Due diligence: definition and history of precautionary risk assessment

Due diligence is a legal term used in many areas, including purchase law. The concept originates from US jurisdiction and is understood as “care required in commerce.” Due diligence in American law has a wide scope of application. While due diligence is recognized as investigating a potential investment of product purchase, for the purposes of this article, we will focus on the term in relation to company acquisition. Before signing off on a company purchase, you should be familiar with due diligence practices.

What is due diligence?

Due diligence is a concept resulting from the plight of US securities buyers who needed to protect themselves against fraud perpetrated against them by the issuers. In the US, the term “due diligence” plays an important role in both private and commercial law. As the focus of this article is on company acquisition, we will highlight the complex risks associated with company acquisitions and initial public offerings (IPOs). A due diligence examination reveals possible risks hidden within the company. For this reason, it has become common practice in corporate and securities trading.

Definition: Due diligence

Due diligence is a concept originating in American commercial and private law. In this article, we will focus on the term as it applies to risk assessments. Buyers should carry out due diligence procedures before acquiring real estate, companies, or shares in a company during an IPO. This examination serves to determine the value of the object of purchase by weighing risks and analyzing strengths and weaknesses.

Due diligence is a kind of risk assessment. Before acquiring a complex purchase item, it makes the advantages and risks associated with the purchase apparent to the buyer. Therefore, it is also the responsibility of the buyer or an expert commissioned by them to carry it out. The seller cooperates by creating a “data room.” This includes all the essential information that identifies the risks, weaknesses, and strengths of the business. The information is voluntary, but should provide full information about existing risks. Depending on the relationship with the business partners and the company acquisition, there are different demands on the due diligence process.

Due diligence: origin and definition of terms

In 1930s America, the Securities Act regulated what information capital investment and securities sellers had to give in order to be able to sell their product. For this, you were required to submit an admission report at the Security and Exchange Commission (SEC). When it came to trading securities, it was common practice to also prosecute the final examiners criminally if investors lost money, because the salesmen had intentionally falsified information in their report.

Due Diligence report: American roots

The information in an admission report was similar to the current due diligence checklist. Issuers (securities sellers) had to break down the following, among other things:

  • Capital structure
  • Manager investments
  • Salaries
  • History of the company
  • Registered assets
  • Significant contracts and underwriting agreements – aggregated and presented with net revenues
  • Annual financial statements in audited form

In order to protect themselves, the liability debtors had to prove that they had conducted their due diligence with due care. If a person acts carefully, they can be held in good faith if there are legal consequences. This indefinite legal term refers to an honest, decent person’s behavior. Essentially, the debtors only had to ensure that the admission report was complete and correct to the best of their knowledge and belief. Apart from the main seller, almost all parties involved were able to apply “due diligence defense” in disputes. Depending on the area of responsibility and the decision-making power, different strict rules applied with regard to the required care – they were the strictest for the main seller.

Contrary to today’s belief, one defended oneself with the claim of having acted diligently only after an indictment. The current due diligence practice differs in this respect from the 1933 Securities Act – however, the Securities Act already contained the term “due diligence” and had a decisive influence on it. The name of today’s due diligence is probably derived from the corresponding provisions of the Securities Act.

The Securities Exchange Act of 1934 (the Collateral Exchange Ordinance) had to be enacted before customers could obtain generally accepted judicial means of buyer protection. Its application scope covers transactions beyond state borders. Subsequently, due diligence procedures slowly developed in the USA. Later, the Uniform Commercial Code regulated the law on the sale of companies. According to it, sellers are only obliged to provide certain services. The sold company share must be legally valid and the sale must be legally effective.

The regulation applies to the sale of companies by transfer of shares as well as to securities trading. An important thing to note is Rule 10b-5 in conjunction with the Securities Exchange Act, section 10 (b) prohibits fraudulent acts like intentionally omitted or false disclosures. However, issuers are not required to include all information directly in the contract. Additional documents associated with the contract are sufficient evidence. Customers are not entitled to compensation if material information is missing or incorrect. However, the regulation does not contain any other customer-friendly rules.

The American legal situation is based on the principle “caveat emptor” (buyer beware). Sellers are therefore only liable if it can be proven that they provide false information in the contract or omit important information. In case of doubt, the buyer bears the damage. An early inspection of the purchase item is therefore carried out in the interest of the customer. After an examination like this, the buyer side must actively protect itself. They can negotiate guarantees, warranties, and a purchase price only after this examination. According to US law, due diligence applies to customers in general in both private and commercial law.

Internationally valid legal bases

By the 1970s, the US had risen to become an economic world power, whose currency and stock exchange were used by many multinational companies. During the Cold War, however, the US had to deal with the Watergate scandal, which caused tremendous damage to its reputation. During the course of the investigation, it was found that large companies had paid bribes to both domestic and foreign politicians. To conceal this, they falsified their entries in the SEC, among other things.

Throughout the course of the Watergate scandal, numerous other bribery scandals were brought into light. In the 1970s the Lockheed group paid bribes to politicians in Japan, the Netherlands, and Italy, covered by Ann Eberhardt on Corporate Compliance Insights. These bribes were paid to encourage them to purchase Lockheed planes, and they were paid shortly before the US granted the company a massive rescue loan of $250 million.

The American judicial system praised the fight against bribery on an international level, probably also to preserve their reputation. In 1977, the Foreign Corrupt Practices Act (FCPA) came into force. According to this act, all international companies that are registered with the Security and Exchange Commission or that use US dollars are required to comply with this regulation. The FCPA prohibits companies and their employees, managers, or business partners from bribing foreign officials.

This initiative to combat corruption at the international level was followed in 1997 with the establishment of the OECD (Organization for Economic Co-operation and Development), which also fought against the bribery of foreign public officials in international business transactions.

In 2010, the UK also adopted new laws against bribery. Their previous laws were limited to national offences and were considered outdated. The Bribery Act 2010 makes bribery by both companies and individuals a criminal offence. The Act applies internationally. It applies to perpetrators who have a close connection with the UK – i.e. companies incorporated under its law and people who live there or have citizenship of one of its territories. It also regulated the legal consequence of subsequent bribery offences:

  • Corruptibility and advantage-taking
  • Bribery of foreign public officials
  • Bribery and corruption in the course of business
  • Tacit acceptance of bribery by a company, either by its own employees or by third parties

The FCPA and the Bribery Act 2010 are national laws with an international application scope. In the area of compliance, as well as in due diligence reviews, you should not underestimate their impact. Even small and medium-sized companies are increasingly networking internationally, as a result of globalization. When dealing with national and international business partners, you should always pay attention to due diligence.

Due diligence: the current situation in the USA

New due diligence legislation has been implemented recently in the US pertaining to due diligence procedures. The Final Rule refers to rules drawn up by the Financial Crimes Enforcement Network (FinCEN), which is part of the United States Department of the Treasury. Coming into effect on May 11, 2018, the Final Customer Due Diligence (CDD) rule states that financial institutions are now required to collect, maintain, and report beneficial ownership information. The purpose of the Final Rule is to prevent money laundering and terror financing, and is the result of numerous legal modifications over recent years to close any loopholes. There are a number of federal bodies and organizations who help regulate against fraud and provide due diligence guidelines, as well as state-by-state regulations.

Due diligence: areas of application

Due diligence reviews are being carried out more and more frequently by business owners. Corresponding regulations are intended to ensure greater transparency and responsibility at management level. Due to increasing globalization, national legislators are also more likely to include international business relationships in their considerations. If the law provides for a relationship between a company and the legislative nation, criminal authorities will also prosecute suspected persons in third countries.

In the case of an imminent merger or acquisition, as well as in the case of planned investments such as securities, companies should protect themselves with due diligence. Anyone who finds themselves working with business partners should be familiar with their most important key data before concluding a contract. This applies to both natural and legal persons, especially when it comes to international contacts. In the event of fraud or bribery, it isn’t just the company involved that is liable, but also all demonstrably involved persons – from managers to finance department employees to customers – all are liable.

Companies try to prevent financial losses and negative legal consequences by using a due diligence process. Here is a list of the possible risks:

  • Reputation damage: A company that is publicly associated with corruption or other criminal activity loses the trust of (potential) customers or business partners. If it becomes known that you are working with unfair or delinquent business partners, this also affects your reputation.
  • Economic risks of a purchase: An appropriate purchase price must be determined for company acquisitions or mergers. The respective strengths and weaknesses of a company provide information about the quality of an object up for purchase. Misjudgments can lead to too much investment. Financial risks can also arise when the future partner neglects legal standards and this is only revealed at a later stage.
  • Financial risks in existing business relationships: Even during the course of a long business relationship, new risks can always arise – for example, if your partner is now engaged in illegal practices. If your company profits (even unknowingly) from the crime committed by a business partner, this can result in substantial fines. 
  • Legal consequences: If you fail to carry out due diligence processes, you could be subject to a number of fiduciary crimes, as well as potentially be in breach of the Foreign Corrupt Practices Act. As well as federal regulation, due diligence may have state-to-state legal responsibilities, so it is important to consult with a legal professional before going ahead with acquisitions or mergers to ensure that you are legally compliant and safe.

Due diligence: areas to be examined

During the due diligence procedure, the target person or company is screened for legal violations and financial missteps. Additionally, auditors increasingly pay attention to holistic aspects like corporate culture, environmental standards, and IT security.

These are the areas most frequently examined in due diligence reviews:

Financial due diligence

Financial due diligence (FDD) involves identifying and weighing up financial strengths and weaknesses. This involves analyzing the current situation and forecasting the future financial situation. This includes aspects like assets and cash flow, as well as the raising of capital (debt and equity), financial structures, and earnings.

Market and commercial due diligence

Market and commercial due diligence are closely linked: in commercial due diligence, you concentrate on the company’s marketability – in particular, company-specific aspects play a role. You analyze the company and concentrate on purchasing and sales. Who are the suppliers? What contracts have been negotiated? How efficient is the supply chain? You should also examine materials management. Quality and scope play an important role in this area. The fields of research and development are also often interesting. Does the company participate in driving innovation in its field of business? This opens up future potential.

In order to assess the company and its position in the market, the next analytical step focuses less on the company itself and more on the market area where it operates. Find out who the biggest competitors are and which products and services contribute to their success. Which business model to market participants follow and how successful are they?

Market due diligence goes one step further to investigating how the market has developed. Mergers, new competitors, or market downturns in the last five years can have a significant impact on your purchasing decision. You describe the playing field of your target company. If possible, conduct customer surveys to find out more about the company’s image.

Tax due diligence

In addition to an individual’s current tax situation, the tax due diligence analysis also includes future tax developments. Since the purchase itself already has tax consequences, this kind of information is very valuable. The analysis also includes the expected transformation tax or group tax. The risk analysis is particularly important. If fiscal court proceedings have not yet been concluded or if a tax audit is currently still in progress, additional costs can be expected. The purchase itself also raises a number of questions:

  • Can the purchase price be written off?
  • Will loss carryforwards be retained?
  • What taxes are payable directly on purchase (e.g. real estate transfer tax)?
  • Which financing options are more effective under tax law?

Operational due diligence

Operational due diligence (ODD) deals with the target company’s work processes. A potential increase in value is particularly interesting. This form of due diligence is preferred by buyers of industrial companies. There, an efficient workflow plays an important role when it comes to value creation – for example, with the help of improved communication and planning in the supply chain, as well as automation. The experts must also determine whether the business plan presented is feasible with the given operational possibilities. This form of due diligence is often required by financiers (like banks) to assess the risks associated with overly optimistic daily expense calculations.

Technical due diligence

Technical due diligence is one of the most important risk analyses in real estate acquisition. For example, it is carried out when someone buys a company with industrial facilities. Anyone who wants to have a technical due diligence procedure carried out needs both experts for the building fabric and for technical facilities. Suitable technicians then determine what the plant’s capacities are, how they are used to capacity, and whether they might need to be reviewed. The quality control of goods produced is also included in the assessment. Depending on the industry branch, you should also have explosion, fire hazards, and possible risks of chemical or radioactive contamination assessed. The analysis should reveal which costs are incurred to keep the property in good condition, or to remedy defects. As a rule, investors are also interested in whether they can modernize the object of purchase.

Environmental due diligence

Environmental due diligence checks a company for compliance with national and international environmental regulations. You should make sure that the target has all the necessary approvals. Environmental management is becoming increasingly important worldwide, especially in manufacturing industries. Determine the potential in this area and find out how the company organizes the necessary measures. In the case of real estate, it is essential that you know the properties location before buying:

  • Does industrial use have a proven or potential negative impact on the environment? (population protection, groundwater pollution, or similar)
  • Are there any contaminated sites that might pose a threat to the environment?
  • Location risks (e.g. flooding) and special environmental protection requirements (e.g. proximity to nature reserves)
  • Are the buildings contaminated with pollutants?

Environmental assessment and technical investigation overlap to some extent – for example, in the risk assessment of pollutants used in production.

IT due diligence

IT due diligence (also known as digital due diligence) is not just important if you are interested in purchasing an IT company, since many other service providers and retailers also receive their orders in whole or in part over the internet. As the flagship of a company, its online presence and the associated communication channels and processes should be future-oriented (scalable) and secure. Many internal company processes are now also computer-aided. Some companies maintain their own IT systems, others used licensed products. These licenses must be completely clarified before a purchase.

In a merger, the combination of two IT systems is also a significant cost and time factor. With a due diligence procedure, you could uncover possible security gaps and compatibility problems.

Human resources due diligence

Human resources due diligence deals with the human aspect of a company – the employees who work there. In terms of determining the purchase price and risk assessment, personnel analysis is particularly concerned with key figures in a group, like the creative minds and decision makers among the team. In the case of a merger or acquisition, personnel structures in the target company can drastically change. If important “human capital” is lost, this can influence work processes and damage the entire company in the long term. You should analyze which employees perform which functions, and how important they are for internal processes.

In the human resources due diligence process, you go through employment contracts. Coordinate the process with legal due diligence procedures. Conspicuous features like unusually high bonus agreements for individual employees or above-average notice periods can certainly influence the purchase price.

Legal due diligence

Legal due diligence examines all legal circumstances in a target company. As noted above, this also includes the employment contracts, for example. However, you should also check the ownership structure of the company and its subsidiaries, which may have different legal forms. In this way, you can be sure that in the event of a takeover, you will not pay for shares over which you have hardly any legal influence.

Clarifying patent rights is also an important part of this examination. However, the IP due diligence process described below provides a more detailed breakdown of this area. Questions regarding antitrust law or other legal disputes should also be uncovered and, at best, answered by a legal due diligence procedure, since open lawsuits can considerably reduce a company’s value. During the legal audit, your legal experts should also carefully examine the purchase contract itself. This is a prerequisite for being able to track down false or misleading information and have a basis for negotiating the guarantee catalogue.

IP due diligence

IP due diligence stands for “Intellectual Property Due Diligence” i.e. an examination of a company’s intellectual property. As already mentioned, this includes registered patents, among other things. Larger companies sometimes have an abundance of legally protected trademarks. These often include special pictograms, logos (a popular example of this is Apple’s bitten apple), or even taste profiles for patented recipes – like Maggi stock cubes. Also check which licenses the company grants and which ones it uses itself. This can include software, manufacturing processes, and industrial property rights.

Cultural due diligence

The cultural due diligence audit analyzes a part of the company that is difficult to grasp – corporate culture. This term sounds a bit like abstract marketing talk, but it can have an impact on the success of a company merger. Unlike the corporate image, the corporate culture describes the perceived reality within a company. If two company cultures are incompatible, communication problems or even disputes can easily arise. However, the respective managers will usually present “their” company in the best light. For this reason, it makes sense to learn about corporate culture yourself – for example:

  • Establish a relationship with the entrepreneurs or managing directors in advance so that the guiding culture can be crystallized through discussions and cooperation.
  • Analyze fluctuation rates. Is the management fleeing to another company or is the workforce stagnating?
  • Evaluate internal documents like protocols, newsletters, and corporate social networks. They often reveal how employees interact with each other and see the company.
  • Ask external sources for their opinion. If you know self-employed people who maintain contacts with the target company, simply ask them for their assessment.

Strategic due diligence

Strategic due diligence deals with the financial potential of a target. Strategic investors in particular benefit from this analysis. The experts take various risk factors into account, determine the current situation, and develop a forecast for the future of a potential merger. For this purpose, they analyze the object of purchase, taking into account the respective market. These are the most important aspects:

  • The value chain
  • Legal framework
  • Operations: workflows and their dependencies
  • Competition analysis in the immediate and wider environment, trend forecasting
  • Market analysis: demand, driving forces, and trends
  • Performance analysis and comparison at strategic and operational level
  • Entry barriers to the market: is the company easy to replace with new competitors or substitute services?
  • Risk analysis and planning of measures according to the analyzed dependencies

This kind of risk analysis bundles many of the aforementioned areas and serves to find a profit-maximizing strategy for investors.

Merger integration due diligence

If two companies merge with each other, the merger needs to be planned. The merger integration due diligence procedure examines all aspects that have an influence on it. A fusion is often referred to as a post-merger integration, i.e. it takes place after the integration of one company into another. The due diligence usually includes a precautionary risk assessment of the object of purchase. In this case, however, the original meaning of the term is taken into account. With due care, both companies – buyer and seller – must be examined for similarities and differences. Different types of mergers also require different approaches to the merger of two parties. These are the most common kinds of merger:

  • Complete takeovers (acquisition): One company swallows another. The target company converts all processes and structures according to the buyer’s specifications.
  • Participation: The owner of the target company changes. The company owner changes, but structures are retained. In fact, there is no integration.
  • Conservation: The target company remains largely autonomous. However, the purchasing company ultimately has the say. Financial structures should be integrated. This connection often exists with parent companies and subsidiaries. 
  • Symbiosis: This type of integration is very rare and functions even less frequently. In mergers between equal companies, the result is often the creation of a new company. For example, Daimler-Benz and Chrysler merged to form Daimler-Chrysler. Both initial companies gave up their businesses and the new company Daimler-Chrysler continued the work of both. In the symbiosis, both companies involved tailored the integration measures to their common goals. 

Preventive planning contributes significantly to the success of company integration, but it is often neglected. Poor integration and hasty purchase decisions, however, often lead to a loss of company value. Anyone who intends to buy a company usually knows the following statistic: 40-70% of all mergers are considered unsuccessful.

This rather large spread can be explained by the range of the term “unsuccessful.” Complete bankruptcy is far less common than declining profits. Therefore, it is statistically unlikely that a company will have to file for bankruptcy as a result of a failed merger. However, losses are likely.

The best-known example of a merger with catastrophic consequences is that of the two once bitter but successful rivals: Pennsylvania Railroad (PRR) and New York Central Railroad (NYC). Both railway companies have been operating railway lines in the northeast US since the mid-19th century. PRR was considered the largest railway company at the time, and for a long time played a pioneering role in safe, efficient rail traffic. NYC maintained some of the fastest, most legendary streamlined locomotives in US history, like the Super Hudson.

The two companies competed for the New York-Chicago route. When the automobile boom began in the 1950s, the former competitors wanted to join forces to counter the trend. In 1968, the Pennsylvania Railroad Company and the New York Central Railroad merged in a merger of equals to form the Penn Central Transportation Company. The newly founded transportation company was the sixth largest company in the United States. Two years later, Penn Central filed for bankruptcy. At the time, it was the largest bankruptcy in US history.

The current figures show that this story is often repeated in some respects. CEOs with too much self-confidence are often quick to conclude major mergers with high risks. The share value of these companies deteriorated over time compared to their competitors.

However, there is also good news. Thoughtful bosses of small to medium-sized companies rarely make these wrong decisions.

If investors are only interested in making a quick profit by streamlining a company, a merger is definitely worthwhile for them. The manager and CEO of a sold company also leave the company with severance payments after a successful handover. However, if the company is to make a lasting profit, it needs more than just a simple business plan. The new management needs to understand both parts and their corporate cultures. It must analyze the product and its appeal, its clientele, and the market.

This is where merger integration due diligence comes in. Anyone who not only wants to conclude a profitable deal in the short term, but also wants to grow with a new company in the long term, should keep the following guidelines in mind:

  • When two companies grow together, new organizational structures inevitably emerge. Before new and old meet and complications arise, plan the organizational structures. Analyze the working methods and organization of the target company in detail. Maintain strengths and eliminate weaknesses.
  • Mergers consume many resources, both monetary and personnel. Take up the inventory. Communicate with staff. You can only achieve your integration goals with sufficient capacity and motivation from the people involved.
  • The new company will need a business plan and a target-oriented strategy. Make sure that your measures are adapted to the market and the customers’ target company.
  • Review your integration planning. Calculate which time and financial resources the company needs. Plan B helps with bottlenecks.
  • An internal integration team with extensive competences – and the necessary know-how – should monitor the integration and analyze whether the resources provided are suitable and sufficient for their respective tasks.

The different forms of due diligence also have different focuses. They range from classic areas like tax, finance, and law to digital security and socially relevant fields. It is worthwhile for large corporations to cover all aspects, because insufficiently planned mergers can quickly have a negative impact on business. This reduces the value of the company and endangers jobs. For small and medium-sized enterprises, the risk is lower, but the necessary care before a purchase is still appropriate.

Due diligence: risk assessment made to measure

There are countless potential business partners on the market. Some may already pose a higher risk than others, due to the size of their business. A small start-up requires less detailed analysis than a large company from a risky economic sector. Accordingly, different forms of precautionary risk analysis exist that are tailored to different needs.

Simplified and extended due diligence review

Simplified due diligence: If it is likely to be low risk, simplified analysis is sufficient. Young companies with few employees, for example, have a low risk potential. Bribery offences are rare among them, as there is usually no contact with public officials. If the company only acts domestically, even unknown third-party partners who may violate international law do not pose a threat. If the annual balance sheet analysis doesn’t raise any unpleasant questions, this is a good sign.

A simple method: do your research online. News articles and employer assessment portals provide a first impression. Preparing a not-too-extensive financial risk analysis and a tax audit are useful. In addition, you should obtain access to company databases to learn more about financial structures in the business.

Extended due diligence: Large, internationally active companies generally represent a greater risk. On the one hand, they have to comply with country-specific laws and international law; on the other hand, a large number of subsidiaries and business partners are more likely to act in a way that at least some of them are detrimental to their business. High-risk indicators are, among others:

  • Inconsistent balance sheets
  • Employees or partners who have close contact with (foreign) officials
  • Companies located in known tax havens or countries with high corruption indices
  • Opaque information on beneficial owners

Possible warnings can be found, for example, on national and international watch lists (they include serious criminals or suspects of terrorism), sanctions lists (they include actors with economic and legal risk potential) and PEP lists (“politically exposed persons” – PEPs for short – are linked to politicians and are subject to strict reporting obligations in order to prevent money laundering). In addition, country databases inform about possible risks, which are more pronounced in the respective country than in other countries. For example, the Transparency International Corruption Perception List gives indications of how frequently bribery offences occur in the individual countries. Even extreme weather conditions are gaining importance in risk assessment. The risk of flooding, forest fires, or storm damage also influences the value of your future property.

Onboarding and ongoing due diligence

Onboarding is usually understood as the step-by-step introduction of new employees to the company and its culture. Onboarding due diligence, on the other hand, refers to business partners. These can be customers (client onboarding) or suppliers (distributor onboarding).

The difference with client onboarding (also known as know-your-client-testing) is that it is not the customer who analyzes a purchased item for risks, but the seller who checks the customer. This not only affects the customer’s creditworthiness, but also the legitimacy of their financial resources. Relationships with employees or public officials from whom the customer may derive unfair advantages are risk factors.

Distributor on-boarding due diligence is carried out when you intend to enter into a long-term relationship with suppliers or order large quantities of goods. If, for example, you process a supplier’s raw materials unchecked and as a result sell harmful goods to end customers, you must expect legal consequences. Therefore, there are standards for compliance in the supply chain. A due diligence check assesses the risks associated with a potential supplier.

Due diligence in the context of onboarding not only includes the risk assessment before you enter into a business relationship, but also the necessary diligence when you integrate and introduce customers or suppliers into your processes. This is similar to merger integration due diligence.

You carry out ongoing due diligence during a business relationship. The review takes place at regular intervals and as soon as you become aware of a red flag (a risk signal) with your business partner. Such a regular review ensures that your supply chain compliance standards are met.

An example of risks associated with corporate takeovers or cooperations:

The fashion industry is constantly attracting attention with violations of environmental law and workplace safety, as well as unfair treatment of workers. Textile factories in Bangladesh, for example, made international headlines when two catastrophes in quick succession killed countless workers. The fire at the Tazreen Fashion factory cost the lives of at least 112 people in 2012. In 2013, 1,134 employees died during the collapse of the Rana Plaza building. They had previously been sent by their superiors into the cracked building despite their protests.

Large fashion chains like H&M, Primark, and C&A have business connections with insecure textile factories in Bangladesh. However, under the increasing social pressure arising from media coverage, some of the large corporations bowed down and promised not only better compliance audits. They also supported the state government in implementing fair pay and security practices. They laid that down in the Bangladesh Agreement. After not much had happened in the more than 3,500 textile factories in Bangladesh until 2016, textile worker trade unions sued a company of the signatories for $2.3 million. They won the case. Building security then improved in many factories by 2018.

To display this video, third-party cookies are required. You can access and change your cookie settings here.

After safety standards had improved at least in most factories, however, new accusations arose. This time it was about suppliers for the brand GAP. According to the Global Labor Justice organization, the workforce was increasingly exposed to verbal and physical assaults by superiors. According to that, the victims were beaten and insulted if they did not reach production targets. These production targets result from the ever shorter “micro-seasons” of the fast fashion industry. Whether this situation changes for the better remains to be seen.

Multinational companies can easily get bad press and a few million in damages for neglecting compliance standards in their supply chain. These sanctions hit small and medium-sized businesses far harder. They can’t easily take advantage of alternative markets when bad press in an area leads to a slump in sales. If you maintain business relationships with risky companies, you should ideally practice ongoing due diligence. This will enable you to react in good time if your suppliers are noticed negatively.

Compliance, explained

Anyone who needs to comply with national and international laws against bribery and fraud should establish a compliance agreement. In order for this to work, the executive boss and the compliance manager need to internalize and exemplify the respective rules. A compliance management system (CMS) helps configure and test the rules. National guidelines in the US that uphold the auditing standard for compliant management systems are the responsibility of the Open Compliance & Ethics Group (OCEG).


The term “compliance” stands for all the rules written down by management and those measures which serve to comply with these rules. These rules contain national and international laws and guidelines. On the other hand, they include codes drawn up by the company itself, which might require and promote a humane personnel policy, or special environmental standards, for example. Compliance can influence a potential choice of business partner. Compliance management systems help to create compliance regulations and monitor compliance.

Advantages and disadvantages of due diligence

In most cases, the answer is certain: You just can’t do without due diligence in mergers and acquisitions, since the “grey market” (an unofficial market where securities are traded) is unsupervised by authorities. Honest providers and fraudsters can hardly be distinguished at a glance. If you invest in real estate, the money laundering risk is high. Additionally, only due diligence can protect beneficial owners from possible legal consequences. However, there are always criticisms of the usual due diligence procedure.



Due diligence checklists and questionnaires make the process comprehensible.

General checklists usually do not cover all necessary risk factors of an individual case – or they list risks that are not relevant for the particular transaction.

External consultants specialize in due diligence. Their experience enables them to identify risks quickly and thoroughly.

In the case of international orders, remuneration is often success-oriented. IF no purchase is made, their fee is lower. This creates a clear conflict of interest.

Sellers are reluctant to reveal weaknesses. Therefore, they may conceal certain risk areas. When planning a due diligence procedure, this can lead to misjudgment as to which specialists the buyer needs.

Due diligence: How to proceed

Due diligence is not a set-in-stone procedure. The forms of risk analysis presented in this article overlap in part. Others may not be necessary for your planned transactions. To decide what should be analyzed at all, you should first put together a team of experts. Outside analysts often have a lot of experience in their field, but don’t know your company exactly. If you set up a team from your own ranks, you can be sure that your employees are acting in the interests of the company. In addition, it’s more likely that an internal team will really check the points that are relevant to your purchase, rather than unthinkingly working through a checklist. However, small and inexperienced companies without trained personnel benefit from external experts.

  1. Before undertaking a detailed due diligence procedure, you first need to research publicly accessible sources. You can use the internet to do this. The best place to start is the company website. This shows where the other company is located and how they present themselves to the outside world. Here you will also find initial information on owners and executives. Important customers are also often mentioned there. More information on internal and external relations can be found in job networks and official and unofficial social media accounts. Pay attention also to connections to politics or criminal persons or organizations. Are there questionable investors and advocates?
    You should also examine the business environment. Which companies are geographically close? Who are the direct competitors in the respective market segment? Does the company have a worrying history? For example, has it changed ownership on numerous occasions or was it forced to abandon its business model due to inefficiency? Have former employees left under unclear circumstances? Check to see if company employees have connections with people you know. Independent first-hand assessments are helpful.
  2. If you don’t see any warning signals during an initial overview, you can rely on your expert teams for a due diligence analysis. First, your team identifies all important data and actors.
    When buying a company, the seller usually provides a “data room.” Investment bankers often represent the issuer. They prepare the information they consider important for risk analysis: contracts, real estate, leasehold properties, all financial documents and tax returns. Creative capital like patents and registered trademarks as well as personnel documents like salaries and severance payments are also important variables. Open court proceedings are just as interesting for risk analysis as those for which an agreement has already been reached or penalties have been imposed. In the case of a property acquisition, have the building structure, technical facilities and exterior areas checked for structural defects and environmental risks.
  3. Go into detail: Check the existence and integrity of beneficiaries. Ask for information about their financial sources.
  4. It is possible that some data may indicate that documents have been withheld from you. This is not necessarily surprising when it comes to confidential data. Sometimes, however, these documents point to risks that would depress the purchase price during the purchase negotiations. A competent team will subsequently obtain these documents from the seller.
  5. Finally, compare all known actors with national (and possibly international) sanctions lists. Connections to money launderers, terror suspects, or politically exposed people (in short: PEP) are not always easy to uncover. You should therefore use the country databases, PEP and watch lists mentioned above.

The US government has a website devoted to scams and fraudulent behavior, including fraudulent companies. The U.S Securities and Exchange Commission’s website has the EDGAR database, which allows you to access information on more than 21 million filings – this is a great resource for investors and companies looking to research potential partners in the US. The U.S Commodity Futures Trading Commission also has a guide to avoiding fraud as well as more information on a range of due-diligence related matters. The latter two are both members of the International Organization of Securities Commissions (IOSCO). This is a body that monitors national and international warnings lists of different regulatory authorities and compiles them on the IOSCO.

  1. Have you gathered the necessary information and uncovered suspicious elements? Now you should evaluate your findings in the context of risk assessment. Inconsistencies in accounting can indicate corruption in existing relationships with PEPs. Small construction defects, on the other hand, can possibly be remedied at low cost. Ideally, the newly acquired information shows you that you can use your know-how to turn a poorly marketed product into a small gold mine. Strategic due diligence can help you do this. Avoid risks and take advantage of opportunities when you acquire real estate or company shares.

Due diligence: taking the necessary care to ensure safe investments

Regardless of whether you are a private investor, standard investor or SME owner interested in other companies: large investments enable exciting projects and substantial profits. However, they often also entail risks that are not immediately apparent. Whether money laundering, corruption, tax fraud, or expensive environmental sins. Before you negotiate a price for a purchase object, a due diligence check is necessary. Those who do not act widely with regard to their finances and the jobs of their staff in this kind of situation may lose more than their return.

At least small and young companies usually represent a relatively low risk. However, even with these companies, it makes sense to have at least a basic examination. We provide you with guidelines for this kind of audit. Just download our free due diligence checklist as a PDF and check whether you have thought of everything before investing.

Please keep in mind that this list is not exhaustive. Under certain circumstances, some of the risk areas listed may not be relevant or may be slightly relevant to your business area, while others are missing. The checklist is therefore just an initial guide.

Click here for important legal disclaimers.

We use cookies on our website to provide you with the best possible user experience. By continuing to use our website or services, you agree to their use. More Information.