The road to GDPR for prospect research

We recently undertook a survey of prospect research teams in the UK to find out how they are coping with GDPR preparations. We’d like to thank each of the 95 respondents – your answers have given us a real sense of the current situation for the prospect research community as we all work towards May 2018.

We thought it might be useful to share some of the responses as we know that many prospect researchers are struggling with GDPR and it may help to know that you are not alone! That said, it’s not all doom and gloom out there, as the answers to the survey reflect, and there are many positives that we can take from the results.

First, the not-so-good news

Perhaps unsurprisingly, the overwhelming feeling from most of our respondents (77%) is that there is still a lack of clarity around GDPR – specifically around how prospect research can operate in a compliant fashion within the principles of GDPR.

There are also concerns with the practical aspects of GDPR preparation; over 34% of respondents would like more information on undertaking a privacy impact assessment and 38% of respondents are struggling with understanding how to integrate GDPR practices with their CRM system.

Frustratingly, almost 35% of prospect researchers reported that they have not been involved in the GDPR discussions at all in their organisations so they feel they have been unable to provide valuable input to the process.

Some of the other concerns highlighted by our survey are:

  • Misinformation or conflicting advice on GDPR issues is very confusing and unhelpful when it comes to planning
  • The lack of evidence that supports the need for prospect research which can be used to argue the case for continued prospect research with senior leadership
  • The difficulty of understanding and analysing donors’ reasonable expectations
  • The lack of support from leadership within organisations in preparing for GDPR, and the lack of communication between teams on this issue
  • The potential impact of GDPR on smaller organisations is worrying as they may not be able to fully prepare in time for May 2018 due to a lack of resources
  • PECR seems to be a particular concern for many, especially when it comes to consent for channels of communication and how this integrates with GDPR requirements
  • The overwhelming workload and resources required to prepare for GDPR

All that said, it wasn’t all bad news…

Readiness for GDPR

Whilst only 2% of respondents stated that they are ‘completely ready’ for GDPR, the vast majority of respondents, 91%, stated that, for prospect research at least, their organisations are ‘not quite ready, but getting there’. Only 4% of respondents felt that they are ‘not at all’ ready.

Consent or Legitimate Interest?

Most interesting to note from the results was that 54% of respondents stated that their organisation will be relying on legitimate interests as their basis to process data for prospect research purposes.

Only 3% noted that they will be relying on consent as their basis for processing whilst almost 35% of respondents stated their organisations were not yet to make a decision on this.

Privacy Notices

Only 16% of respondents felt that writing privacy notices / policies was an area of concern for their organisations – this is perhaps due in part to the specific guidance that does exist in this area.

Hearteningly, over 63% of organisations have updated their privacy notice to be GDPR compliant. Just over 26% have not yet done this, and 10% of respondents were not sure on the state of their organisation’s privacy notice.

Of the 63% which have updated their notice, over half (58%) have now uploaded this to their website. Only 14% have taken the step to post or email this updated notice to their supporters but this number will inevitably grow at a pace as we work towards May 2018.

Impact on prospect research activity

We also wanted to find out whether researchers have been able to continue providing prospect research services in recent months as the answer to this may help us to understand the likely long-term impact of the ICO fines and GDPR preparation.

The results below show the 5 main areas of prospect research activity and the % of respondents who stated they have either a) stopped doing this activity altogether, b) paused this activity whilst they prepare for GDPR, c) have continued to do this activity or, d) were unable to answer or didn’t do this activity in the first place.

Type of research Stopped Paused Continuing D/K or N/A
Database (Wealth) Screening 31% 41% 7% 21%
Individual research/profiling 4% 21% 68% 7%
New prospects identification 4% 18% 69% 9%
Due diligence research 1% 3% 78% 18%
Network research 4% 13% 57% 25%

We have followed up specifically with those individuals who stated they have ‘stopped’ or ‘paused’ Database Screening to obtain more details on these decisions, and we will be able to provide more insight into this at our session with Prospecting for Gold at the RiF Conference on November 6th. For those unable to be at the conference we will follow up with a blog about this shortly afterwards.

For now, it is heartening to see that, aside from Screening, the majority of prospect research activities have continued, although some have fared better than others.

Due diligence in particular seems to have continued, with only 1% of respondents stopping this activity and 3% pausing it. Individual research (i.e. profiling), which was previously undertaken by over 92% of respondents, has stopped or paused in a quarter of organisations as GDPR preparation is undertaken.

Network research was highlighted in the open questions as a particular area of concern, with many unclear how to balance GDPR requirements with the need to identify relevant contacts of key supporters, although of the 50% of respondents who previously undertook this type of research, 86% are continuing to do so, so it is unclear how much this has been affected in reality.

It will be interesting to review the long-term consequences of organisations stopping or pausing these activities as we look in particular at major donor income in 2018 and beyond. Many respondents in the open questions highlighted their concerns that their particular organisations and institutions are losing opportunities to identify and engage potential supporters for fundraising during the process of preparing for GDPR.

The future

Whilst this is a worrying time, there was a view from many respondents that GDPR will ultimately have a positive impact on prospect research…in the end.

This is because despite being, as one respondent put it, “painful”, four of the main benefits highlighted were:

  • GDPR will help to promote prospect research within organisations and institutions (as one respondent put it, “We are no longer a dark art!”)
  • It will make prospect research more efficient and effective
  • The process will educate supporters, donors and the public in how non-profits operate/fundraise, which is a good and positive thing
  • The situation so far has shown researchers to be resilient – working hard and standing up for themselves and the sector

So, the future seems bright but, in the present, if you are one of the many researchers who would like more clarity on specific issues, we know that the IoF are working to produce some specific GDPR guidance for prospect research. We don’t yet know when this will be available, but it will hopefully provide some much needed insight into how we can better prepare for GDPR.

Whilst you wait for that, you may want to download our paper on legitimate interests and prospect research, as it signposts to other useful pieces of guidance and gives a basic overview of the GDPR situation.

If you’d like more details on the survey or would like to chat about prospect research and/or GDPR, please do get in touch with me.

It ends with Google

On Tuesday I spent the morning at the Ship2B Foundation in Barcelona. Ship2B brings together social change organisations – charities and social enterprises – with grant-making foundations, companies, family offices and venture philanthropists. The social change organisations work on themes in ‘Laboratories’ where the foundations, companies and philanthropists provide advice, contacts and money to accelerate their growth, to ‘scale.’

I sat in on a presentation by the Water4Life lab group. Here were a range of projects on water use and water management. One project was using data from Aigües de Barcelona, the Barcelona water utility, to pinpoint areas of poverty in the city based on how much water each household was using. The project was analysing mass data gathered for one purpose (water supply bills) and using it for another (mapping and understanding poverty).

Which led me to think about the Information Commissioner’s current focus on public domain information collected for one purpose, being used for another.

The ICO have told charities that “publicly available data…is not fair game.” It is not enough to claim that you have a “legitimate interest” in using data from public registers such as Companies House, and news and press reports; you “must balance this against the prejudice to the rights and freedoms of individuals.”

The team at Factary is working hard to ensure we are fully compliant with this new emphasis from the ICO. So this week we contacted one of our suppliers to check that their data was fully compliant. They told us that “…in light of the new GDPR legislation we are currently in discussions…” with suppliers. This is a leading data house that provides data drawn from Companies House. Their end supplier is Companies House.

The Supply Chain

Factary – and any prospect researcher who uses UK companies information from one of the large data houses – is in a supply chain that starts at Companies House. At some point, someone is going to knock on the door of Companies House and ask “are you compliant?”

Before they made their data freely available to anyone, Companies House earned £8.7m in a year, selling it to data users. I have been registered at Companies House as a director since 1990. I have never, ever, had a letter from them asking me if it’s OK to publish my name and address in their register, and then to sell that data on to the big data houses.

I was never asked, because Companies House had a duty in law to gather my personal information and publish it. They turned my private information into public information. They promoted my private information “to power a great range of products” and to encourage “even more people to explore and use [the] data.”

Companies House represents the contradictions at the heart of the legislation that ICO is forced to apply. Data from Companies House that we all believed to be publicly available, and in which we all had a legitimate interest, is no longer “fair game.”

So who is the biggest supplier of publicly available data?

Google, of course.

A Little Light Googling

Every day, millions of people in Britain type the name of a person – a celebrity, a footballer, a friend, a company owner – into Google. Google returns thousands or millions of results; “Theresa May” returns 24 million publicly available results this morning, ranging from press reports to biographic reference sites.

I did not ask the Prime Minister if I might check her name in Google. I am certainly prejudicing her right to privacy by putting her name into Google, because thanks to Google I can see all sorts of scurrilous, unrepeatable stuff about our glorious leader.

Google is a massive re-purposer of publicly available data. Data gathered for one purpose (selling newspapers, or adverts in scurrilous blogs) is re-purposed every single day by Google on behalf of its millions of users.

This is where the contradictions in UK privacy legislation are crystallised. This is where the ICO is heading in its search for the right balance between legitimate interest and the rights and freedoms of individuals.

I want to be a fly on the wall when the ICO knock on the door of number 6, Pancras Square, London N1, the UK headquarters of Google. That battle – between the ICO and Google – will be one to watch.

Divided Rules

Prospect researchers are at the nexus of a storm between five government agencies. Thanks to the monetary penalties imposed by the Information Commissioner in December 2016 on two leading charities we can now see the extent of the battlefield.

In one corner is the Information Commissioner’s Office, ICO. In its press release announcing fines for the RSPCA and the British Heart Foundation, ICO condemned the use of “information from publically[sic]-available sources to investigate income, property values, lifestyle and even friendship circles.”

This appears to put the ICO in direct opposition to the Charity Commission. In a series of papers entitled ‘The Compliance Toolkit’ the Commission reminds charities that they have a duty to check on donors and potential donors. Tool 6 in the suite is called ‘Know Your Donor’, and here the Charity Commission asks;

“Have any public concerns been raised about the donors or their activities? If so, what was the nature of the concerns and how long ago were they raised? Did the police or a regulator investigate the concerns? What was the outcome?”

How would you find out whether “public concerns” have been raised, if you did not use “publically-available sources”?

You simply have to use newspapers, government sources, and a search engine if you are to find out whether public concerns have been raised. There is no other way. And of course the Charity Commission says so, recommending that “full use should be made of internet websites” to check donors.

Your duty

The Commission goes further, and reminds trustees that “…if the trustees have reasonable cause to suspect that a donation is related to terrorist financing, they are under specific legal duties under the Counter-Terrorism Act to report the matter to the police. In the case of money laundering, reports can be made to the police, a customs officer (HMRC), or an officer of the National Crime Agency.” The Commission suggests a threshold for reporting – donations of £25,000 or more.

But we are not done yet. Because if you have the slightest suspicion that the donor may be a bit iffy, the Charity Commission requires you to “…check the donor against the consolidated lists of financial sanctions targets and proscribed organisations.”

Gosh.

That means this list.

The list contains 8,885 names of individuals who are under sanctions. It includes their date and place of birth, their passport or ID number, and a biographic note such as “Manager of the branch of Syrian Scientific Studies and research Centre.”

That is personal information held in the public domain, that the Charity Commission requires us to review.

The Libya Connection

Why are four government agencies – the Police, HMRC, the National Crime Agency and the Charity Commission – interested in these checks?

In part, the story is linked to the London School of Economics, and the controversy over a gift from Libya. The result of the controversy was the Woolf Inquiry, which published its report in October 2011.

After a detailed study of the history of this gift, Lord Woolf made a series of recommendations on accepting funds from “less well known” high-value philanthropists including an inquiry into the sources of their funds (p. 69) and a thorough due diligence assessment (p. 22).

These searches are only possible with public domain information.

Catch-22

Under questioning at last year’s CASE conference, ICO spokesperson Richard Marbrow did allow that we could use public domain information for due diligence purposes. But he went on to say that this same information could not be used for assessing gift capacity because that would be an “incompatible purpose” for the use of data.

But that leaves us prospect researchers in Catch-22.

I cannot carry out full due diligence on all my prospects. To do so would be a scandalous waste of charity resources. The Charity Commission suggests that the threshold should be £25,000. So if I am to decide that Mrs A or Mr B must be checked via due diligence…I have to assess their gift capacity.

To do that, I need the help of a fifth government agency, Companies House.

Open for Business

Mr Marbrow cited Companies House various times during 2016, telling fundraisers and prospect researchers that because the information in Companies House was collected for one purpose – regulation – it could not be used for another – prospect research.

What does Companies House say? Here is their July 2014 press release*

“Companies House is to make all of its digital data available free of charge. This will make the UK the first country to establish a truly open register of business information.
As a result, it will be easier for businesses and members of the public to research and scrutinise the activities and ownership of companies and connected individuals. … This is a considerable step forward in improving corporate transparency…

It will also open up opportunities for entrepreneurs to come up with innovative ways of using the information.”

So, Companies House wants us to “research and scrutinise the activities and ownership of companies and connected individuals,” and to find “innovative ways of using the information.”

The Battle for Philanthropy

Prospect researchers are caught in the centre of a battlefield between government agencies, between “innovative ways” of using information, terrorism legislation, due diligence and privacy.

We must defend our corner of this bloody battlefield.

We need our friends in fundraising and philanthropy, in Parliament and in civil society, to support the sensible, ethical, managed use of public domain information in the search for philanthropists.

 

 

*I am grateful to a colleague at a leading University for pointing this out.

Chris Carnie is the author of “How Philanthropy is Changing in Europe”, published by Policy Press. He writes in a personal capacity.

The Edge of Privacy

We live in interesting times, privately.

Confusing, contradictory times, when lawmakers require us to lock-down data whilst revealing their intimate thoughts on Twitter. Times when it is OK for a dominant search engine to track our billions of tiny searches, for our wrist watch to measure and transmit our sleeping and walking in the name of fitness. Times when we choose to tell our life stories in Facebook.

And times when our private underbelly is revealed to the world. Two stories have exposed privacy in all its moral complexity; the Panama Papers, and the Ashley Madison data breach. Both have been stories about activities that are legal (being a director of an offshore company and having an affair, or both simultaneously, are not illegal activities.) Both are about normal immorality.

Both stories are to some degree about power. The Panama Papers show us that the powerful are willing to mix their businesses with drug dealers, dictators and money launderers in order to avoid taxes. If you need to be reminded about just how powerful these people are, bear in mind that just one person was prosecuted out of the 1,000 UK names released in the last big tax-related data breach; the Falciani/HSBC affair [Source: ‘Tax Havens don’t need reform, but abolition’, Richard Brooks, Guardian Weekly, 8/4/16]

Both the Panama Papers and Ashley Madison are about relationships, a subject at the heart of prospect research. John knows Jane because both of them invest in the same company in the British Virgin Islands. And John knows Mary because he signed up for Ashley Madison and she’s his new friend.

John is a donor to your charity. He’s in your database, and he has turned up in a screening (carried out, naturally, by Factary). We’ve spotted him in Companies House, a public domain data set, as a director of an investment firm in Holborn, so we have flagged him as interesting.

When you transferred the data to Factary you took the utmost care over the process, using our sFTP (secure FTP) site and thus ensuring that John’s details were encrypted and safe. You checked that the computer link was over a HTTPS network. You made sure that the data would be stored in servers in the UK, in a physically safe and secured building. You did that because you are a conscientious prospect researcher, using the best practice required by the law.

John did not take the same care. When he invested in the British Virgin Islands via Mossack Fonseca he did so through the open web, by email. He joined Ashley Madison the same way, signing up on their website; no encryption, no security. Worse, he was voluntarily exporting his data outside of the protection offered by the European Union through its Data Directive.

And now John has a photograph of him and Mary together at a work conference and he’s posted it on his Facebook page.

Where is the edge of privacy?

Is it the frontier between long standing public domain records and the new stuff, between Companies House and Facebook, for example?

Is it between voluntarily released information and stuff that is Wikileaked?

Is it between Victorian morality and modern – between a marriage notice in the Telegraph, and Ashley Madison?

Above all, is it where people of power dictate it should be? So that we are allowed to see the company directorships of the little people, but cannot see into the murky world of British Virgin Islands connections? Or into the equally dark corners of political connection and patronage?

This is where we are, like it or not, in prospect research. Prospect researchers live on the edge of privacy, using personal information that is in the public domain, for public good. We research John Doe in order to help our fundraising colleagues reach out to him for a donation that will benefit a poor person, or a scholarship kid, or an eye-opening cultural event.

But the power of research comes with a responsibility; it is our profession that must lead the debates on power and privacy, on public domain and private.

Thank goodness it is us, because prospect researchers have a special moral compass. We have chosen to work for causes we believe in, to make sacrifices (anyone want to talk about pay rates for researchers?) for something we believe to be right and good. We have chosen not to sit in the glory seat in fundraising; we are clearly not in this for vanity or fame. We know the value of information, and we have seen the intimacies and the inanities that people are willing to share on the web. We chose every day between information that is right and relevant, and rubbish.

Prospect researchers are the best placed people in the non-profit sector to describe where a private life becomes public.

But we had better get out there and get talking; our donors, our colleagues and our organisations need our guidance as we walk, together, along the edge of privacy.

Measuring the Immeasurable

We prospect researchers say it all the time. But I’m not sure that our fundraising colleagues really get it.

 

It’s immeasurable. No, we cannot give you a precise figure.

 

An individual’s wealth is a private affair. Just how private is being made clear by the Panama Papers. Here we can see how people from footballers to political leaders hide their wealth and their income from public view. These are just the types of people that we prospect researchers are asked to analyse and measure; what is her wealth, and what is her gift capacity?

 

Bear in mind that Mossack Fonseca is described as Panama’s fourth largest firm in this offshore business. The Legal 500 lists five more leading firms operating in this sector in Panama. There are hundreds more in Panama, and more in the British Virgin Islands, Cayman, Gibraltar and any number of other fiscal watering holes. We are seeing, even with the 2.9 terabytes of information from Panama, only a tiny slice of the full picture.

 

The OECD reports that 27 of the 34 OECD members “store or require insufficient beneficial ownership information for legal persons, and no country is fully compliant with the beneficial ownership recommendations for legal arrangements.” In other words, as campaigners such as Andy Wightman have shown in his books on land ownership in Scotland, we cannot know who owns companies or who controls trusts.

 

The UK is rolling out regulations that will expose some of this – although information on the control of trusts (not the charitable sort, these are legal trusts) will only be available to ‘competent authorities.’ A grey phrase that, we can assume, excludes the, er, incompetent public. Business shareholdings of 25% or more will mean a declaration of beneficial ownership. It is worth noting that many of the schemes outlined in the Panama Papers involve small but valuable shareholdings. As Jake Hayman has already noted in Forbes, this is relevant to philanthropy.

 

The Panama Papers have many implications for prospect researchers. They are another mine of information – you will have to decide for yourself whether this is good practice, or not – on wealth. They remind us that we must be cautious with our estimates of wealth and gift capacity. And they demonstrate that our due diligence is less than comprehensive; if we cannot know who controls a business that wants to donate to us, or we cannot say  which companies Samantha Supporter controls, then how can we measure whether she meets our due diligence requirement?

 

I suggest sticking this version of The Panama Papers on the door of the Prospect Research office in your organisation:

1. No, we can’t tell you how wealthy she is
2. No, we can’t tell you who owns that property
3. Don’t expect due diligence to be really diligent. We’ll do our best, but don’t ask us to hack any more Panama lawyers.

Due Diligence: can you accept that donation?

The Colonel and the College

In December 2008, London School of Economics approached Saif Gaddafi, son of the Libyan leader Colonel Gaddafi, for a donation. On the 23rd June 2009, the governing Council of LSE agreed to accept a gift of £1.5m from a group of companies in Libya, channelled via the Gaddafi International Charity and Development Foundation, controlled by Saif Gaddafi. This story emerged in the media only after the uprising against the Gaddafi regime began, in February 2011.

LSE was attacked in the UK press for having accepted the gift and the controversy grew so severe that by March 2011 the Director of the LSE Sir Howard Davies resigned. The LSE Council later funded an independent enquiry led by Lord Woolf.

As Lord Woolf’s report makes clear, all this was in the historic context that at the time when the gift was being considered, Libya was being seen as a potential friend by the West. The UN Arms Embargo against Libya had been lifted in 2003 and the Bush administration had removed Libya from the list of countries that sponsor terrorism in 2007. The Colonel had been met by Tony Blair in an official visit in 2007; the then Prime Minister saw Gaddafi as a potential ally. In 2009, Libya was seen as eccentric but progressing steadily in the right direction.

But just two years later the Colonel had become a reputational risk for LSE. The School’s reputation had been damaged, and the Director’s neck was on the block.

This story illustrates many of the issues in due diligence and major donors:

The Speed of Change

It shows how fast reputations can change. Your celebrity donor today can tomorrow be vilified because he has been caught, literally, with his pants down. Due diligence today is useful, but it is only of any value if it is a continuous, reviewed process.

Complexity

It shows how hard it is to measure reputational risk where there is complexity. This gift was supposed to come from a consortium of companies, in a country in which little or no corporate transparency exists, channelled via a foundation led by the son of a dictator. Complexity makes due diligence difficult. But major donors often lead complex lives and make gifts via complex structures.

Just what are we measuring?

What, in the case of the Colonel, was LSE supposed to be measuring with its due diligence work? The Colonel’s reputation with the politicians? His son’s reputation? The ways in which his wealth had been accumulated? Clarity in understanding what we are attempting to measure is a key part of due diligence work.

So, what is Due Diligence?

Due diligence is used in the context of “doing a thorough job of checking a prospect.” Up to now most of the focus in due diligence work has been on companies. But fundraisers are now asking for due diligence research on individual philanthropists, wherever there is a concern that reputations or finance could be at stake, or where there is a moral issue to untangle.

What can we check?

1. Is he who he says he is?

At Factary we were asked this recently. A man who said he was a Vicomte had been in contact with the nonprofit and there was talk of a very large gift, possibly into the millions. The nonprofit had started to cultivate the relationship with meetings and social events. The nonprofit’s in-house researcher was suspicious and asked us to carry out a due diligence check. It was difficult because he had covered his tracks well, but eventually we demonstrated that he was definitely not a Vicomte, definitely not French, and that lived in a very small house in Peckham. There were hints that he had done this kind of thing before, although no public reports of convictions. We reported our findings to the nonprofit who stepped away from the relationship.

Proving that a person is the person that they claim to be is difficult – you don’t normally ask potential donors for their passport or ID card – but it’s an essential part of due diligence.

2. Is there money, really?

Does she have the money – a key question for fundraisers – should also form part of a due diligence process, just as it would if you were a business and about to take on a new customer. This means researching wealth and income, shareholdings and properties.

3. The Source of the Money

The origins of the funds to be donated are researchable…in some cases. There are geographic limitations (I have tried, and failed, to identify the source of wealth of certain Russian oligarchs) and there are historic limitations (how far back do you really want to go? The source of her money? Or of her grandmother’s fortune?).

4. Criminal convictions

Due diligence research can reveal criminal convictions where these are recorded in the public domain. But some of this is of limited value. In Spain, for example, a common search will list the overdue parking fines of Spanish citizens – hardly the basis for “reputational risk.”

5. Reputation

This is the slippery, difficult-to-define word of the due diligence researcher. We can research reputation in the press and media (but is that not a very biased source?), we can research the circle of contacts that a prospect moves amongst, and we can ask people-who-know-people for their opinions.

The focus of reputation should be trustworthiness – the perception in the public mind that your organisation can be trusted. Your objective is to maintain and enhance your organisation’s trustworthiness. So reputational risk means; “If we link up with this donor, could this damage the public perception that we can be trusted?”


Can we Check Everything?

There is much about donors that we cannot check. Thankfully, most of us have lives that are private.

We can’t check on money held in banks – it’s private. We mostly can’t check wealth held through private trusts, or wealth held in certain jurisdictions (try the Netherlands Antilles, for example…) We can’t tell whether someone’s secret sexual activities will, tomorrow, be the subject of long-lens photo-“journalism” or of a kiss-and-tell story in the yellow press.

Ethical and Legal

There are ethical and legal frontiers too:

Data protection

You are simply not allowed to store defamatory material on people. So how are you going to record the (reputational risk-related rumour) that he was a diamond smuggler in his youth?

Nor can you store information on sexuality, health or religion. Any of these could, in some organisations, imply a reputational risk.

Researcher ethics

Those of us in prospect research live with clear ethical guidelines (see the Association of Professional Researchers for Advancement). For me, for example, this means that I am not willing to use private detectives or false “survey calls” to source information on philanthropic prospects. The first is too intrusive and the second is, simply, lying.

Real-Life Issues

In real-life fundraising we face other issues. For example, if the Director General says we should accept the money, what do we do? Do we stick to our agreed due-diligence procedure? Or does the DG’s political power mean that we take the money despite our concerns?

Other organisations question the whole moral basis of this type of research: “We don’t do due diligence on our normal consumer donors, so why do it with strategic or major donors?”


The debate starts here

There are no perfectly satisfactory answers to these questions. But we were in the same place over the issues that arose from starting prospect research 20 years ago.

In time we will together build the protocols and sector norms that we need to enable us to do a good job of being duly diligent. Now, we need the debate.

 

Factary provides due diligence research for clients. For more information contact Nicola Williams, Research Manager, nicolaw@factary.com

Factary’s Chris Carnie will be running a workshop on Due Diligence and Major Donors at next week’s International Fundraising Congress Noordwijkerhout, Netherlands.

This is a slightly extended version of a piece that first appeared in http://101fundraising.org

Diligence and due diligence

The media storm over the LSE’s gift from Gaddafi International Charity and Development Foundation – the story is explained in detail by LSE here – is an example of one of the many difficulties in running a due diligence process. Before the gift was accepted, the prospect research team at LSE (led by Dr Karl Newton, who is one of the best researchers in the UK) will have done a very thorough piece of due diligence research on the foundation, and provided colleagues with a balanced view of the prospect.

But what they, and no-one, could have predicted at the time was that the media view of their prospect/donor would change so dramatically in just a week, late February 2011. The same has happened with other prospects and donors. A charity that accepted a donation from BP on April 19th 2010 after a due diligence process would have to think very hard when, on the 20th, Deepwater Horizon exploded.

LSE has sensibly responded by describing the due diligence process that they went through before accepting the gift. They have been able to do so in part because of the diligence of their prospect research team, who, diligently, record and date all the research they do.

Karl Newton posed this as a question in a post on 9th March 2011 on prospect-research-UK:

“As well as looking at ethical policies you should also ask yourselves the question: How would anyone know what I did in two years time?”

“…an ethical policy goes hand in hand with prospect tracking and information management: What have you done, When did you do it, Where is it?”

Due diligence means diligence in the simple, basic stuff – record keeping, tracking, histories, a good database. Worth remembering when the boss asks why you’re spending time keying data.