Contact Sales

What is due diligence? Process, Audits, and Reports

Jan 24, 2023

What is Due Diligence?

According to Investopedia, the term due diligence refers to an investigation, audit, or review performed to confirm facts or details of a matter under consideration.

In the context of a business, due diligence means employing KYC/KYB procedures to ensure compliance, prevent fraud, and minimise risk exposure associated with various business processes. Its need arises in case of business transactions like acquisitions, customer & third-party onboarding, related party compliance and even in the hiring process of employees.

The process can include reviewing financial statements, database checks, interviewing management, site visits, process audits, and assessing the company’s market position and competitive landscape.

Fortune Business Insight: Industry Update

To ensure a risk-free business ecosystem, you need to understand the key aspects of due diligence that your business needs to focus upon. Don’t worry we have got you covered. 

Here is what you can expect to learn from this article: 

  • What is due diligence?
  • Importance of Due Diligence in Today’s World
  • Types of Due Diligence
  • Rules, Regulations and Penalties around Due Diligence
  • What are your due diligence needs?
  • Risk Score-Based Due Diligence Process 
  • Levels of Due Diligence
  • Implementing Measures of Due Diligence
  • Due Diligence Solutions and Reports

Importance of Due Diligence in Today’s World

The need for due diligence becomes all the more imminent with ever-evolving technology, and external factors like the pandemic. Trustable business partners and transparent business processes are key to resilience for business owners today. The abundance of digital footprints of customers, business partners and third parties has opened a world of possibilities for fraudulent activities and their associated risk exposure. Traditional due diligence methods are becoming redundant given the complexity of information and lack of appropriate due diligence frameworks.

Businesses are adopting new-age due diligence solutions to minimise their risk exposure, ensure compliance and prevent fraud. As a result, the global fraud detection and prevention industry is seeing a steep spike in demand with more and more innovative solutions coming in every day.

Types of Due Diligence

Types of due diligence can be broadly divided into 3 categories. Their use and application vary depending on the sector, area, or type of process in which it is implemented.

Types of due diligence

Business Due Diligence

It helps you with decision-making in business transactions like M&A, buying a business and onboarding business partners as a part of the expansion into new geographies. It looks at various operational, strategic, technical, environmental and human resource aspects of the business.

Financial Due Diligence

It helps you identify the value and risk exposure of a business or individual by looking into financials. It involves a detailed audit of accounting policies, audit practices and publically available like annual statements and MCA filing.

Legal Due Diligence

It helps you avoid legal pitfalls like penalties for non-compliance in one or more areas like Regulated KYC procedure, mandated data privacy and security norms and third-party compliance liabilities.

Rules, Regulations and Penalties around Due Diligence

Countries across the globe are continuously working towards making their business ecosystem safe by passing regulations to prohibit bribery, corruption, money laundering and prevent fraud. Companies operating within national boundaries are regulated only by national laws, however businesses with cross-border teams, subsidiaries and subcontractors are also regulated by international laws. Read more about country-wise due diligence regulations here. Here is how a heatmap looks like the location of improper payments, 2013-2022.

FCPA.edu Heatmap Location of Improper Payments

Laws to Adhere for Companies Operating Within India

  • The Companies Act, 2013 – All companies registered in India must comply with regulations stated by the Securities and Exchange Board of India (SEBI) to prevent money laundering.
  • Foreign Exchange Management Act (FEMA)– All companies with foreign direct investment (FDI)  are required to comply with FEMA.

Laws to Adhere for Companies Operating in International Markets

  • The UK Bribery Act – The Bribery Act covers transactions that take place in the UK or abroad, and both in the public and private sectors.
  • The US Foreign Corrupt Practices Act (FCPA) -The FCPA prohibits the payment of bribes to foreign officials to obtain and retain business. It applies to two broad categories of persons: those with formal ties to the United States and those who take action in furtherance of a violation while in the United States. U.S. “issuers” and “domestic concerns” must obey the FCPA, even when acting outside the country.

Key Stats from The Foreign Corrupt Practices Act Clearinghouse (FCPAC)

Total and Average Sanctions Imposed on Entity Groups

FCPA Sanctions imposed on entity groups

 

Types of Third-Party Intermediaries Disclosed in FCPA-related Enforcement Actions

Third Party Intermediaries types disclosed in FCPA related enforcement activites

Corporate Sanctions Timeline (2013-2022)

FCPA: Corporate Sanctions Timeline

 

Understanding Your Due Diligence Requirements

Understanding your due diligence requirements could be a challenging task. But, with a team of experts and commitment, you can plan a thorough audit of your internal/external processes, stakeholders and business partners and how much of a risk they are exposed to.

What is a due diligence audit?

In a general sense,  a due diligence audit examines a company’s standings, financial performance and exposure to different kinds of risks. The objective of the audit may vary based on one or more following business transactions. 

Business Transactions that require Due Diligence

A well-thought due diligence framework enables informed decision-making in various business transactions. Broadly, there are five categories of business transactions that require thorough due diligence. These are

 

Requirements for due diligence often help you identify the right type of due diligence solution for your business. A few questions you need to consider to find the right fit are:

  • Who are the stakeholders involved in the existing process?
  • Type of process- internal, external?
  • What level of competence is required from the stakeholders to conduct due diligence?
  • Collection process, formats and storage of existing data of the parties in the purview of this exercise.
  • Budget, the scope of process automation and target turnaround time.

 

Upon answering the above questions, the next step is to step up a due diligence process to Identify, screen, and minimise your risk exposure.

Risk Score-Based Due Diligence Process

The due diligence process typically involves several stages that may vary depending on your objective, industry, and your risk appetite. In a holistic sense, a typical due diligence process involves three major steps:

Risk Score based due diligence

Identification

First step involves identifying the gaps and factoring their risk exposure

  1. People & Process: involves working closely with the business owners and identifying the gaps in existing processes to map the level of risk involved  
  2. Information Collection: involves what information needs to be collected?, and from where will the information come from?
    1. For businesses, information required includes MCA registration, proof of address, compliance reports, shareholders, beneficiaries, stakeholding structure and their political affiliations
    2. For individuals, the information required includes proof of identity, proof of address, financials, and political affiliations

Assessment

Second step is to assess the level of risk exposure based on the information collected

  1. Database Checks: This step involves cross-verifying the information collected and validating it against various national and international databases. 
  2. PEPs & Sanctions: Screening against politically exposed persons and sanction lists becomes business to minimise reputational risk exposure.
  3. Risk Mapping: This is a process of identifying the key areas prone to risk. The success factor for all the identified departments with KPIs to measure is defined

Risk Mapping Process in due diligence

Prevention

The third step involves implementing mechanisms to mitigate risk assessed in step two

  1. Risk Scoring: Based on the benchmarks identified in step one a risk score is assigned to the business or an individual. Very often businesses categorise their risk score in a colour-coded fashion i.e. Red, Amber and Green. 
  2. Corrective Actions: Based on the sensitivity of the case levels of risk are defined corrective courses of action are defined in form of levels of due diligence i.e. Simplified, Standard and Enhanced Due Diligence. More on this is below.

Three Levels of Due Diligence

Three levels of due diligence

Keeping risk-based due diligence in consideration, you can segment your customers into three risk categories i.e low, medium and high in order to select the right level of due diligence for them. A clear delineation of the due diligence level will help you offer a pleasant onboarding experience with no unnecessary blockades.

Simplified Due Diligence for low-risk profiles

Simplified due diligence is the easiest risk assessment framework, ideal for a low-risk profile with negligible risk exposure. They generally include well-known public enterprises and individuals with impeccable financial records contributing to the lower ticket size of the overall revenue stream. While taking the route, you may only need to know the identity of the entity or the individual. However, storing the proof of qualification for simplified due diligence can ensure compliance and visibility if any corrective action is required in the future.

Standard Due Diligence for medium-risk profiles

Standard due diligence is the most commonly used risk assessment framework, the right fit for a medium-risk profile. This involves not just only knowing the identity but also verifying it to ensure they are who they claim to be. Verifying basic information like full name, date of birth and address against a government-issued ID and other databases will help you filter potential threats preemptively.

Enhanced Due Diligence for high-risk profiles

Enhanced due diligence is the most detailed risk assessment framework, best suited for high-risk profiles. The high-risk profiles comprise your employees, customers and business partners who need comprehensive screening and monitoring to keep a tight eye on identity thefts and credibility throughout the lifecycle and minimise risk exposure. 

Below mentioned are some measures worth considering for both businesses and individuals 

  • Enhanced screening and identity verification
  • Intended nature of the business partnership
  • Financial of entity & Individuals
  • Third-party risk and compliance measures
  • Process assessments and mystery audits
  • Adverse media, Sanctions & Watch lists 
  • Ongoing Monitoring

Implementing Measures of Due Diligence

Depending on the budget and requirements you can choose between two types due diligence services i.e. Offline and Online

  • Offline Due Diligence – Organisations who are still going by the manual routes often require a due diligence report to onboard and verify individuals or entities. 
  • Online Due Diligence:  Organisations either leverage a platform to onboard, verify & monitor their business partners or integrate verification API’s to collect due diligence reports directly into their ERPs.

AuthBridge Due Diligence Solutions

With all the information at hand with the help of a due diligence solution you can now put the pieces of the whole puzzle together. A comprehensive due diligence solution will give access to all the requisite information and help you drive informed business decisions with data-driven insights. You may want to look at the offerings of the service providers and gauge them against your business needs. 

 

From a bird’s eye view, your requirements may fall into three major categories. At AuthBridge business solutions, we call them

 

  • Screening, Onboarding and Verification: Know your Customer/Employee/Partner journeys at the time of first or repeated interactions with your business. You can choose from eKYC, DKYC, Video KYC or other types of KYC based on your needs.
  • Risk Mitigation: Process assessments, Compliance Audits and Business intelligence reports of your customers, partners and third parties during all interactions with your business. You can choose from various Standard and Comprehensive due diligence reports.
  • Fraud Prevention: Red flag fraudulent profiles for identity, customer and financial fraud along with other suspicious transactions with help of setting up an ongoing monitoring process at defined intervals.

 

 

AuthBridge has 17+ years of experience in providing digital solutions for background verification and due diligence to small, medium and large enterprises across 20+ industries.

 

Have any questions about due diligence? Reach out to a team of experts to understand your due diligence needs.

Talk to an expert