What Is An Effective Due Diligence Process?
Increasingly, due diligence is a top-of-mind concern when it comes to mitigating risk effectively. Take a deeper look at what due diligence is and why companies need a risk-based due diligence and monitoring strategy to help protect their interests.
- The real meaning of due diligence
- What exactly is enhanced due diligence?
- Legal due diligence requirements
- Due diligence laws around the world
- The UK Bribery Act
- The Foreign Corrupt Practices Act
- Starting the due diligence process
- Sample due diligence checklist
- Due diligence investigation structure
- Due diligence report template
- What happens when due diligence falls short?
- Due diligence software solutions
The real meaning of due diligence
The Cambridge Dictionary defines due diligence as “The detailed examination of a company and its financial records, done before becoming involved in a business arrangement with it.” It is a common practice for companies considering new business partners, mergers and acquisitions, or investments to execute these basic due diligence reports. Globalization, however, has increased the risks companies face, expanding the need for due diligence beyond the narrow scope of that definition.
What exactly is enhanced due diligence?
Enhanced due diligence helps companies safeguard their interests—whether related to potential M&A activity, supply chain continuity or compliance with sanctions, anti-money laundering or anti-bribery and corruption laws. Enhanced due diligence goes beyond traditional financial health checks to view potential third-party risks across PESTLE categories—Political, Economic, Socio-cultural, Technological, Legal and Environmental—and better protect corporate interests.
Legal due diligence requirements
Due diligence laws around the world
Globally, the number of countries that have or are introducing anti-bribery and corruption (ABC) and anti-money laundering (AML) legislation is on the rise. Likewise, enforcement is climbing, with enforcement agencies of different countries collaborating on investigations and prosecutions. More than 40 countries currently have ABC or AML laws governing companies within their borders.
Argentina, Brazil, Canada, Chile, Colombia, Mexico, Peru, United States, Venezuela
Australia, China, Hong Kong, Indonesia, Japan, Malaysia, Myanmar, Philippines, Singapore, South Korea, Taiwan, Thailand, Vietnam
Austria, Belgium, Czech Republic, France, Germany, Hungary, Italy, Luxembourg, The Netherlands, Poland, Russia, Spain, Switzerland, Turkey, Ukraine, United Kingdom
MIDDLE EAST AND AFRICA
Azerbaijan, Egypt, Kazakhstan, Morocco, Saudi Arabia, South Africa, United Arab Emirates
In addition to complying with the laws of their home country, companies conducting business in other countries—whether directly or indirectly through subsidiaries, partners or other third-party entities—must also consider two relevant laws concerning the prevention of financial crime.
UK Bribery Act
- The UK Bribery Act, which has been in force since 2010, represents one of the strictest pieces of anti-bribery legislation in the world. Compliance is required for UK companies operating abroad as well as multinational companies if they have a presence in the UK. The Act makes it an offence to offer or accept a bribe for the purposes of winning or retaining business or a business advantage and further assesses significant corporate liability if a company fails to prevent bribery from taking place—anywhere within their third-party network or supply chain.
Foreign Corrupt Practices Act (FCPA)
- Under the FCPA, it is an offence to bribe foreign public officials such as government ministers and customs officers—and both the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) vigorously enforce the law. In 2016, enforcement actions led to 27 companies paying nearly $2.5 billion in penalties in 2016 alone.
Although these national laws are in force in the UK and the U.S., they also enjoy extraterritorial reach, and as seen in high-profile FCPA enforcement actions from 2016—some of which came as a result of cooperation between U.S. enforcement agencies and their counterparts in other countries. It is important to note that most laws define business partners very broadly, including customers or clients, suppliers, subcontractors, vendors, sales representatives and other third parties operating on behalf of a company.
Increasingly, companies must also consider modern slavery laws. In fact, as of January 1, 2017, amendments to the UK Companies Act came into force, requiring large companies to include disclosures in their annual reports on issues ranging from employment matters to environmental concerns and anti-corruption measures. This means that due diligence is a necessity for all companies, not just those in highly-regulated industries. Moreover, the Panama Paper disclosures of 2016 have led to legislative efforts to bring greater transparency to beneficial ownership.
Starting the due diligence process
To mitigate risk, companies need to appraise existing and prospective business partners, as well as their subcontractors and authorized representatives. An initial assessment will include self-reported data from the entity being screened, along with independently-verified information.
Sample due diligence checklist
- Registered address of the firm
- Board members, shareholders, executive leadership and other company beneficiaries
- Financial results and balance sheets
- Assets and liabilities, budgets
- Employee qualifications
- Corporate image
- Quality assurance
- Risk red flags
- Negative coverage in the international press
- Sanction lists, in respect of involved persons or companies
- PEP lists, in respect of involved persons
Following the initial assessment, companies are better positioned to escalate due diligence based on any red flags that surfaced.
Due diligence investigation structure
A high-level overview of an effective due diligence process includes a number of steps.
- Typically, the due diligence process begins with identification whereby key information will be requested from the prospective partner directly or via a third-party, often via a simple questionnaire:
- A corporate entity may be required to submit information about the company, details on key shareholders and beneficiaries, group structure, board members, any political connections, and other details. Official documents and contracts can also be obtained at this stage.
- An individual will likely submit details such as sufficient proof of identity, their sources of wealth and funds, and any potential political links etc. depending on the nature of the proposed transaction.
- Next, a prospective client or third party will be cross-checked against global sanction lists. At the same time, additional checks may be conducted against law enforcement lists and lists of debarred or disqualified companies and individuals published by regulators. Often firms will also have a proprietary “do not do business with” list.
- Politically exposed persons (PEPs) are identified and screened against PEP lists. A risk assessment is then carried out if any red flags appear.
The information gathered as part of these investigations is then used as a basis for a risk assessment and the development of a risk-based approach.
Sample due diligence report
A due diligence report provides a detailed summary of the results of the assessment and subsequent investigation, documenting the process from start to finish. The scope of the report differs from case to case, based on the risk assessment and depth of due diligence required. This may include:
- Financial, technical and organizational due diligence including assessment of managers and employees
- Legal and tax-related due diligence
- Operational due diligence (ODD) to assess risks and the potential for value appreciation that accompany mergers and acquisitions
- Market due diligence to investigate the current and future market situation of the targeted firm
The purpose of a due diligence report is to document that duty of care was exercised in the appraisal. Various regulatory agencies have indicated that maintaining an audit trail of due diligence is a best practice that will receive consideration should a compliance issue arise.
What happens when due diligence falls short?
Due diligence helps companies safeguard their interests—whether related to potential M&A activity, supply chain continuity or compliance with sanctions, anti-money laundering or anti-bribery and corruption laws. But when due diligence efforts fall short, companies can experience serious consequences.
Companies that are linked to financial crime, modern slavery or other unethical conduct put their reputations on the line. Even if companies meets high ethical standards, the bad actions of business partners or other third parties they rely on can taint their reputations—and often cause collateral financial damage.
Conducting business in a global landscape exposes companies to heightened regulatory risk, and a robust, risk-based due diligence process demonstrates companies’ intent to meet regulator expectations. Inadequate due diligence paves the way for compliance breaches that could result in criminal penalties, civil penalties, debarment from future contracts and on-going regulatory oversight.
Due diligence helps to project companies’ financial interests. Working with unscrupulous partners or third parties can lead to significant financial penalties and even imprisonment for individuals. And it can also mitigate the risk of costly—and avoidable—supply chain disruptions.
Without adequate due diligence, companies may miss potential opportunities—or threats—in emerging markets, limiting growth potential or putting the success of such market expansions at risk.
Given the complexity and volume of screening that companies must undertake, it makes sense to draw on specially trained personnel (own employees) or external consultants (tax consultants, auditors, solicitors, technical appraisers, corporate advisors) when performing due diligence. As a rule of thumb, the greater the risk potential, the more resources should be invested in due diligence appraisal.
Due diligence software solutions
A manual due diligence process, however, can fall short due to limited human resources and inadequate access to relevant, timely information. For those reasons, companies can—and should—take advantage of technology designed to automate screening, assist in due diligence investigations, and support on-going risk monitoring to efficiently and cost-effectively manage the due diligence process and mitigate risk.
Online tools help companies conduct seamless due diligence and document the entire process, eliminating any risk in future audits. A high-performance tool such as Nexis Diligence™ helps companies:
- Screen individuals against PEP and sanction lists
- Access relevant, global news sources with filtering for negative news
- Conduct targeted searches for board members and investors across biographical sources and legal references
- Set up alerts on individuals and firms during the search process and after to keep informed of potential risk events
- Use a built-in Report Builder to generate comprehensive due diligence reports— including time and date stamps, annotations related to findings and more—to address regulator expectations
- Leverage multiple databases for detailed information on businesses, corporate families and other indicators of beneficial ownership