Credit ratings are a familiar concept to most adults, especially in the United States, where the credit score is often what stands behind people and a cheaper loan or access to a mortgage or business loan. Credit scores gather together a variety of data points, quantify them, put them through an algorithm, and come up with a number: that number determines the likelihood that you will be a good debtor or not.

Credit ratings do the same thing, but they take things a little bit further with a qualitative analysis that adds a variety of unquantifiable issues. A great example would be the U.S. downgrade in 2011. At the time, political gridlock in Washington D.C. caused America to come close to not approving an increase to the debt ceiling that would have resulted in a default on American debt. The S&P ratings agency (yes, the same company behind the S&P 500) determined that to be a qualitative political risk, causing them to downgrade America’s credit rating from AAA (the highest rating) to AA+ (second highest). This had never happened in U.S. history before.

Since 2011, flirtations with the debt ceiling have become commonplace, including the most recent government shutdown relating to the debt ceiling in January 2018. But the wrangling was so controversial and new in 2011 that it justified a downgrade.

This brings us to our fourth and arguably hardest part of due diligence: assessing credit quality.

Fortunately, this is also the least important part of an analyst’s job, which is why most of it is outsourced to credit ratings agencies like Moody’s and S&P. But those agencies don’t rate all companies, so when an analyst needs to determine the creditworthiness of an unrated company, she must effectively take on the role of a massive multi-billion dollar corporation all by herself. This is obviously impossible.

Due to its impossibility, analysts will look for shortcuts. They will rely on the other kinds of due diligence—looking at management, customers, and accounting—to try to create their own credit rating. This is a good first step, but in addition to synthesizing other analysis, one must also talk to creditors and vendors.

This is an entirely new dimension to due diligence, and it involves different questions.

One must ask creditors if the company pays its bills on time, but also what kinds of agreements they have had for their bills. Have those agreements changed? Why have those agreements changed? Additionally, analysts must look at the credit records themselves to see if the company has made big changes to the capital structure. Is the company refinancing long-term secured debt into short-term unsecured debt or vice versa? Is the company using mezzanine loans responsibly? Is the company actually using loans for their intended purpose? Do capital flows match so that the company can keep paying its creditors—and could those flows change anytime soon?

This kind of analysis can feel like herding cats. In effect, the analyst is looking at thousands of different flows of cash from different groups of people to different groups of people to try to determine whether the flows all make sense—but unlike analyzing the forks of a river, these flows constantly change in unpredictable ways due to thousands of mitigating factors.

Credit due diligence can be so difficult and frustrating that many analysts simply give up. Again, an effort is important, because an analyst who misses major red flags by looking at the capital structure and debt trends can cause the loss of millions of dollars—and plenty of con artists are out there looking to take advantage of the complexity of credit due diligence.

In conclusion, due diligence is really all about determining whether your counterparty is as trustworthy as you would hope. In business, the Russian proverb “trust, but verify” is perhaps the most important edict to live by; the analyst’s job is to do as much verification as possible, while acknowledging that there are people on the other side whose job it is to make that verification as hard as possible.