customer interacts with the product. We gauge their usage, the frequency, and the experience they have. We also assess how quickly customers can receive technical support and solutions to issues raised, as well as the quality of the service provided.
We also do extensive analyses of the quality assurance and testing process to ensure that the customer receives the best version of the product.
Technical due diligence (TDD) requires a specialized touch. It requires the consulting firm to have knowledge of the sector to be able to accurately understand and assess the target company’s position in the market.
To check out our article on commercial due diligence in the fintech sector, click here.
At Penser, we have developed the industry expertise to be able to provide our clients with the guidance they need to make informed decisions in the banking and payments sector. We explore the five aspects mentioned above (as well as a few others) to provide a clear, comprehensive report that outlines the strengths and weaknesses of the target company when it comes to tech.
If you’d like to learn more about due diligence (DD) services, please contact us by clicking here.