Due diligence: defin­i­tion and history of pre­cau­tion­ary risk as­sess­ment

Due diligence is a legal term used in many areas, including purchase law. The concept ori­gin­ates from US jur­is­dic­tion and is un­der­stood as “care required in commerce.” Due diligence in American law has a wide scope of ap­plic­a­tion. Whilst due diligence is re­cog­nised as in­vest­ig­at­ing a potential in­vest­ment of product purchase, for the purposes of this article, we will focus on the term in relation to company ac­quis­i­tion. Before signing off on a company purchase, you should be familiar with due diligence practices.

Due diligence is a concept resulting from the plight of US se­cur­it­ies buyers who needed to protect them­selves against fraud per­pet­rated against them by the issuers. In the US, the term “due diligence” plays an important role in both private and com­mer­cial law. As the focus of this article is on company ac­quis­i­tion, we will highlight the complex risks as­so­ci­ated with company ac­quis­i­tions and initial public offerings (IPOs). A due diligence ex­am­in­a­tion reveals possible risks hidden within the company. For this reason, it has become common practice in corporate and se­cur­it­ies trading.

Due diligence is a kind of risk as­sess­ment. Before acquiring a complex purchase item, it makes the ad­vant­ages and risks as­so­ci­ated with the purchase apparent to the buyer. Therefore, it is also the re­spons­ib­il­ity of the buyer or an expert com­mis­sioned by them to carry it out. The seller co­oper­ates by creating a “data room.” This includes all the essential in­form­a­tion that iden­ti­fies the risks, weak­nesses, and strengths of the business. The in­form­a­tion is voluntary, but should provide full in­form­a­tion about existing risks. Depending on the re­la­tion­ship with the business partners and the company ac­quis­i­tion, there are different demands on the due diligence process.

In 1930s America, the Se­cur­it­ies Act regulated what in­form­a­tion capital in­vest­ment and se­cur­it­ies sellers had to give in order to be able to sell their product. For this, you were required to submit an admission report at the Security and Exchange Com­mis­sion (SEC). When it came to trading se­cur­it­ies, it was common practice to also prosecute the final examiners crim­in­ally if investors lost money, because the salesmen had in­ten­tion­ally falsified in­form­a­tion in their report.

The in­form­a­tion in an admission report was similar to the current due diligence checklist. Issuers (se­cur­it­ies sellers) had to break down the following, amongst other things:

• Capital structure
• Manager in­vest­ments
• Salaries
• History of the company
• Re­gistered assets
• Sig­ni­fic­ant contracts and un­der­writ­ing agree­ments – ag­greg­ated and presented with net revenues
• Annual financial state­ments in audited form

In order to protect them­selves, the liability debtors had to prove that they had conducted their due diligence with due care. If a person acts carefully, they can be held in good faith if there are legal con­sequences. This in­def­in­ite legal term refers to an honest, decent person’s behaviour. Es­sen­tially, the debtors only had to ensure that the admission report was complete and correct to the best of their knowledge and belief. Apart from the main seller, almost all parties involved were able to apply “due diligence defense” in disputes. Depending on the area of re­spons­ib­il­ity and the decision-making power, different strict rules applied with regard to the required care – they were the strictest for the main seller.

Contrary to today’s belief, one defended oneself with the claim of having acted di­li­gently only after an in­dict­ment. The current due diligence practice differs in this respect from the 1933 Se­cur­it­ies Act – however, the Se­cur­it­ies Act already contained the term “due diligence” and had a decisive influence on it. The name of today’s due diligence is probably derived from the cor­res­pond­ing pro­vi­sions of the Se­cur­it­ies Act.

The Se­cur­it­ies Exchange Act of 1934 (the Col­lat­er­al Exchange Ordinance) had to be enacted before customers could obtain generally accepted judicial means of buyer pro­tec­tion. Its ap­plic­a­tion scope covers trans­ac­tions beyond state borders. Sub­sequently, due diligence pro­ced­ures slowly developed in the USA. Later, the Uniform Com­mer­cial Code regulated the law on the sale of companies. According to it, sellers are only obliged to provide certain services. The sold company share must be legally valid and the sale must be legally effective.

The reg­u­la­tion applies to the sale of companies by transfer of shares as well as to se­cur­it­ies trading. An important thing to note is Rule 10b-5 in con­junc­tion with the Se­cur­it­ies Exchange Act, section 10 (b) prohibits fraud­u­lent acts like in­ten­tion­ally omitted or false dis­clos­ures. However, issuers are not required to include all in­form­a­tion directly in the contract. Ad­di­tion­al documents as­so­ci­ated with the contract are suf­fi­cient evidence. Customers are not entitled to com­pens­a­tion if material in­form­a­tion is missing or incorrect. However, the reg­u­la­tion does not contain any other customer-friendly rules.

The American legal situation is based on the principle “caveat emptor” (buyer beware). Sellers are therefore only liable if it can be proven that they provide false in­form­a­tion in the contract or omit important in­form­a­tion. In case of doubt, the buyer bears the damage. An early in­spec­tion of the purchase item is therefore carried out in the interest of the customer. After an ex­am­in­a­tion like this, the buyer side must actively protect itself. They can negotiate guar­an­tees, war­ranties, and a purchase price only after this ex­am­in­a­tion. According to US law, due diligence applies to customers in general in both private and com­mer­cial law.

By the 1970s, the US had risen to become an economic world power, whose currency and stock exchange were used by many mul­tina­tion­al companies. During the Cold War, however, the US had to deal with the Watergate scandal, which caused tre­mend­ous damage to its repu­ta­tion. During the course of the in­vest­ig­a­tion, it was found that large companies had paid bribes to both domestic and foreign politi­cians. To conceal this, they falsified their entries in the SEC, amongst other things.

Through­out the course of the Watergate scandal, numerous other bribery scandals were brought into light. In the 1970s the Lockheed group paid bribes to politi­cians in Japan, the Neth­er­lands, and Italy, covered by Ann Eberhardt on Corporate Com­pli­ance Insights. These bribes were paid to encourage them to purchase Lockheed planes, and they were paid shortly before the US granted the company a massive rescue loan of $250 million.

The American judicial system praised the fight against bribery on an in­ter­na­tion­al level, probably also to preserve their repu­ta­tion. In 1977, the Foreign Corrupt Practices Act (FCPA) came into force. According to this act, all in­ter­na­tion­al companies that are re­gistered with the Security and Exchange Com­mis­sion or that use US dollars are required to comply with this reg­u­la­tion. The FCPA prohibits companies and their employees, managers, or business partners from bribing foreign officials.

This ini­ti­at­ive to combat cor­rup­tion at the in­ter­na­tion­al level was followed in 1997 with the es­tab­lish­ment of the OECD (Or­gan­isa­tion for Economic Co-operation and De­vel­op­ment), which also fought against the bribery of foreign public officials in in­ter­na­tion­al business trans­ac­tions.

In 2010, the UK also adopted new laws against bribery. Their previous laws were limited to national offences and were con­sidered outdated. The Bribery Act 2010 makes bribery by both companies and in­di­vidu­als a criminal offence. The Act applies in­ter­na­tion­ally. It applies to per­pet­rat­ors who have a close con­nec­tion with the UK – i.e. companies in­cor­por­ated under its law and people who live there or have cit­izen­ship of one of its ter­rit­or­ies. It also regulated the legal con­sequence of sub­sequent bribery offences:

• Cor­rupt­ib­il­ity and advantage-taking
• Bribery of foreign public officials
• Bribery and cor­rup­tion in the course of business
• Tacit ac­cept­ance of bribery by a company, either by its own employees or by third parties

The FCPA and the Bribery Act 2010 are national laws with an in­ter­na­tion­al ap­plic­a­tion scope. In the area of com­pli­ance, as well as in due diligence reviews, you should not un­der­es­tim­ate their impact. Even small and medium-sized companies are in­creas­ingly net­work­ing in­ter­na­tion­ally, as a result of glob­al­isa­tion. When dealing with national and in­ter­na­tion­al business partners, you should always pay attention to due diligence.

The most recent le­gis­la­tion passed in the UK that affected due diligence pro­ced­ures was passed just last year. The Money Launder, Terrorist Financing and Transfer of Funds (In­form­a­tion on the Payer) Reg­u­la­tion may not initially sound like something pertinent to company ac­quis­i­tion, but the details outlined in it are indeed relevant. Com­pli­ance with these reg­u­la­tions requires adherence to these three key aspects:

• A written as­sess­ment of any potential money laun­der­ing risk is required, as well as evidence that internal controls are in place/will be im­ple­men­ted
• You must provide notice of different cat­egor­ies of customer due diligence that needs to be conducted and how this due diligence procedure is to be carried out
• And finally, trusts must provide any special be­ne­fi­ciary ownership in­form­a­tion to a central register.

These reg­u­la­tions take over from the previous 2007 set, and are intended to counter against money laun­der­ing, a crime which can take place during company ac­quis­i­tions. More in­form­a­tion on the le­gis­la­tion can be found here.

Due diligence reviews are being carried out more and more fre­quently by business owners. Cor­res­pond­ing reg­u­la­tions are intended to ensure greater trans­par­ency and re­spons­ib­il­ity at man­age­ment level. Due to in­creas­ing glob­al­isa­tion, national le­gis­lat­ors are also more likely to include in­ter­na­tion­al business re­la­tion­ships in their con­sid­er­a­tions. If the law provides for a re­la­tion­ship between a company and the le­gis­lat­ive nation, criminal au­thor­it­ies will also prosecute suspected persons in third countries.

In the case of an imminent merger or ac­quis­i­tion, as well as in the case of planned in­vest­ments such as se­cur­it­ies, companies should protect them­selves with due diligence. Anyone who finds them­selves working with business partners should be familiar with their most important key data before con­clud­ing a contract. This applies to both natural and legal persons, es­pe­cially when it comes to in­ter­na­tion­al contacts. In the event of fraud or bribery, it isn’t just the company involved that is liable, but also all demon­strably involved persons – from managers to finance de­part­ment employees to customers – are all liable.

Companies try to prevent financial losses and negative legal con­sequences by using a due diligence process. Here is a list of the possible risks:

• Repu­ta­tion damage: A company that is publicly as­so­ci­ated with cor­rup­tion or other criminal activity loses the trust of (potential) customers or business partners. If it becomes known that you are working with unfair or de­lin­quent business partners, this also affects your repu­ta­tion.
• Economic risks of a purchase: An ap­pro­pri­ate purchase price must be de­term­ined for company ac­quis­i­tions or mergers. The re­spect­ive strengths and weak­nesses of a company provide in­form­a­tion about the quality of an object up for purchase. Mis­judg­ments can lead to too much in­vest­ment. Financial risks can also arise when the future partner neglects legal standards and this is only revealed at a later stage.
• Financial risks in existing business re­la­tion­ships: Even during the course of a long business re­la­tion­ship, new risks can always arise – for example, if your partner is now engaged in illegal practices. If your company profits (even un­know­ingly) from the crime committed by a business partner, this can result in sub­stan­tial fines. 
• Legal con­sequences: If you fail to carry out due diligence processes, you could be subject to a number of fiduciary crimes, as well as po­ten­tially be in breach of the Foreign Corrupt Practices Act. It is important to consult with a legal pro­fes­sion­al before going ahead with ac­quis­i­tions or mergers to ensure that you are legally compliant and safe.

During the due diligence procedure, the target person or company is screened for legal vi­ol­a­tions and financial missteps. Ad­di­tion­ally, auditors in­creas­ingly pay attention to holistic aspects like corporate culture, en­vir­on­ment­al standards, and IT security.

These are the areas most fre­quently examined in due diligence reviews:

Financial due diligence (FDD) involves identi­fy­ing and weighing up financial strengths and weak­nesses. This involves analysing the current situation and fore­cast­ing the future financial situation. This includes aspects like assets and cash flow, as well as the raising of capital (debt and equity), financial struc­tures, and earnings.

Market and com­mer­cial due diligence are closely linked: in com­mer­cial due diligence, you con­cen­trate on the company’s mar­ket­ab­il­ity – in par­tic­u­lar, company-specific aspects play a role. You analyse the company and con­cen­trate on pur­chas­ing and sales. Who are the suppliers? What contracts have been ne­go­ti­ated? How efficient is the supply chain? You should also examine materials man­age­ment. Quality and scope play an important role in this area. The fields of research and de­vel­op­ment are also often in­ter­est­ing. Does the company par­ti­cip­ate in driving in­nov­a­tion in its field of business? This opens up future potential.

In order to assess the company and its position in the market, the next ana­lyt­ic­al step focuses less on the company itself and more on the market area where it operates. Find out who the biggest com­pet­it­ors are and which products and services con­trib­ute to their success. Which business model do market par­ti­cipants follow and how suc­cess­ful are they?

Market due diligence goes one step further to in­vest­ig­at­ing how the market has developed. Mergers, new com­pet­it­ors, or market downturns in the last five years can have a sig­ni­fic­ant impact on your pur­chas­ing decision. You describe the playing field of your target company. If possible, conduct customer surveys to find out more about the company’s image.

In addition to an in­di­vidu­al’s current tax situation, the tax due diligence analysis also includes future tax de­vel­op­ments. Since the purchase itself already has tax con­sequences, this kind of in­form­a­tion is very valuable. The analysis also includes the expected trans­form­a­tion tax or group tax. The risk analysis is par­tic­u­larly important. If fiscal court pro­ceed­ings have not yet been concluded or if a tax audit is currently still in progress, ad­di­tion­al costs can be expected. The purchase itself also raises a number of questions:

• Can the purchase price be written off?
• Will loss carry­for­wards be retained?
• What taxes are payable directly on purchase (e.g. real estate transfer tax)?
• Which financing options are more effective under tax law?

Op­er­a­tion­al due diligence (ODD) deals with the target company’s work processes. A potential increase in value is par­tic­u­larly in­ter­est­ing. This form of due diligence is preferred by buyers of in­dus­tri­al companies. There, an efficient workflow plays an important role when it comes to value creation – for example, with the help of improved com­mu­nic­a­tion and planning in the supply chain, as well as auto­ma­tion. The experts must also determine whether the business plan presented is feasible with the given op­er­a­tion­al pos­sib­il­it­ies. This form of due diligence is often required by fin­an­ci­ers (like banks) to assess the risks as­so­ci­ated with overly op­tim­ist­ic daily expense cal­cu­la­tions.

Technical due diligence is one of the most important risk analyses in real estate ac­quis­i­tion. For example, it is carried out when someone buys a company with in­dus­tri­al fa­cil­it­ies. Anyone who wants to have a technical due diligence procedure carried out needs both experts for the building fabric and for technical fa­cil­it­ies. Suitable tech­ni­cians then determine what the plant’s ca­pa­cit­ies are, how they are used to capacity, and whether they might need to be reviewed. The quality control of goods produced is also included in the as­sess­ment. Depending on the industry branch, you should also have explosion, fire hazards, and possible risks of chemical or ra­dio­act­ive con­tam­in­a­tion assessed. The analysis should reveal which costs are incurred to keep the property in good condition, or to remedy defects. As a rule, investors are also in­ter­ested in whether they can modernise the object of purchase.

En­vir­on­ment­al due diligence checks a company for compliance with national and in­ter­na­tion­al en­vir­on­ment­al reg­u­la­tions. You should make sure that the target has all the necessary approvals. En­vir­on­ment­al man­age­ment is becoming in­creas­ingly important worldwide, es­pe­cially in man­u­fac­tur­ing in­dus­tries. Determine the potential in this area and find out how the company organises the necessary measures. In the case of real estate, it is essential that you know the property’s location before buying:

• Does in­dus­tri­al use have a proven or potential negative impact on the en­vir­on­ment? (pop­u­la­tion pro­tec­tion, ground­wa­ter pollution, or similar)
• Are there any con­tam­in­ated sites that might pose a threat to the en­vir­on­ment?
• Location risks (e.g. flooding) and special en­vir­on­ment­al pro­tec­tion re­quire­ments (e.g. proximity to nature reserves)
• Are the buildings con­tam­in­ated with pol­lut­ants?

En­vir­on­ment­al as­sess­ment and technical in­vest­ig­a­tion overlap to some extent – for example, in the risk as­sess­ment of pol­lut­ants used in pro­duc­tion.

IT due diligence (also known as digital due diligence) is not just important if you are in­ter­ested in pur­chas­ing an IT company, since many other service providers and retailers also receive their orders in whole or in part over the internet. As the flagship of a company, its online presence and the as­so­ci­ated com­mu­nic­a­tion channels and processes should be future-ori­ent­ated (scalable) and secure. Many internal company processes are now also computer-aided. Some companies maintain their own IT systems, others used licensed products. These licenses must be com­pletely clarified before a purchase.

In a merger, the com­bin­a­tion of two IT systems is also a sig­ni­fic­ant cost and time factor. With a due diligence procedure, you could uncover possible security gaps and com­pat­ib­il­ity problems.

Human resources due diligence deals with the human aspect of a company – the employees who work there. In terms of de­term­in­ing the purchase price and risk as­sess­ment, personnel analysis is par­tic­u­larly concerned with key figures in a group, like the creative minds and decision makers amongst the team. In the case of a merger or ac­quis­i­tion, personnel struc­tures in the target company can drastic­ally change. If important “human capital” is lost, this can influence work processes and damage the entire company in the long term. You should analyse which employees perform which functions, and how important they are for internal processes.

In the human resources due diligence process, you go through em­ploy­ment contracts. Co­ordin­ate the process with legal due diligence pro­ced­ures. Con­spicu­ous features like unusually high bonus agree­ments for in­di­vidu­al employees or above-average notice periods can certainly influence the purchase price.

Legal due diligence examines all legal cir­cum­stances in a target company. As noted above, this also includes the em­ploy­ment contracts, for example. However, you should also check the ownership structure of the company and its sub­si­di­ar­ies, which may have different legal forms. In this way, you can be sure that in the event of a takeover, you will not pay for shares over which you have hardly any legal influence.

Cla­ri­fy­ing patent rights is also an important part of this ex­am­in­a­tion. However, the IP due diligence process described below provides a more detailed breakdown of this area. Questions regarding antitrust law or other legal disputes should also be uncovered and, at best, answered by a legal due diligence procedure, since open lawsuits can con­sid­er­ably reduce a company’s value. During the legal audit, your legal experts should also carefully examine the purchase contract itself. This is a pre­requis­ite for being able to track down false or mis­lead­ing in­form­a­tion and have a basis for ne­go­ti­at­ing the guarantee catalogue.

IP due diligence stands for “In­tel­lec­tu­al Property Due Diligence” i.e. an ex­am­in­a­tion of a company’s in­tel­lec­tu­al property. As already mentioned, this includes re­gistered patents, amongst other things. Larger companies sometimes have an abundance of legally protected trade­marks. These often include special pic­to­grams, logos (a popular example of this is Apple’s bitten apple), or even taste profiles for patented recipes – like Maggi stock cubes. Also check which licenses the company grants and which ones it uses itself. This can include software, man­u­fac­tur­ing processes, and in­dus­tri­al property rights.

The cultural due diligence audit analyses a part of the company that is difficult to grasp – corporate culture. This term sounds a bit like abstract marketing talk, but it can have an impact on the success of a company merger. Unlike the corporate image, the corporate culture describes the perceived reality within a company. If two company cultures are in­com­pat­ible, com­mu­nic­a­tion problems or even disputes can easily arise. However, the re­spect­ive managers will usually present “their” company in the best light. For this reason, it makes sense to learn about corporate culture yourself – for example:

• Establish a re­la­tion­ship with the en­tre­pren­eurs or managing directors in advance so that the guiding culture can be crys­tal­lised through dis­cus­sions and co­oper­a­tion.
• Analyse fluc­tu­ation rates. Is the man­age­ment fleeing to another company or is the workforce stag­nat­ing?
• Evaluate internal documents like protocols, news­let­ters, and corporate social networks. They often reveal how employees interact with each other and see the company.
• Ask external sources for their opinion. If you know self-employed people who maintain contacts with the target company, simply ask them for their as­sess­ment.

Strategic due diligence deals with the financial potential of a target. Strategic investors in par­tic­u­lar benefit from this analysis. The experts take various risk factors into account, determine the current situation, and develop a forecast for the future of a potential merger. For this purpose, they analyse the object of purchase, taking into account the re­spect­ive market. These are the most important aspects:

• The value chain
• Legal framework
• Op­er­a­tions: workflows and their de­pend­en­cies
• Com­pet­i­tion analysis in the immediate and wider en­vir­on­ment, trend fore­cast­ing
• Market analysis: demand, driving forces, and trends
• Per­form­ance analysis and com­par­is­on at strategic and op­er­a­tion­al level
• Entry barriers to the market: is the company easy to replace with new com­pet­it­ors or sub­sti­tute services?
• Risk analysis and planning of measures according to the analysed de­pend­en­cies

This kind of risk analysis bundles many of the afore­men­tioned areas and serves to find a profit-max­im­ising strategy for investors.

If two companies merge with each other, the merger needs to be planned. The merger in­teg­ra­tion due diligence procedure examines all aspects that have an influence on it. A fusion is often referred to as a post-merger in­teg­ra­tion, i.e. it takes place after the in­teg­ra­tion of one company into another. The due diligence usually includes a pre­cau­tion­ary risk as­sess­ment of the object of purchase. In this case, however, the original meaning of the term is taken into account. With due care, both companies – buyer and seller – must be examined for sim­il­ar­it­ies and dif­fer­ences. Different types of mergers also require different ap­proaches to the merger of two parties. These are the most common kinds of merger:

• Complete takeovers (ac­quis­i­tion): One company swallows another. The target company converts all processes and struc­tures according to the buyer’s spe­cific­a­tions.
• Par­ti­cip­a­tion: The owner of the target company changes. The company owner changes, but struc­tures are retained. In fact, there is no in­teg­ra­tion.
• Con­ser­va­tion: The target company remains largely autonom­ous. However, the pur­chas­ing company ul­ti­mately has the say. Financial struc­tures should be in­teg­rated. This con­nec­tion often exists with parent companies and sub­si­di­ar­ies. 
• Symbiosis: This type of in­teg­ra­tion is very rare and functions even less fre­quently. In mergers between equal companies, the result is often the creation of a new company. For example, Daimler-Benz and Chrysler merged to form Daimler-Chrysler. Both initial companies gave up their busi­nesses and the new company Daimler-Chrysler continued the work of both. In the symbiosis, both companies involved tailored the in­teg­ra­tion measures to their common goals. 

Pre­vent­ive planning con­trib­utes sig­ni­fic­antly to the success of company in­teg­ra­tion, but it is often neglected. Poor in­teg­ra­tion and hasty purchase decisions, however, often lead to a loss of company value. Anyone who intends to buy a company usually knows the following statistic: 40-70% of all mergers are con­sidered un­suc­cess­ful.

This rather large spread can be explained by the range of the term “un­suc­cess­ful.” Complete bank­ruptcy is far less common than declining profits. Therefore, it is stat­ist­ic­ally unlikely that a company will have to file for bank­ruptcy as a result of a failed merger. However, losses are likely.

The best known example of a merger with cata­stroph­ic con­sequences is that of the two once bitter but suc­cess­ful rivals: Pennsylvania Railroad (PRR) and New York Central Railroad (NYC). Both railway companies have been operating railway lines in the northeast US since the mid-19^th century. PRR was con­sidered the largest railway company at the time, and for a long time played a pi­on­eer­ing role in safe, efficient rail traffic. NYC main­tained some of the fastest, most legendary stream­lines lo­co­mot­ives in US history, like the Super Hudson.

The two companies competed for the New York-Chicago route. When the auto­mobile boom began in the 1950s, the former com­pet­it­ors wanted to join forces to counter the trend. In 1968, the Pennsylvania Railroad Company and the New York Central Railroad merged in a merger of equals to form the Penn Central Trans­port­a­tion Company. The newly founded trans­port­a­tion company was the sixth largest company in the United States. Two years later, Penn Central filed for bank­ruptcy. At the time, it was the largest bank­ruptcy in US history.

The current figures show that this story is often repeated in some respects. CEOs with too much self-con­fid­ence are often quick to conclude major mergers with high risks. The share value of these companies de­teri­or­ated over time compared to their com­pet­it­ors.

However, there is also good news. Thought­ful bosses of small to medium-sized companies rarely make these wrong decisions.

If investors are only in­ter­ested in making a quick profit by stream­lin­ing a company, a merger is def­in­itely worth­while for them. The manager and CEO of a sold company also leave the company with severance payments after a suc­cess­ful handover. However, if the company is to make a lasting profit, it needs more than just a simple business plan. The new man­age­ment needs to un­der­stand both parts and their corporate cultures. It must analyse the product and its appeal, its clientele, and the market.

This is where merger in­teg­ra­tion due diligence comes in. Anyone who not only wants to conclude a prof­it­able deal in the short term, but also wants to grow with a new company in the long term, should keep the following guidelines in mind:

• When two companies grow together, new or­gan­isa­tion­al struc­tures in­ev­it­ably emerge. Before new and old meet and com­plic­a­tions arise, plan the or­gan­isa­tion­al struc­tures. Analyse the working methods and or­gan­isa­tion of the target company in detail. Maintain strengths and eliminate weak­nesses.
• Mergers consume many resources, both monetary and personnel. Take up the inventory. Com­mu­nic­ate with staff. You can only achieve your in­teg­ra­tion goals with suf­fi­cient capacity and mo­tiv­a­tion from the people involved.
• The new company will need a business plan and a target-ori­ent­ated strategy. Make sure that your measures are adapted to the market and the customers’ target company.
• Review your in­teg­ra­tion planning. Calculate which time and financial resources the company needs. Plan B helps with bot­tle­necks.
• An internal in­teg­ra­tion team with extensive com­pet­ences – and the necessary know-how – should monitor the in­teg­ra­tion and analyse whether the resources provided are suitable and suf­fi­cient for their re­spect­ive tasks.

There are countless potential business partners on the market. Some may already pose a higher risk than others, due to the size of their business. A small start-up requires less detailed analysis than a large company from a risky economic sector. Ac­cord­ingly, different forms of pre­cau­tion­ary risk analysis exist that are tailored to different needs.

Sim­pli­fied due diligence: If it is likely to be low risk, sim­pli­fied analysis is suf­fi­cient. Young companies with few employees, for example, have a low risk potential. Bribery offences are rare amongst them, as there is usually no contact with public officials. If the company only acts do­mest­ic­ally, even unknown third-party partners who may violate in­ter­na­tion­al law do not pose a threat. If the annual balance sheet analysis doesn’t raise any un­pleas­ant questions, this is a good sign.

A simple method: do your research online. News articles and employer as­sess­ment portals provide a first im­pres­sion. Preparing a not-too-extensive financial risk analysis and a tax audit are useful. In addition, you should obtain access to company databases to learn more about financial struc­tures in the business.

Extended due diligence: Large, in­ter­na­tion­ally active companies generally represent a greater risk. On the one hand, they have to comply with country-specific laws and in­ter­na­tion­al law; on the other hand, a large number of sub­si­di­ar­ies and business partners are more likely to act in a way that at least some of them are det­ri­ment­al to their business. High risk in­dic­at­ors are, amongst others:

• In­con­sist­ent balance sheets
• Employees or partners who have close contact with (foreign) officials
• Companies located in known tax havens or countries with high cor­rup­tion indices
• Opaque in­form­a­tion on be­ne­fi­cial owners

Possible warnings can be found, for example, on national and in­ter­na­tion­al watch lists (they include serious criminals or suspects of terrorism), sanctions lists (they include actors with economic and legal risk potential) and PEP lists (“polit­ic­ally exposed persons” – PEPs for short – are linked to politi­cians and are subject to strict reporting ob­lig­a­tions in order to prevent money laun­der­ing). In addition, country databases inform about possible risks which are more pro­nounced in the re­spect­ive country than in other countries. For example, the Trans­par­ency In­ter­na­tion­al Cor­rup­tion Per­cep­tion List gives in­dic­a­tions of how fre­quently bribery offences occur in the in­di­vidu­al countries. Even extreme weather con­di­tions are gaining im­port­ance in risk as­sess­ment. The risk of flooding, forest fires, or storm damage also in­flu­ences the value of your future property.

On­board­ing is usually un­der­stood as the step-by-step in­tro­duc­tion of new employees to the company and its culture. On­board­ing due diligence, on the other hand, refers to business partners. These can be customers (client oboarding) or suppliers (dis­trib­ut­or on­board­ing).

The dif­fer­ence with client on­board­ing (also known as know-your-client-testing) is that it is not the customer who analyses a purchased item for risks, but the seller who checks the customer. This not only affects the customer’s cred­it­wor­thi­ness, but also the le­git­im­acy of their financial resources. Re­la­tion­ships with employees or public officials from whom the customer may derive unfair ad­vant­ages are risk factors.

Dis­trib­ut­or on-boarding due diligence is carried out when you intend to enter into a long-term re­la­tion­ship with suppliers or order large quant­it­ies of goods. If, for example, you process a supplier’s raw materials unchecked and as a result sell harmful goods to end customers, you must expect legal con­sequences. Therefore, there are standards for com­pli­ance in the supply chain. A due diligence check assesses the risks as­so­ci­ated with a potential supplier.

Due diligence in the context of on­board­ing not only includes the risk as­sess­ment before you enter into a business re­la­tion­ship, but also the necessary diligence when you integrate and introduce customers or suppliers into your processes. This is similar to merger in­teg­ra­tion due diligence.

You carry out ongoing due diligence during a business re­la­tion­ship. The review takes place at regular intervals and as soon as you become aware of a red flag (a risk signal) with your business partner. Such a regular review ensures that your supply chain com­pli­ance standards are met.

An example of risks as­so­ci­ated with corporate takeovers or co­oper­a­tions:

The fashion industry is con­stantly at­tract­ing attention with vi­ol­a­tions of en­vir­on­ment­al law and workplace safety, as well as unfair treatment of workers. Textile factories in Bangladesh, for example, made in­ter­na­tion­al headlines when two cata­strophes in quick suc­ces­sion killed countless workers. The fire at the Tazreen Fashion factory cost the lives of at least 112 people in 2012. In 2013, 1,134 employees died during the collapse of the Rana Plaza building, who had pre­vi­ously been sent by their superiors into the cracked building despite their protests.

Large fashion chains like H&M, Primark, and C&A have business con­nec­tions with insecure textile factories in Bangladesh. However, under the in­creas­ing social pressure arising from media coverage, some of the large cor­por­a­tions bowed down and promised not only better com­pli­ance audits. They also supported the state gov­ern­ment in im­ple­ment­ing fair pay and security practices. They laid that down in the Bangladesh Agreement. After not much had happened in the more than 3,500 textile factories in Bangladesh until 2016, textile worker trade unions sued a company of the sig­nat­or­ies for $2.3 million. They won the case. Building security then improved in many factories by 2018.

After safety standards had improved at least in most factories, however, new ac­cus­a­tions arose. This time it was about suppliers for the brand GAP. According to the Global Labor Justice or­gan­isa­tion, the workforce was in­creas­ingly exposed to verbal and physical assaults by superiors. According to that, the victims were beaten and insulted if they did not reach pro­duc­tion targets: pro­duc­tion targets, which result from the ever shorter “micro-seasons” of the fast fashion industry. Whether this situation changes for the better remains to be seen.

Mul­tina­tion­al companies can easily get over some bad press and a few million in damages for neg­lect­ing com­pli­ance standards in their supply chain. These sanctions hit small and medium-sized busi­nesses far harder. They can’t easily take advantage of al­tern­at­ive markets when bad press in an area leads to a slump in sales. If you maintain business re­la­tion­ships with risky companies, you should ideally practice ongoing due diligence. This will enable you to react in good time if your suppliers are noticed neg­at­ively.

Anyone who needs to comply with national and in­ter­na­tion­al laws against bribery and fraud should establish a com­pli­ance agreement. In order for this to work, the executive boss and the com­pli­ance manager need to in­ter­n­al­ise and exemplify the re­spect­ive rules. A com­pli­ance man­age­ment system (CMS) helps configure and test the rules. National guidelines in the UK that uphold the auditing standard for compliant man­age­ment systems are the re­spons­ib­il­ity of the Open Com­pli­ance & Ethics Group (OCEG).

In most cases, the answer is certain: You just can’t do without due diligence in mergers and ac­quis­i­tions, since the “grey market” (an un­of­fi­cial market where se­cur­it­ies are traded) is un­su­per­vised by au­thor­it­ies. Honest providers and fraud­sters can hardly be dis­tin­guished at a glance. If you invest in real estate, the money laun­der­ing risk is high. Ad­di­tion­ally, only due diligence can protect be­ne­fi­cial owners from possible legal con­sequences. However, there are always cri­ti­cisms of the usual due diligence procedure.

Due diligence is not a set-in-stone procedure. The forms of risk analysis presented in this article overlap in part. Others may not be necessary for your planned trans­ac­tions. To decide what should be analysed at all, you should first put together a team of experts. Outside analysts often have a lot of ex­per­i­ence in their field, but don’t know your company exactly. If you set up a team from your own ranks, you can be sure that your employees are acting in the interests of the company. In addition, it’s more likely that an internal team will really check the points that are relevant to your purchase, rather than un­think­ingly working through a checklist. However, small and in­ex­per­i­enced companies without trained personnel benefit from external experts.

1. Before un­der­tak­ing a detailed due diligence procedure, you first need to research publicly ac­cess­ible sources. You can use the internet easily to do this. The best place to start is the company website. This shows where the other company is located and how they present them­selves to the outside world. Here you will also find initial in­form­a­tion on owners and ex­ec­ut­ives. Important customers are also often mentioned there. More in­form­a­tion on internal and external relations can be found in job networks and official and un­of­fi­cial social media accounts. Pay attention also to con­nec­tions to politics or criminal persons or or­gan­isa­tions. Are there ques­tion­able investors and advocates?
   You should also examine the business en­vir­on­ment. Which companies are geo­graph­ic­ally close? Who are the direct com­pet­it­ors in the re­spect­ive market segment? Does the company have a worrying history? For example, has it changed ownership on numerous occasions or was it forced to abandon its business model due to in­ef­fi­ciency? Have former employees left under unclear cir­cum­stances? Check to see if company employees have con­nec­tions with people you know. In­de­pend­ent first-hand as­sess­ments are helpful.
2. If you don’t see any warning signals during an initial overview, you can rely on your expert teams for a due diligence analysis. First, your team iden­ti­fies all important data and actors.
   When buying a company, the seller usually provides a “data room”.  In­vest­ment bankers often represent the issuer. They prepare the in­form­a­tion they consider important for risk analysis: contracts, real estate, leasehold prop­er­ties, all financial documents and tax returns. Creative capital like patents and re­gistered trade­marks as well as personnel documents like salaries and severance payments are also important variables. Open court pro­ceed­ings are just as in­ter­est­ing for risk analysis as those for which an agreement has already been reached or penalties have been imposed. In the case of a property ac­quis­i­tion, have the building structure, technical fa­cil­it­ies and exterior areas checked for struc­tur­al defects and en­vir­on­ment­al risks.
3. Go into detail: Check the existence and integrity of be­ne­fi­ciar­ies. Ask for in­form­a­tion about their financial sources.
4. It is possible that some data may indicate that documents have been withheld from you. This is not ne­ces­sar­ily sur­pris­ing when it comes to con­fid­en­tial data. Sometimes, however, these documents point to risks that would depress the purchase price during the purchase ne­go­ti­ations. A competent team will sub­sequently obtain these documents from the seller.
5. Finally, compare all known actors with national (and possibly in­ter­na­tion­al) sanctions lists. Con­nec­tions to money laun­der­ers, terror suspects, or polit­ic­ally exposed people (in short: PEP) are not always easy to uncover. You should therefore use the country databases, PEP and watch lists mentioned above.

6. Have you gathered the necessary in­form­a­tion and uncovered sus­pi­cious elements? Now you should evaluate your findings in the context of risk as­sess­ment. In­con­sist­en­cies in ac­count­ing can indicate cor­rup­tion in existing re­la­tion­ships with PEPs. Small con­struc­tion defects, on the other hand, can possibly be remedied at low cost. Ideally, the newly acquired in­form­a­tion shows you that you can use your know-how to turn a poorly marketed product into a small gold mine. Strategic due diligence can help you do this. Avoid risks and take advantage of op­por­tun­it­ies when you acquire real estate or company shares.

Re­gard­less of whether you are a private investor, standard investor or SME owner in­ter­ested in other companies: large in­vest­ments enable exciting projects and sub­stan­tial profits. However, they often also entail risks that are not im­me­di­ately apparent. Whether money laun­der­ing, cor­rup­tion, tax fraud, or expensive en­vir­on­ment­al sins. Before you negotiate a price for a purchase object, a due diligence check is necessary. Those who do not act widely with regard to their finances and the jobs of their staff in this kind of situation may lose more than their return.

At least small and young companies usually represent a re­l­at­ively low risk. However, even with these companies, it makes sense to have at least a basic ex­am­in­a­tion. We provide you with guidelines for this kind of audit. Just download our free due diligence checklist as a PDF and check whether you have thought of everything before investing.

Please keep in mind that this list is not ex­haust­ive. Under certain cir­cum­stances, some of the risk areas listed may not be relevant or may be slightly relevant to your business area, whilst others are missing. The checklist is therefore just an initial guide.

Click here for important legal dis­claim­ers.