By Max Cohen-Casado, Senior Associate, Forward Risk and Intelligence
Over the past few months, I’ve read a lot of articles from my contemporaries within the investigations industry about ESG. I read about the difficulty in measuring ESG amid a lack of standardized metrics, the increased awareness of investors and boards concerning ESG issues, the heightened ESG oversight from financial regulators, and an analysis of the merits of qualitative versus quantitative ESG measurements, among other topics.
I noticed that many of these articles were high-level, theoretical discussions filled with jargon that make them difficult for the average reader to parse. These authors often highlighted their own firms’ abilities to provide a “360 degree view” of a target company’s ESG standing, but seldom did I read an explanation of how exactly they would actually go about providing that comprehensive analysis. Here, I hope to fill that gap.
I like to start my investigations first by analyzing a company’s environmental track record. There is certainly more to the “E” part of ESG than just environmental violations. Issues such as supply chain oversight, use of renewable energy sources, and waste minimization are important, but searching for a company through relevant environmental regulatory databases can still provide valuable insight.
Normally I start by looking for media references to a company’s environmental track record. To find these I’ll search the company’s name alongside a curated string of words that are frequently used as markers of an adverse finding. The specific words that are included in this search string vary depending on the type of industry. I’ll also search the company’s various affiliates; oftentimes construction companies or energy companies will create separate entities for each development or project.
Next I’ll conduct a search of the EPA’s Enforcement and Compliance History Online database, followed by searches of state and local environmental databases, depending on the company’s jurisdictions of operations. Executing these types of searches provides a decent baseline and is an easy way to identify any glaring environmental red flags. However, they do not provide the full picture.
Often, the best way to get a more comprehensive understanding of a company’s environmental standing is through human intelligence or source inquiries. In previous cases we have conducted, interviews with a company’s former employees have uncovered lackluster adherence to environmental standards and blatant safety violations, among other environmental red flags.
The “S” component of ESG has become increasingly important as consumers feel the need to purchase from corporations that share their values. Recognizing this need, corporations often go to great lengths to make themselves appear to be responsible, inclusive, and fair employers.
As before, I usually start off in a search engine to catch any glaring labor or discrimination abuses that may have been picked up by mainstream media. I’ll once again use a search string that includes words commonly found in media reports about wage theft, union issues, or workplace harassment, or other typical “social” violations.
Next I’ll search PACER, the federal litigation database, for lawsuits pertaining to workplace discrimination or other labor-related matters. To find these relevant lawsuits, I’ll use the database’s filters to only search for specific “nature of suit” codes; these are usually Civil Rights 442: Employment and Labor 710 to 791, which include Fair Labor Standards Act, Family and Medical Leave Act, and Employee Retirement Income Securities Act cases.
After searching for litigation, I’ll delve into several regulatory databases. Both the National Labor Relations Board and the Occupational Safety and Health Administration have great internal databases of complaints and investigations into employers about pay violations, union disputes, unsafe working conditions, and other potential issues.
Another important source to search is employee review websites such as Glassdoor. Although some of the reviews may come from former and likely disgruntled employees, I try to look for patterns in the review. Sure, one complaint about sexist leadership may not be indicative of much, but four or five comments about a “male-dominated leadership” or a “good-ole-boys club” starts to paint a more compelling picture.
Finally, I’ve found that a great way to understand a company’s intentions is by looking at their political contributions. Occasionally, media sources will highlight examples of corporations donating to candidates and political groups that contradict their stated values. If these donations are not covered in the media, I’ll then look through the FEC’s database of contributions, then move on to state-level databases. Searching donations from the company’s top executives as well as the company’s affiliated PAC often reveal a stark contrast. All too many times I’ve seen companies that tweet about how inclusive they are, and how much they value their employees, then donate thousands and thousands of dollars to politicians that vote in favor of restricting LGBTQ rights, unionization rights, and other worker rights.
Corporate governance can seem challenging to measure, largely because of the high volume of components needed to evaluate, many of which are subjective and open to interpretation.
Fortunately for us, proxy advisors, the most well-known of which are Glass Lewis and Institutional Shareholder Services, have complex models on what good governance looks like. Every year, they publish annual reports with explanations of their recommended best practices; these exhaustively detailed reports explain their criteria for inclusion on a board’s committees, recommendations for executive compensation structures, guidelines for board diversity, and suggestions for shareholder voting protocols, among other information. Other institutional investors often publish reports in which they indicate how they intend to vote on governance: I also look to these sources for guidance.
One component that particularly interests me is board independence: are “independent” directors actually independent from the company’s executives? For each member of the board, I’ll create a list of their affiliations. While some of these affiliations are pretty easy to find, more thorough research is often required to find more elusive connections.
Once this extensive list is created for each board member, I can cross-reference and look for connections that may not have previously been disclosed in SEC filings. In previous cases, my colleagues and I have found a CEO and a supposedly independent director that were actually longtime golfing buddies at the same country club; an “independent” director who was the principal of the CEO’s children’s school; and a “independent” director who was the nephew of the chairman’s longtime professional mentor.
Another aspect of governance to watch out for is executive compensation structure: how much of it is tied to company performance, and how much is tied to ESG metrics? These sorts of compensation structures are increasingly common, and companies who employ them are typically not shy about it.
I like to look for not just if compensation is tied to ESG, but how much of it? A company’s proxy filings will usually delineate how executive pay is calculated. In addition to the percentage of pay tied to ESG, these filings will also reveal which ESG metrics the company actually uses. As noted previously, there is a lot of disagreement about which ESG metrics are best, so each company measures its ESG performance in a different way. Despite this ambiguity, I find that seeing an explanation of both how much pay is tied to ESG, and which criteria are actually used, I can better understand if a company is actually interested in pursuing ESG goals or if it’s simply paying lip service to a trendy concept.
By focusing on what an ESG-focused investigation actually looks like in practice, I hope that I was able to cut through the fog to make the process more tangible. Now that the concept of ESG-minded investing is so widespread, I believe that discussions moving forward can be focused more on the implementation of the investigative process and less on highly abstract and conceptual discussions.
By Paul Sebastian, Senior Associate, Forward Risk and Intelligence
As many hard-core true crime fans might know, in criminal forensics, there is a general rule known as Locard’s exchange principle. This principle states that when a crime occurs, the perpetrator will bring something to the crime scene and leave something at it.
While most researchers in the due diligence industry do not typically have a background in criminal investigations, a modern corollary to Locard’s principle is important to keep in mind: whenever an individual touches the internet, that user brings something – usernames, IP addresses, email addresses, etc. – and will leave a trace of their presence. Searching for and finding these traces on all three layers of the internet is a hallmark of an expert open-source investigator.
The internet is generally broken down into three layers: the surface web, the deep web, and the dark web.
The surface level is where web crawlers index websites and information, making it discoverable to researchers via search engines like Google or Bing. On this level, an investigator conducting research on a company executive, for example, may find news articles and profiles on popular social media platforms like LinkedIn. The use of advanced Google operators – known as dorking – can reveal otherwise buried search engine results, but this layer is still dependent on the indexing of the website on which the information resides. The information garnered from surface-level searches would be the equivalent to a detective finding broken glass at a burglary scene: it is valuable evidence, but its discovery is only the tip of the iceberg.
Just below the surface of the internet lies the deep web – which is far more interesting from an investigative perspective. Experienced and knowledgeable investigators with a strong attention to detail can exploit this layer to discover very valuable results. This layer of the internet encompasses hard-to-find or otherwise forgotten information such as legal and academic records, foreign language databases and sources, subscription-only information, and archived versions of websites. Web crawlers do not, or cannot, index this portion of the internet.
According to estimates from 2001 (the most recent available), the surface web contains 19 terabytes of information, while the deep web contains 7,500 terabytes, and since then the divide has grown exponentially, with more recent estimates placing just 1 percent of all information on the internet in the surface web. Examples on this layer of the internet include local court records and information found on genealogy sites like Ancestry.com. No amount of research using a search engine will uncover the valuable information found on this layer of the internet.
There is one final layer that experienced investigators search: the dark web. This layer is intentionally hidden from normal search engines, and its data is encrypted, requiring a specific web browser to discover. While there are legitimate reasons to use the highly-private dark web, it is on this layer that researchers will most likely find illicit activity and compromising information.
One of the most important pieces of data found on the dark web is data breach information. After a hacker steals log-in credentials from a website, these credentials will often appear on the dark web. Reviewing these compromised credentials – usernames and email addresses – may inform further surface and deep web searches, revealing previously-unknown social media profiles or blog activity. Finding these hidden or obscure social media accounts may provide greater Insight Into a subject’s personal connections, Interests, and history, which the subject may have believed was safely concealed behind an alias username, thus providing an investigator with greater insight into a truer picture of the subject aside from a carefully curated public persona.
There is also a thriving dark web market for the login credentials of users at websites containing extortionable information, such as Ashley Madison and Epik. Discovering that a subject had an account on these controversial sites can be a key piece of information when constructing a holistic picture.
Together, information found on the deep and dark web is the nonobvious evidence akin to a crime scene technician lifting fingerprints, documenting DNA, or finding other clues not readily apparent to the naked eye.
At Forward Risk, our trained and skillful investigative team frequently provides clients with insight into the hidden characters of our subjects. Our reports include extensive deep web research, as well as a section dedicated to dark web research. This has provided clients with industry-leading insight into subjects of interest. The following examples show how Forward Risk’s deep and dark web research skills can provide more actionable information than research that focuses only on the surface of the web.
One important facet of deep and dark web research is the investigation of known IP addresses and web domains for a subject. In one case, our researcher discovered several inactive web domains previously registered to a subject. It was discovered that this otherwise-unassuming subject had once registered several questionable, race-related domain names that raised concerns about their judgment.
Often, sexual behavior and proclivities are a source of controversy and risk, but knowing this, people often attempt to obfuscate their activity online. One of our investigators was conducting opposition research on a political candidate and, using an email address discovered on the deep web, uncovered this candidate’s account on an adult website, in which he commented on videos “grading” women and made demeaning comments about his wife. In today’s political climate, this information can end a candidacy without further argument.
Information found on the deep and dark web can also inform a client on how to interact with a potential business partner. In one case, an investigator was conducting due diligence research on the founder of a tech startup seeking an investment from that client. Dark web research easily identified the passwords for several of the founder’s email accounts, all of which were common words easily brute forced by a computer program, meaning a computer program could easily guess the password. This signaled poor IT security practices, which does not augur well for the founder of a tech company, and it gave our client the knowledge that communications with the founder were vulnerable to a leak or hack. (A quick disclaimer when accessing dark-web data: Open-source researchers must take great care when accessing dark and deep web information, adhering to all applicable laws. Any passwords that may be discovered during research cannot be used to gain unauthorized access to any computer system.)
These examples show the value of research that goes beyond the surface level. By engaging professionals with expertise in deep and dark web investigations, clients seeking information about an executive they are planning to hire, or a company in which they plan to invest, may rest assured that they will be armed with comprehensive findings with which to make an informed business decision.
WASHINGTON–(BUSINESS WIRE)–Forward Risk and Intelligence is proud to announce that legendary corporate investigator Ernest Brod, founder and CEO of Brod Global Intelligence (“BGI”), has joined its Advisory Board. Brod will continue to lead BGI as CEO.
Brod founded BGI after an unparalleled career in the investigations sector. He was most recently a Managing Director at Alvarez & Marsal, leading the firm’s business intelligence practice. Prior to that, he held leadership positions at Deloitte FAS, Navigant Consulting, and Kroll.
Alongside Brod’s appointment to Forward Risk’s Advisory Board, the two firms are partnering to offer their clients industry-leading investigations services. Forward Risk’s lean and nimble in-house operations, combined with BGI’s decades of expertise and global network, will offer both firms’ clients cutting-edge intelligence on matters including proxy contest defense, asset traces, and executive- and director-level due diligence.
I’m pleased to join the Advisory Board of the gold standard in U.S. investigations. This partnership with Forward Risk will bring to BGI the experienced, capable resources to extend our leadership position in corporate contests, global asset searches, and cross-border due diligence.
— Forward Risk Senior Advisor Ernest Brod
Forward Risk is a corporate investigations, intelligence, and risk advisory firm that provides tailored investigation and litigation support, investor due diligence, and strategic intelligence services. Our unique approach combines well-honed industry savvy with bespoke reporting to deliver value-driven information tailored to meet complex client needs. Staffed by a diverse team of professionals including former attorneys, investigative journalists, intelligence community alumni, and other government affairs experts, we help clients navigate transaction and dispute lifecycles by providing investigation and litigation support, investor due diligence, and strategic intelligence services. We marry comprehensive rigor to the curation of narrative context, which ensures that our clients receive actionable intelligence in the unique context of their specific engagement and objectives.
Brod Global Intelligence (“BGI”) is a New York-based investigations and intelligence firm led by legendary corporate investigator Ernest Brod. BGI provides an array of specialized investigative services to attorneys, investors, and corporate executives, including litigation support, investigative due diligence, asset tracing, and fraud investigations. BGI sets itself apart by executing on the vision of its founder, a pioneer in the field who is committed to providing outstanding results for clients.
If you have any questions or comments, or would like to suggest a topic for further discussion, please email our Co-Founder Brendan Foo – Brendan [at] forwardrisk.com.