Portfolio Company Fit-and-Proper: When VCs Can Be Held Liable for Founders
Venture capital partners primarily see themselves as capital providers, not employers or supervisory bodies. In their own view, responsibility ends on the day the capital commitment is made, while operational leadership rests with the founding team. Economically, that division makes sense — legally, it is increasingly porous. Depending on the board setup, side-letter wording, and the regulatory status of the portfolio company, a fund manager may become personally liable, the general partner jointly and severally liable, or the fund itself legally responsible if the management of a portfolio company turns out to be unfit and the fund could have identified that unfitness with reasonable care.
The term "fit and proper" comes from Anglo-Saxon financial regulatory law and, via EU directives, FINMA practice, and BaFin circulars, has long since entered continental European compliance thinking. This guide shows which specific liability triggers arise for VCs, how LP side-letter language codifies these risks, and what operational consequences follow for pre- and post-investment due diligence.
The forgotten layer of obligations: LP side letters and fund constitutional documents
Institutional limited partners — German savings bank associations, Swiss pension funds, Austrian insurers, family offices with their own investment committees — have increasingly negotiated detailed side-letter language on governance matters since the regulatory tightening of recent years. Typical clauses cover:
Reasonable Care Standard: The general partner commits to applying "reasonable care" or "commercially reasonable efforts" when selecting and continuously monitoring portfolio companies. This formula is the bridge through which duties of care flow from the fund to the GP and then to the individual fund manager.
Governance Reps: The GP represents that no portfolio company will knowingly be staffed with executives who are on sanctions lists, treated as politically exposed persons without adequate controls, or implicated in material proceedings involving money laundering, fraud, or tax evasion.
Reporting Obligations: Material events at portfolio companies — investigations involving management, C-level departures without a disclosed reason, media reports of misconduct — must be reported to LPs within defined timeframes.
Indemnification Carve-outs: The indemnification clauses typically granted to GPs are increasingly limited once gross negligence or intentional misconduct is involved in portfolio selection or monitoring. In other words: if you simply do not check anything during DD, you cannot rely on the indemnification clause when damage later arises.
These clauses are not just paper tigers. For large US LPs (CalPERS, Harvard Management Company, Yale Endowment) and their European counterparts, documented portfolio governance is part of the annual fund review. A GP that cannot produce structured fit-and-proper documentation on request risks a downgrade in internal ratings, reduced follow-on allocations, and in extreme cases damages claims from LPs if a documented failure can be proven.
Fiduciary duty toward LPs: more than a courtesy construct
Under German law, the fiduciary duty of a GP toward the LPs is initially structured under company law as a duty of loyalty owed by the KG general partner to the limited partners, supplemented by the contractual duty framework of the Limited Partnership Agreement. Under Swiss law, it arises from the duty of care and management responsibility under the Code of Obligations; under Austrian law, from the UGB limited partnership structure and related contractual documents.
The common denominator: the GP owes the fund vehicle — and, through it, the LPs — proper discretion in all material investment and governance decisions. Breach of this duty gives rise to damages claims if (1) there is a breach of duty, (2) the fund has suffered loss, (3) there is causation between the breach and the loss, and (4) the GP cannot exonerate itself. Point (4) is the central defense line — and it stands or falls with documentation of the diligence applied.
A GP that invests EUR 20 million in a FinTech and whose CFO loses market trust twelve months later because of proven balance-sheet manipulation at a prior company will have to answer one question in the ensuing LP discussion: "What did you check before the investment, and how did you document it?" The answer, "we met the CFO personally and had a good feeling," is no longer sustainable in a regulatory environment that increasingly demands process and documentation evidence.
Corporate law liability in board mandates
As soon as a VC does not just provide capital but also takes a board seat, the liability position changes fundamentally. Three scenarios need to be distinguished:
Board Observer: The fund representative has the right to attend but no voting rights. Legally, an observer mandate is not an organ position. From a liability perspective, it offers the greatest protection, but operationally also the least control. In Germany and Austria, this can be structured through an advisory-board or guest position on the supervisory board/administrative board; in Switzerland, typically as an observer on the board of directors.
Board Member: The fund representative assumes a genuine organ role as a supervisory board or board member. This triggers the full duties of care and loyalty under Section 116 AktG (Germany) or Art. 717 CO (Switzerland), or corresponding Austrian rules. Personal liability for misconduct by the portfolio company does not arise automatically, but it is no longer excluded once the supervisory body breaches its duties.
Shadow Director: A fund representative who is formally neither an observer nor a member, but in practice exerts management influence (through regular instructions, veto rights over investor consent matters, direct involvement in personnel decisions), may be treated under UK and US doctrine — and increasingly also in continental European case law — as a de facto director, with corresponding liability consequences.
Board-member scenarios in particular are not trivial from a liability standpoint: if a supervisory board member approves a CFO proposal without conducting an appropriate review of the person, and that CFO later turns out to be unfit, this may constitute a breach of supervisory board duties. The classic business judgment rule protects only entrepreneurial decisions made on the basis of adequate information — and "adequate information" implies a structured fit-and-proper review when it comes to personnel decisions.
Case studies: Wirecard, FTX, Theranos
Three cases from recent years illustrate how investors can become exposed to liability when fit-and-proper checks are omitted or carried out superficially:
Wirecard: Several institutional investors — from German pension institutions to international hedge funds — held significant positions without the reports on questionable accounting practices circulating since 2015 leading to divestment. After the insolvency, various damages claims have been filed, including against former supervisory board members and auditors. The litigation argument commonly runs that structured adverse-media monitoring and personal review of management would have made certain risks identifiable earlier.
FTX: Sequoia, Temasek, Paradigm, and BlackRock collectively invested capital in FTX. After the collapse, Sequoia wrote off the entire position (around USD 210 million). The ensuing public debate centered largely on what due diligence had been performed on Bankman-Fried personally. The answer — visibly minimal personal review, reliance on other investors’ due diligence — remains a warning tale in the LP community.
Theranos: Several prominent board members (including former foreign ministers, generals, and pharma executives) were named in civil proceedings, even though they were not accused of personal knowledge of the fraudulent acts. The lesson: board membership alone is enough to get drawn into legal proceedings once a portfolio company systematically misleads. Personal liability threatens as soon as supervisory activity demonstrably falls short of the required standard.
Concrete duties for pre- and post-investment DD
These liability triggers have concrete operational consequences. The distinction between pre- and post-investment monitoring is central:
Phase | Duty | Documentation requirement |
|---|---|---|
Pre-investment | Structured background screening of all C-level executives and key shareholders | Audit-ready review report with data sources and review date |
Post-investment (ongoing) | Regular screening of all portfolio CxOs and board candidates | Monitoring logs, alert records, escalation decisions |
When filling a new role in the portfolio | Repeat fit-and-proper review before appointment | Board minutes with reference to the review report |
When material events occur | Ad hoc review and LP notification | Incident log, documented LP communication |
This matrix is the pragmatic starting point. It is not exhaustive — every fund structure and every portfolio composition requires its own fine-tuning — but it answers the core question of every LP audit: "What do you check, when, and where is the evidence?"
What applies in Switzerland, Austria, and across the EU?
The liability landscape is jurisdiction-specific. Three regions deserve differentiated consideration.
Germany
If a portfolio company is a regulated financial services provider, the fit-and-proper requirements of German financial supervisory law apply directly. Central here is Section 25c KWG, which requires professional competence and personal reliability of management for credit institutions, supported by Section 25a KWG (risk management) and BaFin circulars on "suitable managers." For insurers, parallel requirements apply under Section 24 VAG. Violations lead to supervisory measures against the portfolio company itself, but may also affect the investing fund under ownership control rules pursuant to Sections 2c, 2d KWG if the stake exceeds material thresholds. From a corporate law perspective, Section 116 AktG in conjunction with Section 93 AktG applies to board members — duty of care and liability, with the business judgment rule privilege.
Switzerland
For Swiss FinTech and banking startups, the Banking Act (BankG) applies, especially Art. 3 BankG — licensing requirement and assurance of proper business conduct by persons entrusted with administration and management. The FINMA concretizes this requirement through its supervisory practice; violations lead to license withdrawal or conditions. For asset managers, the Financial Institutions Act (FINIG) also applies, which sets out comparable fit-and-proper requirements in Art. 11 FINIG. From a corporate law perspective, Art. 717 CO governs the duty of care and loyalty of board members; Art. 754 CO is the key liability provision for board, management, and audit bodies in case of breach of duty.
Austria
For credit institutions, the Banking Act (BWG) applies, especially Section 5 BWG (requirements for authorization), with explicit requirements for the professional and personal suitability of management. For asset managers and venture funds, the Alternative Investment Fund Managers Act (AIFMG) is relevant, which provides for reliability and expertise checks under Section 4 AIFMG both for the AIFM itself and for qualified participants. Supervision is carried out by the FMA. From a corporate law perspective, Sections 99 ff. AktG (Austrian Stock Corporation Act) apply to supervisory board members, with a corresponding liability structure.
Across the EU
At EU level, the AIFMD (Alternative Investment Fund Managers Directive, 2011/61/EU) is the central framework for alternative investment funds. Among other things, it obliges AIFMs to establish risk management and compliance functions, including the assessment and monitoring of the management of material portfolio companies. With the AIFMD II reform (Directive 2024/927/EU, to be implemented by April 2026), these requirements are tightened, especially in the areas of delegation and liquidity management. For regulated portfolio companies in financial sectors, the fit-and-proper guidelines of the EBA, ESMA, and EIOPA apply, increasingly establishing consistent standards for C-level suitability. With the entry into force of the AMLR (Anti-Money-Laundering Regulation) and the new EU supervisory authority AMLA from 2027 onward, personal due diligence will be further harmonized.
CSRD and ESG: the next compliance wave
The Corporate Sustainability Reporting Directive (CSRD) expands reporting obligations to ESG dimensions, including governance. For large VC funds — especially those backed by insurers or pension funds — integrating CSRD-equivalent reporting obligations at portfolio level is becoming a reality. For the second and third waves (financial years 2026 and 2027), additional company categories are included, including numerous mid-market portfolio companies. The governance dimension requires transparency about how management is selected, monitored, and assessed against integrity criteria. Funds that do not structurally screen their portfolio CxOs will increasingly struggle to report credibly against CSRD requirements.
Conclusion: regular screening as "reasonable care"
The combination of LP side-letter language, corporate organ liability, regulatory fit-and-proper requirements for regulated portfolio companies, and the CSRD perspective makes regular people screening not a nice-to-have, but an integral part of fund responsibility. "Reasonable care" is not abstract — it is a documented, repeatable, audit-ready process that shows the fund takes its obligations seriously and has structurally implemented pattern recognition.
For a European VC with 30 to 60 portfolio companies, this means regular rescreening of all C-level positions (at least annually, and more often when triggered by events), ad hoc reviews for every new appointment, documented monitoring logs, and an incident response process for material hits. Indicium Technologies provides the GDPR-native infrastructure that maps exactly these requirements at proportional cost — without manual spreadsheets, without gaps, and without regulatory surprises.
Book a demo and see the governance workflow using the example of a 40-company portfolio fund.
Read more — related articles
Nabil El Berr
