Due Diligence & Investigations

Due diligence is the systematic investigation and verification process conducted to evaluate the risks, opportunities, and compliance implications of a business decision — whether that's onboarding a new vendor, entering a partnership, acquiring a company, or establishing a customer relationship. Effective due diligence transforms abstract risk assessments into evidence-based decisions grounded in verified facts.

What Is Due Diligence?

Due diligence is the comprehensive research, investigation, and verification performed before and during a business relationship to confirm that the other party meets your organization's standards for financial stability, regulatory compliance, operational capability, and ethical conduct. The scope and depth of due diligence should be proportionate to the risk the relationship presents.

Due diligence disciplines include vendor due diligence, customer due diligence (KYC), M&A due diligence, enhanced due diligence (EDD), and investigative due diligence for high-risk scenarios requiring deeper inquiry.

Types of Due Diligence

Vendor Due Diligence verifies third-party vendors across financial, compliance, operational, and security dimensions before and during the vendor relationship. Regulatory requirements from the OCC, FFIEC, FCA, and GDPR mandate formal vendor due diligence for vendors accessing sensitive data or performing critical functions.

Customer Due Diligence (CDD) is the KYC process of verifying customer identities, identifying beneficial owners, and assessing customer risk profiles. Standard CDD applies to all customers, while enhanced due diligence applies to higher-risk relationships.

Enhanced Due Diligence (EDD) involves deeper investigation for high-risk scenarios including PEPs, customers from high-risk jurisdictions, complex ownership structures, and unusual transaction patterns. EDD requires source of wealth verification, source of funds documentation, and senior management approval.

M&A Due Diligence evaluates acquisition targets across financial, legal, tax, operational, commercial, and compliance dimensions. The scope typically extends beyond standard due diligence to include intellectual property assessment, contract review, and integration planning.

Investigative Due Diligence applies when standard processes reveal red flags or when the stakes of a relationship warrant deeper inquiry. It may involve forensic financial analysis, deep-dive adverse media research, on-site investigations, and interviews with references and industry contacts.

The Due Diligence Process

Effective due diligence follows a structured methodology:

Risk-Based Scoping determines the depth and breadth of investigation based on the risk the relationship presents. Critical relationships require comprehensive investigation; lower-risk relationships require basic verification and screening.

Information Gathering collects data from multiple sources including the counterparty's own documentation, public records and registries, commercial databases, screening databases (sanctions, PEP, adverse media), and independent verification sources.

Analysis and Assessment evaluates gathered information against defined criteria, identifies gaps and concerns, quantifies risk, and develops findings.

Reporting and Decision documents investigation scope, methodology, findings, risk assessment, and recommendations in a comprehensive due diligence report that supports informed decision-making.

Ongoing Diligence maintains continuous visibility through periodic reassessment and monitoring between formal reviews, ensuring that risk remains within acceptable parameters throughout the relationship.

Due Diligence Best Practices

Organizations with mature due diligence programs follow several proven practices:

• Start before commitment by conducting due diligence before entering agreements, not after contracts are signed
• Verify independently using corporate registries, financial databases, and screening tools rather than relying solely on self-reported information
• Apply proportionality by scaling investigation depth to the risk the relationship presents
• Leverage technology including screening software, corporate registry databases, and workflow management tools to improve efficiency and consistency
• Document thoroughly maintaining complete investigation files that demonstrate the scope, methodology, findings, and rationale for each decision
• Maintain ongoing diligence through periodic reassessment and continuous monitoring proportionate to relationship risk

Due Diligence Technology and Tools

Modern due diligence requires technology solutions that can aggregate data from multiple sources, automate screening against global watchlists, map beneficial ownership structures, and manage investigation workflows at scale. Due diligence platforms reduce investigation time from weeks to days while improving coverage, consistency, and audit-trail documentation.

This topic cluster covers the complete spectrum of due diligence and investigations — from foundational concepts and regulatory requirements through investigation methodology and technology solutions. Whether you're conducting vendor due diligence, customer KYC, or deep investigative inquiries, these guides provide the frameworks, checklists, and best practices for thorough, defensible due diligence.