Search Business Entities
Search by:

Business Due Diligence

Page Navigator
business-due-diligence-1.jpg

Chances are you've heard the term due diligence, but perhaps you don't quite understand what it refers to or how it works. We will explore in depth the various types, such as financial due diligence, vendor due diligence, third-party due diligence, and commercial due diligence, among others. You will learn what it means, how it works, the history of due diligence, and how to execute a successful due diligence process for any industry.

What is Due Diligence in Business?

According to the Merriam-Webster dictionary, the legal definition of due diligence is "the care that a reasonable person exercises to avoid harm to other persons or their property." They also provide a business definition of "research and analysis of a company or organization done in preparation for a business transaction (such as a corporate merger or purchase of securities)."

However, actual due diligence is so much more than that. It applies to a process or steps you take to ensure the legitimacy and authenticity of something or someone before trusting it. Due diligence can be an audit, review, or investigation of facts, documents, or evidence. It applies to a systematic approach to thoroughly researching a person or business before making a decision.

The History of Due Diligence

When the U.S. government enacted the Securities Act of 1933, securities dealers and brokers became responsible for disclosing material facts about the investments they were selling. They could be held criminally liable if they failed to provide clients with this information. The loophole was that a broker could not disclose facts they were unaware of. Therefore, they could not be held liable for the omission. The Act included a legal defense, as long as the brokers conducted "due diligence" in thoroughly researching the companies and investments they were selling, they could not be held legally liable for any missing information. If they took the proper steps to learn all they could, they would not be prosecuted if facts emerged during an investigation that they were not privy to. The term caught on and now applies to other types of inquiry or research across many industries.

What is the Purpose of Due Diligence

The primary purpose of due diligence is to comply with government regulations in specific industries. Companies abide by these rules using a due diligence checklist based on their policies and procedures. Their policies include detailed steps that they must follow to thoroughly vet and investigate new partners, vendors, customers, and third parties.

Assessing and mitigating risk is another substantial reason companies must perform due diligence. A business can be held liable for any wrongdoing a partner or client engages in if they don't perform proper due diligence beforehand. The goal is to be as careful as possible to avoid businesses or individuals involved in money laundering, fraud, or terrorism financing. Other purposes of conducting regular due diligence include:

  • Informed Decision Making: Gathering dozens of data points and analyzing the information allows all parties to be on the same page, helps with strategic decision-making, and avoids mistakes.
  • Bargaining Power: By collecting all the pertinent details, due diligence can give companies a deeper understanding of the situation and, thus, more bargaining power to negotiate and obtain better terms.
  • Legal Compliance: A thorough due diligence process will help businesses avoid legal issues and comply with all local, state, and federal laws.
  • Transparency and Trust: Regular due diligence can help build trust with customers, partners, vendors, and suppliers and provide more transparency by openly sharing information about the company and its operations. This can lead to a more collaborative relationship for all parties.

Not all companies will be well-equipped to handle all aspects of conducting the investigation and may need to rely on outside experts such as accountants, lawyers, insurance professionals, technology gurus, or other specialty investigators.

The Three Principles of Due Diligence

Although a company's specific due diligence process will vary, three main principles help dictate how due diligence should be performed to collect information while also preserving human rights. The three principles of due diligence include:

  1. Identify and Assess: Due diligence involves collecting information and assessing risk. Companies must follow a standard procedure that does not violate human rights or other laws.
  2. Mitigate Through Decision: After data collection, the company must decide whether to move forward to mitigate any risk. It is also responsible for safeguarding the information gathered so as not to put the individual or business at risk.
  3. Ongoing Monitoring: Ongoing risk assessment and monitoring are essential to ensure the relationships remain healthy and risk-free.

Types of Due Diligence

Companies will have strict due diligence processes that differ widely from other businesses. For example, a bakery vetting a new flour supplier will conduct due diligence much differently than an investment firm taking on a new client. Some of the various types of due diligence and how they benefit from the process include:

What is Commercial Due Diligence?

Companies looking to purchase or merge with another business perform commercial due diligence to ensure the company is a good buy. Does the business model fit with the purchaser's strategic goals? The commercial due diligence framework is long and comprehensive, with the goal of assessing the company's viability and potential for continued success. Some of the key aspects of commercial due diligence include:

  • Market Assessment: Before entering into any agreements, you must evaluate the size, growth potential, and desirability of the target company's market.
  • Competitive Positioning: Analyzing the target's competitive standing in the market is also key. How do they stack up? What are their strengths and weaknesses? What sets them apart?
  • Customer Analysis: Thoroughly examine the company's customer base. What are their needs, and how does the potential partner satisfy them?
  • Business Plan Examination: Fully review the company's business plan to assess its short-term and long-term growth strategies and where it intends to be in five years.
  • Risk Assessment: The most crucial issue is risk assessment. Does the company engage in any risky behavior or have vulnerable relationships that could put you at risk? Check for legal, operational, regulatory, and market risks.

Real Estate Due Diligence

Before investing in real estate, which is often one of the priciest acquisitions, you must conduct due diligence to protect yourself as the buyer. The more information you gather before the sale, the better off you will be. Some of the critical details to collect include:

  • Physical Condition: Before buying any property, thoroughly inspect it from top to bottom for any structural issues, such as roof problems, damaged foundations, or electrical or plumbing issues, which could be very costly to fix.
  • Legal Problems: Look for any title defects to ensure the seller is actually authorized to sell the property. Pay attention to liens, which must be satisfied before selling the property. Check into the seller and see if any pending lawsuits could affect the sale. Also, zoning laws and regulations should be reviewed to see if there are any issues there. Did the previous owner renovate without obtaining the proper building permits? Pull all permits pertaining to the property before buying to ensure the building complies with local safety and building codes.
  • Environmental Issues: Check for potential hazards like lead paint, asbestos, mold, or property/land issues like being too close to a wildlife preserve.
  • Financial Concerns: Before purchasing, check the local tax base and see if the property has any unpaid taxes. Find out how much the property will cost to insure.
  • Local Real Estate Market: Pull some comps of neighboring properties to examine the local real estate market. Review any recent appraisals or assessments of the property and research the neighborhood, crime rates, school rankings, and market trends.

Use a commercial real estate due diligence checklist to standardize your process and evaluate each potential investment thoroughly.

Customer Due Diligence (CDD)

Customer due diligence refers to risk assessment and verifying a customer's identity before doing business with them. These efforts are part of the anti-money laundering (AML) and Know Your Customer (KYC) regulations that govern specific industries and aim to prevent financial crime. Certain business types must perform customer due diligence to remain compliant. There is even an enhanced customer due diligence process for high-risk customers. The factors that govern customer acquisition due diligence include:

  • Identity Verification: The first step in the customer due diligence process is to verify the customer's identity through a government-issued ID or other reliable source.
  • Risk Assessment: As part of the customer due diligence requirements, you must gather enough information to decide whether the customer is involved in illegal activities such as money laundering or terrorist financing and assess the level of risk when doing business with them.
  • Understanding the Nature of the Business: Another of the four customer due diligence requirements is to research the business enough to understand its purpose and the reason for the relationship.
  • Ongoing Monitoring: You must also continuously monitor the customer's activities, looking for anything suspicious, and if you find it, report it to the authorities.
  • Beneficial Owners: Identify and vet the people who benefit most from or control the company. These individuals may or may not be connected to the customer.

Some government regulations require companies to perform routine customer due diligence checks before allowing them to open an account or make purchases. Some of the reasons for performing customer due diligence are:

  • AML Compliance
  • Preventing Financial Crime
  • Building Trust
  • Regulatory Compliance
  • Avoiding Financial Losses
  • Reputation Protection

Many banks or other financial institutions will leverage customer due diligence automation using customer due diligence solutions and software designed to make the process quicker and easier without human intervention.

Cyber Due Diligence

You may need to perform technical due diligence before doing business with a vendor, third party, or customer. This includes thoroughly assessing their security infrastructure and practices to determine their cyber defenses' strength and ensure they align with your organization's security standards. Your due diligence checklist may include tests inside and outside of your network. Your goal will be to reduce your cyber risk, make informed decisions, comply with government cybersecurity regulations, and save money by not having to mitigate a security incident. The key factors involved in cyber due diligence include:

  • Vendor Risk Assessment: Before allowing vendors, suppliers, or customers to connect to your networks, you must ensure that their security protocols are firm and up to date to prevent intrusions.
  • Cybersecurity Posture: Examine the customer's security profile, IT infrastructure, security policies, and incident response plans to ensure they align with yours.
  • Risk Assessment/Mitigation: Identify the potential risks of doing business with an entity and then strategize to have a mitigation plan ready if anything goes wrong.
  • Evaluate the Threat Landscape: Educate yourself on the broader cyber threat landscape to understand the potential threat to you and the customer/supplier/vendor.

Due Diligence in Banking

Due diligence in banking is serious business. Banking is a highly regulated industry that is subject to anti-money laundering (AML), Know Your Business (KYB), and Know Your Customer (KYC) regulations. It involves a thorough investigation and verification process to assess the risks when doing business with customers and companies. The goal of these regulations is to prevent crimes like money laundering, fraud, and terrorist financing. These safeguards maintain the stability and integrity of the banking industry. Due diligence in banking is essential for compliance, risk management, crime prevention, and integrity. The key factors affecting financial due diligence are:

  • Customer Due Diligence (CDD): Verifying the customer's identity and risk profile of individuals and companies before doing business with them. This is a core component of AML and KYC laws. It helps banks understand who they are doing business with and includes ongoing monitoring of transactions to detect suspicious activity.
  • Financial Due Diligence (FDD) is auditing, evaluating, and analyzing a company's financial records (financial statements, balance sheets, profit and loss statements) and verifying the accuracy of the data contained within them.
  • Lending Due Diligence: Lenders verify the information collected through loan applications to ensure the customer is who they say they are, and their business dealings are legitimate.
  • Vendor and Employee Diligence: Before hiring anyone to work in the financial industry, you must verify their identity and investigate their background to ensure they don't appear on offender or suspect lists.

Human Resources Due Diligence

Human resources due diligence usually comes into play during a merger or acquisition. It involves deeply exploring the company's human resources department, hiring and firing practices, HR policies, procedures, and potential liabilities. The goal is to enjoy a smooth transition without any employee-related risks. Some key aspects of this type of due diligence include:

  • Employee Profiles: The first step is to examine the entire company workforce closely, collecting data about roles, skillsets, performance, and possible fit with the new company.
  • Policies and Procedures: Another essential task is to review the company policies and procedures, including employee contracts, benefits, and compensation packages, and look for any red flags.
  • Compliance: How well does the company adhere to local, state, and federal laws? Do they observe best practices?
  • Culture: Culture fit also matters. Does the company's culture, goals, and values align with yours?
  • Potential Liabilities: Assess whether there is the potential for any legal issues, disputes, or other problems looming just below the surface.
  • Risk Assessment: Conduct a risk assessment to make the merger or acquisition as comfortable as possible.

Environmental Due Diligence

Companies that create consumer products must take special care and perform due diligence to ensure public safety. The process may include conducting site inspections of a building or company to assess any environmental risks, hazardous materials, or contamination. The sale or merger of companies often triggers these environmental checks. The goal is to determine potential environmental risks or liabilities associated with a particular business, review any compliance issues, and save money. The key factors include:

  • Scope: Environmental due diligence may include reviewing historical records, site inspections, regulatory checks, interviews with management and on-site personnel, and subsurface testing. If a chemical company is positioned near a school, the government or the company may perform tests to ensure the soil on the playground is safe for children.
  • Triggers: Sales, mergers, financing, redevelopment, and acquisitions may trigger environmental due diligence.
  • Decision Making: To make informed decisions, you must fully understand the environmental risk.

Environmental due diligence is governed by the Environmental Site Assessment (ESA) and Environmental, Social, and Governance (ESG) standards.

Regulatory Due Diligence

Merging with or acquiring a company can expose you to significant liability if you aren't careful. One way to mitigate risk is to conduct regulatory due diligence to review a company's compliance status. The review may extend beyond internal players to external third-party relationships like vendors, suppliers, and partners. The aspects of regulatory due diligence are:

  • Evaluation: The first step is a comprehensive evaluation of the company's regulatory compliance, policies, and procedures. A complete review of all operations may be necessary.
  • Risk Assessment: During the investigation phase, you may identify potential risks and must determine the risk profile and whether or not to proceed.
  • Compliance Assessment: Another vital step is determining whether the company adheres to all local, state, and federal regulations governing its industry. This is especially important to support anti-corruption efforts.
  • Background Check and Document Review: This process often involves an extensive background check and review of key documents such as training materials, policies, and internal investigations.

The end result will be that you fully understand how the company complies with industry-specific regulations, which may enhance your reputation by association.

Investigative Due Diligence

Before investing in a company or purchasing a portion of the business, you must conduct due diligence to understand what you are getting into. Investigative due diligence includes a thorough evaluation of the company's investment prospects. The goal is to verify all the facts and figures and identify potential risks, liabilities, or opportunities. Investigative due diligence aims to mitigate risk, make informed decisions, protect your investment, and ensure regulatory compliance. Some of the different types include:

  • Legal Due Diligence: Reviewing contracts, property, employee agreements, and pending lawsuits.
  • Financial Due Diligence: Examining financial statements, balance sheets, profit and loss reports, assets, liabilities, and cash flow.
  • Commercial Due Diligence: Commercial due diligence involves assessing the competition, the company's place in the market, and business growth strategies.
  • Regulatory Due Diligence: Ensuring the company complies with all applicable laws and regulations.
  • Other Types of Due Diligence: Other types may involve taxes, pensions, human resources, and cybersecurity.

Private Equity Due Diligence

Private equity firms are vulnerable to risk. Therefore, anyone investing (both General Partners (GPs) and Limited Partners (LPs)) with them must perform due diligence in the form of a comprehensive analysis to assess viability, risks, and potential returns. The private equity due diligence process helps investors decide whether to proceed with a specific investment. The areas of concern with private equity include:

  • Risk Assessment: The primary goal of due diligence regarding investments is to detect and avoid risk.
  • Value Confirmation: Proper valuation of the company offering the investment is also crucial to determine its viability. This step helps you to set reasonable expectations.
  • Informed Decision-Making: The more information you gather, the better your decision-making will be.

During the investment due diligence process, you will investigate the company's financial, legal, operational, management, IT, ESG, and HR aspects.

Operational Due Diligence (ODD)

Operational due diligence occurs before a merger or acquisition to evaluate the company's operational status and output. The process includes examining the company's internal processes, management, and overall efficiency and assessing potential risks and opportunities. ODD often uses a tailored approach to satisfy its objectives. Some key aspects of operational due diligence include:

  • Operational Assessment: The first step will be to perform a complete operational assessment, delving into the day-to-day operations to determine their effectiveness and verify financial records.
  • Identify Risks and Opportunities: Due diligence gives the potential buyer or investor a chance to review everything closely, examining potential supply chain vulnerabilities, cybersecurity problems, and compliance issues. During this review, you can also find possible areas for improvement and opportunities.
  • Better Decision Making: Operational due diligence is often used in mergers and acquisitions, private investments, and corporate restructuring. Gathering this volume of information allows potential beneficiaries to make better decisions.

This type of review aims to assess the company's operational efficiency, internal controls, legal compliance, supply chain resilience, and human resources practices.

Pharma Due Diligence

Big pharma has a lot of responsibility to keep the public safe while also developing new life-saving medicines. These firms often seek funding for a new research study or drug trial. Before funding, merging, or acquiring a pharmaceutical company, you must conduct due diligence that assesses the risk tolerance, financial health, and scientific validity of the investment and company. The key areas of focus during pharma due diligence include:

  • Regulatory Compliance: Pharmaceutical companies are subject to strict laws governed by the Good Manufacturing Practices (GMP) and Good Clinical Practice (GCP) regulations.
  • Scientific Validity: Another crucial review will be of the product or therapy itself to evaluate its potential effectiveness and profits.
  • Quality Assurance: You must also closely examine the company's quality assurance program to ensure the safety of its products and their compliance with consumer protection regulations.
  • Financial Health: Understanding the organization's financial health is also essential. Deeply examine its revenue, debt, expenses, and profits/losses over the past ten years.
  • Intellectual Property: Examine the company's patents, trademarks, and other intellectual property to ensure they are safe from improper use.
  • Operational Efficiency: Evaluate the company's operations, including manufacturing, research and development, and sales.

The goal of pharma due diligence is to reduce risk, provide proper valuation of an investment, enhance decision-making, and streamline the merger or acquisition. In addition to reviewing the company, you may also need to perform vendor due diligence and evaluate anyone else with a business relationship with the company.

M&A Due Diligence

Mergers and acquisitions make the world go round. They occur constantly, but not before an exhaustive M&A due diligence process. Since mergers and acquisitions are so common, many investors or large firms will use M&A due diligence software or an M&A due diligence consultant to assist with the process. The purpose of the M&A due diligence is to help the buyer fully understand the target company's business, confirm the information it provided, and make a solid decision about the potential viability and value of the deal. Some of the aspects include:

  • Checklist: The process relies heavily on an M&A due diligence checklist to ensure nothing gets missed.
  • M&A Financial Due Diligence: Analyzing the company's financial statements, balance sheet, cash flow, debts, and assets to determine its financial health and look for any risks.
  • Operational Due Diligence: Evaluating the target company's operational processes, systems, and infrastructure to assess efficiency, risk, and potential.
  • Legal Due Diligence: Review legal agreements, contracts, lawsuits, and regulatory compliance to assess legal liabilities and risks.
  • Commercial Due Diligence: Assessing the target company's marketing strategies, customer base, market position, and competitive landscape.

Performing M&A due diligence can help you negotiate the deal better, knowing all the facts. It can also give you a much better understanding of the deal's value, risks, and profit potential.

Healthcare Due Diligence

Healthcare due diligence focuses on medical facilities like hospitals, doctors' offices, healthcare clinics, and emergency facilities to ensure they are compliant, safe, financially solvent, and operationally effective. Along with the facility's viability, this type of due diligence also focuses on risk management and fraud detection, as these types of places can be vulnerable to fraud. Some of the areas of focus include:

  • Clinical Efficiency: Evaluating clinical documents, coding, and billing practices for efficiency or issues.
  • Compliance: Healthcare organizations are subject to dozens of government regulations. Some include the Anti-Kickback Statute, Stark Law, and HIPAA. This review looks for violations or gaps in policy that could lead to issues.
  • Financial Health: The organization's financial health must also be considered. You must review its financial statements, revenue cycles, and cost structure.
  • Legal: Examine all contracts, legal agreements, and potential risks.
  • Operational: A complete evaluation of the facility's infrastructure, technology, and patient care policies.
  • Third-Party Operators: Investigate all third-party relationships to determine any conflicts of interest or potential risks there.

Third-Party Due Diligence

Anyone who partners with third parties must also conduct thorough due diligence to protect themselves. Many corporate firms use third-party due diligence solutions or software to facilitate a more efficient process. The process involves checking out vendors, suppliers, and partners to evaluate the risk of engaging with them. Your third-party due diligence checklist may be very different than other types of due diligence, including various points of focus such as vetting their financial stability, ethical considerations, regulatory compliance, etc.

Third-party due diligence best practices include:

  • Risk Management: A complete assessment of the third party to determine the risk potential with financial loss, reputational damage, and legal issues.
  • Compliance: You must ensure that anyone you partner with complies with all industry standards, rules, regulations, and contractual obligations.
  • Reputation: You protect your reputation by vetting any third-party vendors or suppliers and avoiding associating with any with a history of illegal or unethical practices.
  • Ethical Practices: Anyone you partner with can reflect poorly on you if they are known to conduct unethical practices.
  • Supply Chain Integrity: Examine the company's supply chain viability and efficiency and look for pitfalls.
  • Legal Compliance: You put yourself at risk if you partner with companies that don't respect the law or operate in the gray.
  • ESG Factors: Another area of concern is how the company's products, facilities, or practices affect the environment. Are they sound? Do they put anyone or anything at risk?

Hard vs. Soft Due Diligence

Typically, due diligence can be categorized into one of two buckets, "hard" or "soft." Hard due diligence involves collecting data and hard facts, like numbers on a financial statement or business transactions. During this phase, you may also collect contracts and licensing agreements and check for any lawsuits. These figures can be analyzed to formulate an opinion about the company and its viability. Research into the details can also reveal any red flags and indications of risk, but it fails to incorporate the softer side of business, impacting success. Soft due diligence examines the people who run the company, their goals, values, and work ethics. It also evaluates customer loyalty and the company's reputation. Both the quantitative and qualitative approaches are combined to provide the whole picture so you can make better, more well-informed decisions.

How to Conduct Due Diligence

@@title

You can conduct due diligence in two different ways: manually or using due diligence automation. Either way is fine. The steps may differ based on your situation and the industry, but the general outline of performing due diligence includes:

  1. Define the due diligence goals and tasks.
  2. Assemble a team to carry out the due diligence work. Set the roles and responsibilities of who will do what.
  3. Coordinate with the company and request the proper documentation or materials to be reviewed.
  4. Conduct the due diligence.
  5. Review and analyze the findings.
  6. Summarize the results in a final report and submit it to all parties.
  7. Monitor ongoing transactions and the relationship to mitigate risk.

EntityCheck Background Reports for Due Diligence

Due diligence is a crucial aspect of risk management and compliance. Before partnering with customers, vendors, suppliers, or companies, be sure to conduct the proper due diligence. The more information you have, the easier it is to make sound decisions. EntityCheck was founded to help companies perform due diligence quickly and easily by supplying them with vast amounts of business data. We collect our information from government, public, and private sources, and you can access everything you need from one easy-to-use dashboard.

The information you can find in an EntityCheck background report includes the following:

  • Secretary of State Filings
  • UCC Filings
  • Professional Licenses
  • Court Records (Liens, Bankruptcies, Lawsuits, Federal Dockets)
  • Trademarks
  • Employees, Agents, Officers
  • Patents
  • And More!

Sign up with EntityCheck business search today and enjoy unlimited searches. You'll also learn more about a company than you thought possible.

Search Business Entities
Search by:
Page Navigator
Business Due Diligence SolutionsTry a FREE EntityCheck business search today and learn more about a company than you thought possible.