What Is An Effective Due Diligence Process?

Increasingly, due diligence is a top-of-mind concern when it comes to mitigating risk effectively. Take a deeper look at what due diligence is and why companies need a risk-based due diligence and monitoring strategy to help protect their interests.

The real meaning of due diligence

The Cambridge Dictionary defines due diligence as “The detailed examination of a company and its financial records, done before becoming involved in a business arrangement with it.” It is a common practice for companies considering new business partners, mergers and acquisitions, or investments to execute these basic due diligence reports. Globalization, however, has increased the risks companies face, expanding the need for due diligence beyond the narrow scope of that definition. 

What exactly is enhanced due diligence?

Enhanced due diligence helps companies safeguard their interests—whether related to potential M&A activity, supply chain continuity or compliance with sanctions, anti-money laundering or anti-bribery and corruption laws.  Enhanced due diligence goes beyond traditional financial health checks to view potential third-party risks across PESTLE categories—Political, Economic, Socio-cultural, Technological, Legal and Environmental—and better protect corporate interests.  

Legal due diligence requirements

Due diligence laws around the world

Globally, the number of countries that have or are introducing anti-bribery and corruption (ABC) and anti-money laundering (AML) legislation is on the rise. Likewise, enforcement is climbing, with enforcement agencies of different countries collaborating on investigations and prosecutions. More than 40 countries currently have ABC or AML laws governing companies within their borders.

In addition to complying with the laws of their home country, companies conducting business in other countries—whether directly or indirectly through subsidiaries, partners or other third-party entities—must also consider two relevant laws concerning the prevention of financial crime.

UK Bribery Act 

  • The UK Bribery Act, which has been in force since 2010, represents one of the strictest pieces of anti-bribery legislation in the world. Compliance is required for UK companies operating abroad as well as multinational companies if they have a presence in the UK.  The Act makes it an offence to offer or accept a bribe for the purposes of winning or retaining business or a business advantage and further assesses significant corporate liability if a company fails to prevent bribery from taking place—anywhere within their third-party network or supply chain.

Foreign Corrupt Practices Act (FCPA) 

Although these national laws are in force in the UK and the U.S., they also enjoy extraterritorial reach, and as seen in high-profile FCPA enforcement actions from 2016—some of which came as a result of cooperation between U.S. enforcement agencies and their counterparts in other countries. It is important to note that most laws define business partners very broadly, including customers or clients, suppliers, subcontractors, vendors, sales representatives and other third parties operating on behalf of a company.

Increasingly, companies must also consider modern slavery laws. In fact, as of January 1, 2017, amendments to the UK Companies Act came into force, requiring large companies to include disclosures in their annual reports on issues ranging from employment matters to environmental concerns and anti-corruption measures. This means that due diligence is a necessity for all companies, not just those in highly-regulated industries. Moreover, the Panama Paper disclosures of 2016 have led to legislative efforts to bring greater transparency to beneficial ownership.

Starting the due diligence process

To mitigate risk, companies need to appraise existing and prospective business partners, as well as their subcontractors and authorized representatives. An initial assessment will include self-reported data from the entity being screened, along with independently-verified information.

Sample due diligence checklist

  • Registered address of the firm
  • Board members, shareholders, executive leadership and other company beneficiaries
  • Financial results and balance sheets
  • Assets and liabilities, budgets
  • Workflows
  • Employee qualifications
  • Corporate image
  • Quality assurance
  • Risk red flags
  • Negative coverage in the international press
  • Sanction lists, in respect of involved persons or companies
  • PEP lists, in respect of involved persons

Following the initial assessment, companies are better positioned to escalate due diligence based on any red flags that surfaced.

Due diligence investigation structure

A high-level overview of an effective due diligence process includes a number of steps.

  1. Typically, the due diligence process begins with identification whereby key information will be requested from the prospective partner directly or via a third-party, often via a simple questionnaire:
  2. A corporate entity may be required to submit information about the company, details on key shareholders and beneficiaries, group structure, board members, any political connections, and other details. Official documents and contracts can also be obtained at this stage.
  3. An individual will likely submit details such as sufficient proof of identity, their sources of wealth and funds, and any potential political links etc. depending on the nature of the proposed transaction.
  4. Next, a prospective client or third party will be cross-checked against global sanction lists. At the same time, additional checks may be conducted against law enforcement lists and lists of debarred or disqualified companies and individuals published by regulators. Often firms will also have a proprietary “do not do business with” list.
  5. Politically exposed persons (PEPs) are identified and screened against PEP lists. A risk assessment is then carried out if any red flags appear.

The information gathered as part of these investigations is then used as a basis for a risk assessment and the development of a risk-based approach. 

Sample due diligence report

A due diligence report provides a detailed summary of the results of the assessment and subsequent investigation, documenting the process from start to finish. The scope of the report differs from case to case, based on the risk assessment and depth of due diligence required. This may include:

  • Financial, technical and organizational due diligence including assessment of managers and employees
  • Legal and tax-related due diligence
  • Operational due diligence (ODD) to assess risks and the potential for value appreciation that accompany mergers and acquisitions
  • Market due diligence to investigate the current and future market situation of the targeted firm

The purpose of a due diligence report is to document that duty of care was exercised in the appraisal. Various regulatory agencies have indicated that maintaining an audit trail of due diligence is a best practice that will receive consideration should a compliance issue arise.

What happens when due diligence falls short?

Due diligence helps companies safeguard their interests—whether related to potential M&A activity, supply chain continuity or compliance with sanctions, anti-money laundering or anti-bribery and corruption laws.  But when due diligence efforts fall short, companies can experience serious consequences.

Given the complexity and volume of screening that companies must undertake, it makes sense to draw on specially trained personnel (own employees) or external consultants (tax consultants, auditors, solicitors, technical appraisers, corporate advisors) when performing due diligence. As a rule of thumb, the greater the risk potential, the more resources should be invested in due diligence appraisal.

Due diligence software solutions

A manual due diligence process, however, can fall short due to limited human resources and inadequate access to relevant, timely information. For those reasons, companies can—and should—take advantage of technology designed to automate screening, assist in due diligence investigations, and support on-going risk monitoring to efficiently and cost-effectively manage the due diligence process and mitigate risk.

Online tools help companies conduct seamless due diligence and document the entire process, eliminating any risk in future audits. A high-performance tool such as Nexis Diligence helps companies:

  • Screen individuals against PEP and sanction lists
  • Access relevant, global news sources with filtering for negative news
  • Conduct targeted searches for board members and investors across biographical sources and legal references
  • Set up alerts on individuals and firms during the search process and after to keep informed of potential risk events
  • Use a built-in Report Builder to generate comprehensive due diligence reports— including time and date stamps, annotations related to findings and more—to address regulator expectations
  • Leverage multiple databases for detailed information on businesses, corporate families and other indicators of beneficial ownership