AI Is Shifting Diligence Focus from Vendors to Proprietary Systems

The biggest theme to open the conversation was not AI replacing analysts. It was AI creating a new diligence surface that current frameworks were not designed to cover.

The concern is specific: smaller firms are increasingly building their own tools using AI platforms to create internal workflows, data extractions, and automation without formal engineering involvement or oversight. What emerged in discussion was a phrase that captured it well: the rise of the "citizen coder." Business users are building applications that sit alongside vendor systems, and in some cases quietly supplement them, without the controls, documentation, change management, or audit trail those vendor systems carry. Vendor use is not diminishing. The risk surface is expanding.

That creates a fundamental asymmetry in how allocators currently review managers. Most ODD frameworks are calibrated to vendor relationships: who does your fund administration, what is their SOC certification, does your cybersecurity vendor have ISO 27001. The proprietary layer, the spreadsheet model one person built and maintains, the AI-powered workflow that lives on a laptop, largely escapes that review. Internal penetration testing and systematic review of these fault lines is something very few firms have extended to their AI-enabled workflows. That is a governance gap that has not yet been named as such in most ODD questionnaires.

AI tools are not particularly hard to learn or deploy. What remains difficult, and what allocators are increasingly expected to assess, is whether the people building and using them understand the business, the data, and the controls environment those tools now touch.

Business Knowledge Still Outweighs AI Skills in Hiring

The conversation about AI in diligence workflows led naturally into a discussion about what it means for hiring, and what emerged was more conservative than the market narrative suggests.

AI skills are useful. They are not a substitute. Firms will continue to need people who understand the business, understand where risk sits, and know how to exercise judgment when an output needs to be questioned. AI may accelerate the surface-level work. The harder work, knowing what to do with an answer, whether it is right, and what it means for a specific manager in a specific context, still requires domain knowledge and critical thinking.

Firms will increasingly prefer candidates who understand how the business works and where risk lives over candidates who bring only technical or AI fluency. The former can learn the tools. The latter often cannot learn the business fast enough to use the tools well.

A longer-horizon question surfaced: what does ODD look like in ten years if everyone is using AI? If AI handles the routine extraction and comparison work, does the next generation of analysts develop the reading and reasoning skills the work currently requires? If associates are no longer working through LPAs clause by clause, will they know how to read one when it matters?

AI Is Already Live in Background Check Workflows

Court document review is a significant component of background check work across functions, not only ODD, and it is one of the clearest live AI use cases in the industry right now. Court records are dense and slow to process at scale. Teams are running them through tools like Copilot or Perplexity for a fast initial read on materiality. Some are using workflow tools that scrape headlines and send automated notifications when a flagged name surfaces. The AI handles extraction and preliminary categorization. The analyst handles the judgment call.

Other active use cases in this space:

• Adverse media review and sanctions screening across key persons and entities
• AML matching against known lists within background check provider platforms
• Automated monitoring for flagged names across regulatory filings and news

The categories that receive the most attention are not fixed. They shift with market events and the reputational contexts of a given period. AI helps with volume. Knowing which signals matter still requires practitioner judgment.

Structured DDQs Still Have Value Despite AI Extraction

A recurring question in the industry right now is whether the structured DDQ is becoming obsolete. If AI can extract answers from a manager's existing documents and prior DDQ responses, why ask managers to complete one at all?

That conclusion did not hold. Structured DDQs hold real value for reasons AI extraction cannot replicate. One participant put it directly:

Beyond the individual response, a structured DDQ creates a queryable dataset that enables consistent comparison across managers. When a manager prepares a DDQ, they are deciding what to emphasize - that editorial choice is itself a signal. An allocator-specific DDQ captures something different: what the allocator wants to know, which cannot be inferred from the manager's own documents. One participant also noted the value of peer benchmarking: seeing how a manager's responses compare against a broader universe is only possible when data is collected consistently.

From DiligenceVault's perspective, teams that deal in volume or operate under regulatory oversight are finding that structured data collection is the prerequisite for scaling review without sacrificing depth. The DDQ is not just a questionnaire. It is the foundation for every comparative step that follows.

A reciprocal point: being mindful about DDQ length and relevance matters. Focused, well-constructed questions produce more substantive responses. An exhaustive questionnaire with questions that do not apply to a manager's structure signals that the process is more administrative than analytical.

Transcription Tools Raise Governance, Consent, and Records-Retention Concerns

Meeting recording and transcription tools generated significant discussion, and the concerns were more specific than a general caution about new technology.

The legal layer surfaced first. Participants noted that Massachusetts and California are both all-party consent states, with obligations that flow from state wiretapping statutes, and that whether a transcription tool constitutes "recording" for purposes of those statutes was a live question at several firms. At least one had recently resolved it through counsel. Consent practices at many firms remain inconsistent or informal.

A practical dimension some teams are navigating: investment staff are using transcription tools in manager meetings specifically to stay present in the conversation rather than focused on note-taking. That is a genuine benefit. It does not resolve the consent question, and it surfaces a records-management issue the firm may not have anticipated.

On retention: some firms retain transcripts for approximately two weeks and then delete them, providing a usable review window without creating an indefinite records obligation. Whether that is defensible depends on the firm's specific regulatory situation. Some firms have had tools expressly approved by compliance because they are auditable. Others have strict policies prohibiting staff from joining any recorded call.

Key questions the discussion worked through:

• Should transcription be off-limits for certain meeting types, such as investment committee discussions?
• If a summary is retained and the underlying transcript deleted, which document governs, and does the firm own liability for what the summary says?
• Should policies be audience-based rather than a single firmwide rule?

Several firms had updated their transcription policies within the past year, almost always after counsel weighed in rather than before.

AI Governance Will Likely Be Driven by Incidents

Most firms are still early in building AI governance frameworks, and the thing most likely to accelerate that work is not a compliance requirement. It is an incident.

Shadow AI usage was identified as the most immediate live risk. Employees using unsanctioned tools to process sensitive data, portfolio information, investor data, confidential manager documents, is happening at most firms, often without those employees understanding the governance gap it creates. The risk is not theoretical. The question is which firm and which incident surfaces it first.

Two structural developments flagged as likely to accelerate formal governance:

• A significant AI-related incident at a peer firm or counterparty, data exposure, process failure, or reputational event, which typically catalyzes rapid policy-building across the industry in ways that preemptive compliance rarely does.
• LPA evolution, as investors push for contractual limitations on how managers can deploy AI on investor data, portfolio information, or confidential materials. Several participants expected this to become a standard LPA negotiating point within a few cycles.

The pattern is familiar. It is how cybersecurity governance matured: incident, followed by disclosure requirements, followed by governance expectations, followed by diligence threshold. AI is on the same arc, running faster.

Valuation Scrutiny Is Increasing, Especially in VC, Private Credit, and Hedge Funds

Valuation was one of the most substantive discussions of the afternoon. The concern is not new, but the intensity is rising. Participants noted increasing regulatory attention from the SEC and FCA around consistency in private asset valuation methodologies, particularly where management fees or performance fees are tied to reported NAV.

The baseline issue: in the absence of a clear market event, some GPs continue to hold positions at cost for extended periods. This is viewed as more concerning in fund structures than in direct investments. In a fund, a stale or elevated valuation directly affects management fees. The manager has a structural incentive to be slow to mark down.

Managers do not usually share the independent valuation agent report/opinion as it may be a requirement from the IVA not to share externally. Independent valuation agents can vary significantly in how deeply they review underlying positions. In some structures, the agent's involvement is more formal than substantive, and practical authority over marks remains with the manager, recreating the same conflict the structure is meant to prevent. Stale data in private credit portfolios, particularly during periods of spread movement, was flagged as an underappreciated concern.

LPACs were a specific point of skepticism. The approval process can function more as a formal step than a substantive review, particularly where LPAC members are passive or where the manager controls the information presented.

Other areas of focus:

• Hedge funds holding private positions: how those positions are marked, and whether management fees apply to the private sleeve
• Whether private holdings should be side-pocketed or structured as SPVs, and whether some investors did not opt in appropriately at fund formation
• Assets in geopolitically sensitive situations, including sanctioned positions marked to zero where future upside is possible if restrictions lift
• VC valuation methodologies, which have received more focused attention over the past year

One constructive development: managers have become more open to moving from annual valuation reviews to more frequent processes, which participants read as a response to allocator pressure, even if a slow one.

Fee Pressure Is More Narrative Than Reality

The room pushed back on a prevailing industry narrative: that managers are accepting structurally lower economics because of investor pressure, and that this is driving them to cut corners on operations.

The challenge to that framing was direct. While managers frequently cite fee pressure in conversations with allocators, many are finding ways to maintain or recover margins through channels that are less visible than the headline management fee. Fund expenses, soft dollars, pass-through expenses, professional fee arrangements, and in-house services billed to the fund are all mechanisms through which fee economics get reconstructed without changing the management fee line.

The room was not unsympathetic to the cost side of the argument. Allocators broadly acknowledged that managers need sufficient economics to run a real business: technology, compliance, operations, and talent at a level that actually protects the portfolio. No-management-fee structures can look attractive at first glance, but the consensus was skepticism about their long-term sustainability and about what gets compromised when the headline fee disappears but the business expenses do not.

The practical implication for diligence: reviewing expense allocations, pass-through structures, and in-house service billing arrangements is increasingly material to understanding a manager's true economics and where operational risk is actually being carried. Most limited partners are price-takers on fee terms. The place where scrutiny still has teeth is in understanding what is being passed through and on what basis.

Secondaries Diligence Depends Heavily on Process and Access

The discussion of secondaries diligence surfaced a fundamental tension: the economics of participating in many processes create pressure to spend less on diligence per opportunity, but the risks that go unreviewed in a light-touch process are real.

The structure of the process determines the depth of the review. LP-led secondaries tend to offer limited portfolio visibility and proceed with lighter ODD, sometimes without full background checks. GP-led secondaries involve more direct manager engagement and allow for more thorough review, though turnaround timelines are often compressed.

Specific areas commonly missed or underweighted:

• Latest LPA version and all amendments: it is easy to review the original document while missing material changes made through subsequent amendments
• Broker and intermediary arrangements, and the fee and conflict structures they create
• Reputation risk for advisors bringing portfolios to market: legal liability may be limited, but reputational exposure from bringing a problematic portfolio to market is not
• AML screening of key persons and entities against sanctions and adverse media lists, even in compressed-timeline processes

The broader principle: the quality of the process you get depends on how you sit in the manager's eyes. A credible allocator with a meaningful check size and a track record of closing gets a different experience than a new relationship bidding at the margin.

ODD in Five Years: What Is Fading and What Is Taking Its Place

Which risks that consume meaningful diligence attention today will be less relevant in five years, and what will replace them? The discussion was specific.

Vendor due diligence does not disappear, but the weight of the review shifts. The question of whether a manager's administrator is robust becomes less central than the question of what the manager has built themselves. AI governance, proprietary tool risk, and data management practices are accumulating the kind of momentum that BCP and vendor governance had when they became central to the diligence agenda a decade ago.

What Is Connecting ODD Right Now: The Governance Gap Is the Thread

Across ten areas of discussion in Boston, a single pattern kept surfacing. Whether the topic was AI tool adoption, transcription policies, fee pass-throughs, or the hiring question, the underlying dynamic was consistent: practice moves faster than governance, and governance typically gets built after something goes wrong.

This is what is top of mind for ODD leaders right now: not whether governance will catch up, but how much ground it has to cover. Cybersecurity governance matured after incidents. BCP review became rigorous after Sandy. Background check categories expanded after specific reputational events. The process has always been reactive by nature. The question is whether the AI governance cycle runs on the same timeline, or whether the stakes of an incident are high enough to compress it.

What DiligenceVault sees across our allocator and manager network is that the firms navigating this well have one thing in common: they have structured data. Structured records of diligence history. Consistent baselines that let them see change, spot anomalies, and compare across a universe rather than reviewing each manager in isolation. The firms that invested in structured data collection early arrive at the next risk category with a dataset that already exists, baselines to compare against, and the ability to ask better questions faster. That compounding value is what separates structured diligence programs from ones that restart the process with each new manager or each new risk theme.

That structured dataset also generates something no single allocator can produce on their own: a view of how industry practice is actually evolving. Are 97% of managers converging on a standard answer to a given operational question, or is the response genuinely 50/50? Is a practice that looks like an outlier in your portfolio actually the norm across the market? Those are questions that require a network to answer. A consistent, structured data layer across thousands of manager relationships is what turns diligence history into market intelligence.

That is what connecting ODD looks like from where we sit: not a single tool or workflow, but a consistent institutional memory that accumulates value over time and becomes more useful as the risk landscape shifts. The peer conversations we host across cities are part of how that institutional memory gets built. These takeaways are an attempt to share it back.

What Allocators Are Looking At: Signals Across Ten Discussion Areas

These conversations are designed for allocators, but the intelligence they surface is directly relevant to managers. What follows draws on the full discussion, not as guidance, but as a signal of where allocator attention is moving and what preparation looks like from the other side.

The discussion also turned to what managers find difficult today. Two themes came through clearly.

The first is repetitive diligence across multiple allocators with no standardization. Managers are completing overlapping questionnaires, responding to the same questions in different formats, and rebuilding the same information set for each relationship. There is no shared baseline, no common data layer, and no way to respond once and have that response travel. The allocators in the room understood the friction. The question is whether the industry builds toward standardization or continues to treat fragmentation as a feature of the diligence relationship.

DiligenceVault's Blaze data layer is designed to address exactly this: a shared infrastructure that allows managers to respond to diligence requests in a structured, portable format, reducing redundancy without removing the allocator's ability to ask their own specific questions. The goal is not to collapse diligence into a commodity check. It is to eliminate the overhead that sits below the substantive conversation.

The second is fundraising difficulty, particularly in private markets. The allocator view on this was specific: the unlock is DPI improvement. Capital is sitting with allocators who want to redeploy, but distributions need to flow before new commitments follow. That is a market timing issue, not a manager quality issue, and it means the fundraising environment in private markets is more a function of portfolio realization pace than of any individual manager's merit case.

On proprietary AI tools: Allocators are beginning to ask about internally built tools alongside vendor relationships. The questions that are starting to appear in diligence processes: who built it, who maintains it, what happens if that person leaves, and has anyone outside the firm reviewed it. Documentation and change management on internally built workflows, even lightweight ones, are worth establishing now.

On AI governance more broadly: The expectation is that formal AI governance frameworks will become a standard part of ODD review, in the same way cybersecurity policies did. Firms that can articulate a clear policy on approved tools, data handling, and oversight of AI-enabled workflows are ahead of where most of the industry currently sits.

On transcription tools: Whether your firm uses recording or transcription tools in meetings with allocators or their teams is becoming a question with compliance implications on both sides. Firms with clear, counsel-reviewed policies on consent, retention, and approved tools are in a more defensible position than firms where practice has evolved informally.

On valuations: The scrutiny on private marks is deepening, particularly on the process behind valuations, not just the marks themselves. Who is involved in the valuation review, how frequently it happens, what the LPAC's actual role is, and whether an independent agent's involvement is substantive or formal are all questions that experienced allocators are pressing harder than they were two years ago.

On fees: The conversation has moved downstream from the headline management fee. Allocators are reviewing what sits in fund expenses, how professional fee arrangements are structured, and whether in-house services billed to the fund are priced at market. Transparency on these items, provided proactively rather than in response to a specific question, tends to build more confidence in a diligence process.

On DDQs: Allocators who send structured DDQs are doing so for a reason the manager's own documents cannot satisfy: they want to know what you would say to their specific question, not what you chose to include in your marketing materials. Treating a DDQ as a structured conversation rather than a compliance form, and answering with specificity rather than generality, is what builds the baseline a meaningful manager-allocator relationship depends on.