Due diligence: de­f­i­n­i­tion and history of pre­cau­tion­ary risk as­sess­ment

Due diligence is a legal term used in many areas, including purchase law. The concept orig­i­nates from US ju­ris­dic­tion and is un­der­stood as “care required in commerce.” Due diligence in American law has a wide scope of ap­pli­ca­tion. While due diligence is rec­og­nized as in­ves­ti­gat­ing a potential in­vest­ment of product purchase, for the purposes of this article, we will focus on the term in relation to company ac­qui­si­tion. Before signing off on a company purchase, you should be familiar with due diligence practices.

Due diligence is a concept resulting from the plight of US se­cu­ri­ties buyers who needed to protect them­selves against fraud per­pe­trat­ed against them by the issuers. In the US, the term “due diligence” plays an important role in both private and com­mer­cial law. As the focus of this article is on company ac­qui­si­tion, we will highlight the complex risks as­so­ci­at­ed with company ac­qui­si­tions and initial public offerings (IPOs). A due diligence ex­am­i­na­tion reveals possible risks hidden within the company. For this reason, it has become common practice in corporate and se­cu­ri­ties trading.

Due diligence is a kind of risk as­sess­ment. Before acquiring a complex purchase item, it makes the ad­van­tages and risks as­so­ci­at­ed with the purchase apparent to the buyer. Therefore, it is also the re­spon­si­bil­i­ty of the buyer or an expert com­mis­sioned by them to carry it out. The seller co­op­er­ates by creating a “data room.” This includes all the essential in­for­ma­tion that iden­ti­fies the risks, weak­ness­es, and strengths of the business. The in­for­ma­tion is voluntary, but should provide full in­for­ma­tion about existing risks. Depending on the re­la­tion­ship with the business partners and the company ac­qui­si­tion, there are different demands on the due diligence process.

In 1930s America, the Se­cu­ri­ties Act regulated what in­for­ma­tion capital in­vest­ment and se­cu­ri­ties sellers had to give in order to be able to sell their product. For this, you were required to submit an admission report at the Security and Exchange Com­mis­sion (SEC). When it came to trading se­cu­ri­ties, it was common practice to also prosecute the final examiners crim­i­nal­ly if investors lost money, because the salesmen had in­ten­tion­al­ly falsified in­for­ma­tion in their report.

The in­for­ma­tion in an admission report was similar to the current due diligence checklist. Issuers (se­cu­ri­ties sellers) had to break down the following, among other things:

• Capital structure
• Manager in­vest­ments
• Salaries
• History of the company
• Reg­is­tered assets
• Sig­nif­i­cant contracts and un­der­writ­ing agree­ments – ag­gre­gat­ed and presented with net revenues
• Annual financial state­ments in audited form

In order to protect them­selves, the liability debtors had to prove that they had conducted their due diligence with due care. If a person acts carefully, they can be held in good faith if there are legal con­se­quences. This in­def­i­nite legal term refers to an honest, decent person’s behavior. Es­sen­tial­ly, the debtors only had to ensure that the admission report was complete and correct to the best of their knowledge and belief. Apart from the main seller, almost all parties involved were able to apply “due diligence defense” in disputes. Depending on the area of re­spon­si­bil­i­ty and the decision-making power, different strict rules applied with regard to the required care – they were the strictest for the main seller.

Contrary to today’s belief, one defended oneself with the claim of having acted dili­gent­ly only after an in­dict­ment. The current due diligence practice differs in this respect from the 1933 Se­cu­ri­ties Act – however, the Se­cu­ri­ties Act already contained the term “due diligence” and had a decisive influence on it. The name of today’s due diligence is probably derived from the cor­re­spond­ing pro­vi­sions of the Se­cu­ri­ties Act.

The Se­cu­ri­ties Exchange Act of 1934 (the Col­lat­er­al Exchange Ordinance) had to be enacted before customers could obtain generally accepted judicial means of buyer pro­tec­tion. Its ap­pli­ca­tion scope covers trans­ac­tions beyond state borders. Sub­se­quent­ly, due diligence pro­ce­dures slowly developed in the USA. Later, the Uniform Com­mer­cial Code regulated the law on the sale of companies. According to it, sellers are only obliged to provide certain services. The sold company share must be legally valid and the sale must be legally effective.

The reg­u­la­tion applies to the sale of companies by transfer of shares as well as to se­cu­ri­ties trading. An important thing to note is Rule 10b-5 in con­junc­tion with the Se­cu­ri­ties Exchange Act, section 10 (b) prohibits fraud­u­lent acts like in­ten­tion­al­ly omitted or false dis­clo­sures. However, issuers are not required to include all in­for­ma­tion directly in the contract. Ad­di­tion­al documents as­so­ci­at­ed with the contract are suf­fi­cient evidence. Customers are not entitled to com­pen­sa­tion if material in­for­ma­tion is missing or incorrect. However, the reg­u­la­tion does not contain any other customer-friendly rules.

The American legal situation is based on the principle “caveat emptor” (buyer beware). Sellers are therefore only liable if it can be proven that they provide false in­for­ma­tion in the contract or omit important in­for­ma­tion. In case of doubt, the buyer bears the damage. An early in­spec­tion of the purchase item is therefore carried out in the interest of the customer. After an ex­am­i­na­tion like this, the buyer side must actively protect itself. They can negotiate guar­an­tees, war­ranties, and a purchase price only after this ex­am­i­na­tion. According to US law, due diligence applies to customers in general in both private and com­mer­cial law.

By the 1970s, the US had risen to become an economic world power, whose currency and stock exchange were used by many multi­na­tion­al companies. During the Cold War, however, the US had to deal with the Watergate scandal, which caused tremen­dous damage to its rep­u­ta­tion. During the course of the in­ves­ti­ga­tion, it was found that large companies had paid bribes to both domestic and foreign politi­cians. To conceal this, they falsified their entries in the SEC, among other things.

Through­out the course of the Watergate scandal, numerous other bribery scandals were brought into light. In the 1970s the Lockheed group paid bribes to politi­cians in Japan, the Nether­lands, and Italy, covered by Ann Eberhardt on Corporate Com­pli­ance Insights. These bribes were paid to encourage them to purchase Lockheed planes, and they were paid shortly before the US granted the company a massive rescue loan of $250 million.

The American judicial system praised the fight against bribery on an in­ter­na­tion­al level, probably also to preserve their rep­u­ta­tion. In 1977, the Foreign Corrupt Practices Act (FCPA) came into force. According to this act, all in­ter­na­tion­al companies that are reg­is­tered with the Security and Exchange Com­mis­sion or that use US dollars are required to comply with this reg­u­la­tion. The FCPA prohibits companies and their employees, managers, or business partners from bribing foreign officials.

This ini­tia­tive to combat cor­rup­tion at the in­ter­na­tion­al level was followed in 1997 with the es­tab­lish­ment of the OECD (Or­ga­ni­za­tion for Economic Co-operation and De­vel­op­ment), which also fought against the bribery of foreign public officials in in­ter­na­tion­al business trans­ac­tions.

In 2010, the UK also adopted new laws against bribery. Their previous laws were limited to national offences and were con­sid­ered outdated. The Bribery Act 2010 makes bribery by both companies and in­di­vid­u­als a criminal offence. The Act applies in­ter­na­tion­al­ly. It applies to per­pe­tra­tors who have a close con­nec­tion with the UK – i.e. companies in­cor­po­rat­ed under its law and people who live there or have cit­i­zen­ship of one of its ter­ri­to­ries. It also regulated the legal con­se­quence of sub­se­quent bribery offences:

• Cor­rupt­ibil­i­ty and advantage-taking
• Bribery of foreign public officials
• Bribery and cor­rup­tion in the course of business
• Tacit ac­cep­tance of bribery by a company, either by its own employees or by third parties

The FCPA and the Bribery Act 2010 are national laws with an in­ter­na­tion­al ap­pli­ca­tion scope. In the area of com­pli­ance, as well as in due diligence reviews, you should not un­der­es­ti­mate their impact. Even small and medium-sized companies are in­creas­ing­ly net­work­ing in­ter­na­tion­al­ly, as a result of glob­al­iza­tion. When dealing with national and in­ter­na­tion­al business partners, you should always pay attention to due diligence.

New due diligence leg­is­la­tion has been im­ple­ment­ed recently in the US per­tain­ing to due diligence pro­ce­dures. The Final Rule refers to rules drawn up by the Financial Crimes En­force­ment Network (FinCEN), which is part of the United States De­part­ment of the Treasury. Coming into effect on May 11, 2018, the Final Customer Due Diligence (CDD) rule states that financial in­sti­tu­tions are now required to collect, maintain, and report ben­e­fi­cial ownership in­for­ma­tion. The purpose of the Final Rule is to prevent money laun­der­ing and terror financing, and is the result of numerous legal mod­i­fi­ca­tions over recent years to close any loopholes. There are a number of federal bodies and or­ga­ni­za­tions who help regulate against fraud and provide due diligence guide­lines, as well as state-by-state reg­u­la­tions.

Due diligence reviews are being carried out more and more fre­quent­ly by business owners. Cor­re­spond­ing reg­u­la­tions are intended to ensure greater trans­paren­cy and re­spon­si­bil­i­ty at man­age­ment level. Due to in­creas­ing glob­al­iza­tion, national leg­is­la­tors are also more likely to include in­ter­na­tion­al business re­la­tion­ships in their con­sid­er­a­tions. If the law provides for a re­la­tion­ship between a company and the leg­isla­tive nation, criminal au­thor­i­ties will also prosecute suspected persons in third countries.

In the case of an imminent merger or ac­qui­si­tion, as well as in the case of planned in­vest­ments such as se­cu­ri­ties, companies should protect them­selves with due diligence. Anyone who finds them­selves working with business partners should be familiar with their most important key data before con­clud­ing a contract. This applies to both natural and legal persons, es­pe­cial­ly when it comes to in­ter­na­tion­al contacts. In the event of fraud or bribery, it isn’t just the company involved that is liable, but also all demon­stra­bly involved persons – from managers to finance de­part­ment employees to customers – all are liable.

Companies try to prevent financial losses and negative legal con­se­quences by using a due diligence process. Here is a list of the possible risks:

• Rep­u­ta­tion damage: A company that is publicly as­so­ci­at­ed with cor­rup­tion or other criminal activity loses the trust of (potential) customers or business partners. If it becomes known that you are working with unfair or delin­quent business partners, this also affects your rep­u­ta­tion.
• Economic risks of a purchase: An ap­pro­pri­ate purchase price must be de­ter­mined for company ac­qui­si­tions or mergers. The re­spec­tive strengths and weak­ness­es of a company provide in­for­ma­tion about the quality of an object up for purchase. Mis­judg­ments can lead to too much in­vest­ment. Financial risks can also arise when the future partner neglects legal standards and this is only revealed at a later stage.
• Financial risks in existing business re­la­tion­ships: Even during the course of a long business re­la­tion­ship, new risks can always arise – for example, if your partner is now engaged in illegal practices. If your company profits (even un­know­ing­ly) from the crime committed by a business partner, this can result in sub­stan­tial fines. 
• Legal con­se­quences: If you fail to carry out due diligence processes, you could be subject to a number of fiduciary crimes, as well as po­ten­tial­ly be in breach of the Foreign Corrupt Practices Act. As well as federal reg­u­la­tion, due diligence may have state-to-state legal re­spon­si­bil­i­ties, so it is important to consult with a legal pro­fes­sion­al before going ahead with ac­qui­si­tions or mergers to ensure that you are legally compliant and safe.

During the due diligence procedure, the target person or company is screened for legal vi­o­la­tions and financial missteps. Ad­di­tion­al­ly, auditors in­creas­ing­ly pay attention to holistic aspects like corporate culture, en­vi­ron­men­tal standards, and IT security.

These are the areas most fre­quent­ly examined in due diligence reviews:

Financial due diligence (FDD) involves iden­ti­fy­ing and weighing up financial strengths and weak­ness­es. This involves analyzing the current situation and fore­cast­ing the future financial situation. This includes aspects like assets and cash flow, as well as the raising of capital (debt and equity), financial struc­tures, and earnings.

Market and com­mer­cial due diligence are closely linked: in com­mer­cial due diligence, you con­cen­trate on the company’s mar­ketabil­i­ty – in par­tic­u­lar, company-specific aspects play a role. You analyze the company and con­cen­trate on pur­chas­ing and sales. Who are the suppliers? What contracts have been ne­go­ti­at­ed? How efficient is the supply chain? You should also examine materials man­age­ment. Quality and scope play an important role in this area. The fields of research and de­vel­op­ment are also often in­ter­est­ing. Does the company par­tic­i­pate in driving in­no­va­tion in its field of business? This opens up future potential.

In order to assess the company and its position in the market, the next an­a­lyt­i­cal step focuses less on the company itself and more on the market area where it operates. Find out who the biggest com­peti­tors are and which products and services con­tribute to their success. Which business model to market par­tic­i­pants follow and how suc­cess­ful are they?

Market due diligence goes one step further to in­ves­ti­gat­ing how the market has developed. Mergers, new com­peti­tors, or market downturns in the last five years can have a sig­nif­i­cant impact on your pur­chas­ing decision. You describe the playing field of your target company. If possible, conduct customer surveys to find out more about the company’s image.

In addition to an in­di­vid­ual’s current tax situation, the tax due diligence analysis also includes future tax de­vel­op­ments. Since the purchase itself already has tax con­se­quences, this kind of in­for­ma­tion is very valuable. The analysis also includes the expected trans­for­ma­tion tax or group tax. The risk analysis is par­tic­u­lar­ly important. If fiscal court pro­ceed­ings have not yet been concluded or if a tax audit is currently still in progress, ad­di­tion­al costs can be expected. The purchase itself also raises a number of questions:

• Can the purchase price be written off?
• Will loss car­ry­for­wards be retained?
• What taxes are payable directly on purchase (e.g. real estate transfer tax)?
• Which financing options are more effective under tax law?

Op­er­a­tional due diligence (ODD) deals with the target company’s work processes. A potential increase in value is par­tic­u­lar­ly in­ter­est­ing. This form of due diligence is preferred by buyers of in­dus­tri­al companies. There, an efficient workflow plays an important role when it comes to value creation – for example, with the help of improved com­mu­ni­ca­tion and planning in the supply chain, as well as au­toma­tion. The experts must also determine whether the business plan presented is feasible with the given op­er­a­tional pos­si­bil­i­ties. This form of due diligence is often required by fi­nanciers (like banks) to assess the risks as­so­ci­at­ed with overly op­ti­mistic daily expense cal­cu­la­tions.

Technical due diligence is one of the most important risk analyses in real estate ac­qui­si­tion. For example, it is carried out when someone buys a company with in­dus­tri­al fa­cil­i­ties. Anyone who wants to have a technical due diligence procedure carried out needs both experts for the building fabric and for technical fa­cil­i­ties. Suitable tech­ni­cians then determine what the plant’s ca­pac­i­ties are, how they are used to capacity, and whether they might need to be reviewed. The quality control of goods produced is also included in the as­sess­ment. Depending on the industry branch, you should also have explosion, fire hazards, and possible risks of chemical or ra­dioac­tive con­t­a­m­i­na­tion assessed. The analysis should reveal which costs are incurred to keep the property in good condition, or to remedy defects. As a rule, investors are also in­ter­est­ed in whether they can modernize the object of purchase.

En­vi­ron­men­tal due diligence checks a company for com­pli­ance with national and in­ter­na­tion­al en­vi­ron­men­tal reg­u­la­tions. You should make sure that the target has all the necessary approvals. En­vi­ron­men­tal man­age­ment is becoming in­creas­ing­ly important worldwide, es­pe­cial­ly in man­u­fac­tur­ing in­dus­tries. Determine the potential in this area and find out how the company organizes the necessary measures. In the case of real estate, it is essential that you know the prop­er­ties location before buying:

• Does in­dus­tri­al use have a proven or potential negative impact on the en­vi­ron­ment? (pop­u­la­tion pro­tec­tion, ground­wa­ter pollution, or similar)
• Are there any con­t­a­m­i­nat­ed sites that might pose a threat to the en­vi­ron­ment?
• Location risks (e.g. flooding) and special en­vi­ron­men­tal pro­tec­tion re­quire­ments (e.g. proximity to nature reserves)
• Are the buildings con­t­a­m­i­nat­ed with pol­lu­tants?

En­vi­ron­men­tal as­sess­ment and technical in­ves­ti­ga­tion overlap to some extent – for example, in the risk as­sess­ment of pol­lu­tants used in pro­duc­tion.

IT due diligence (also known as digital due diligence) is not just important if you are in­ter­est­ed in pur­chas­ing an IT company, since many other service providers and retailers also receive their orders in whole or in part over the internet. As the flagship of a company, its online presence and the as­so­ci­at­ed com­mu­ni­ca­tion channels and processes should be future-oriented (scalable) and secure. Many internal company processes are now also computer-aided. Some companies maintain their own IT systems, others used licensed products. These licenses must be com­plete­ly clarified before a purchase.

In a merger, the com­bi­na­tion of two IT systems is also a sig­nif­i­cant cost and time factor. With a due diligence procedure, you could uncover possible security gaps and com­pat­i­bil­i­ty problems.

Human resources due diligence deals with the human aspect of a company – the employees who work there. In terms of de­ter­min­ing the purchase price and risk as­sess­ment, personnel analysis is par­tic­u­lar­ly concerned with key figures in a group, like the creative minds and decision makers among the team. In the case of a merger or ac­qui­si­tion, personnel struc­tures in the target company can dras­ti­cal­ly change. If important “human capital” is lost, this can influence work processes and damage the entire company in the long term. You should analyze which employees perform which functions, and how important they are for internal processes.

In the human resources due diligence process, you go through em­ploy­ment contracts. Co­or­di­nate the process with legal due diligence pro­ce­dures. Con­spic­u­ous features like unusually high bonus agree­ments for in­di­vid­ual employees or above-average notice periods can certainly influence the purchase price.

Legal due diligence examines all legal cir­cum­stances in a target company. As noted above, this also includes the em­ploy­ment contracts, for example. However, you should also check the ownership structure of the company and its sub­sidiaries, which may have different legal forms. In this way, you can be sure that in the event of a takeover, you will not pay for shares over which you have hardly any legal influence.

Clar­i­fy­ing patent rights is also an important part of this ex­am­i­na­tion. However, the IP due diligence process described below provides a more detailed breakdown of this area. Questions regarding antitrust law or other legal disputes should also be uncovered and, at best, answered by a legal due diligence procedure, since open lawsuits can con­sid­er­ably reduce a company’s value. During the legal audit, your legal experts should also carefully examine the purchase contract itself. This is a pre­req­ui­site for being able to track down false or mis­lead­ing in­for­ma­tion and have a basis for ne­go­ti­at­ing the guarantee catalogue.

IP due diligence stands for “In­tel­lec­tu­al Property Due Diligence” i.e. an ex­am­i­na­tion of a company’s in­tel­lec­tu­al property. As already mentioned, this includes reg­is­tered patents, among other things. Larger companies sometimes have an abundance of legally protected trade­marks. These often include special pic­tograms, logos (a popular example of this is Apple’s bitten apple), or even taste profiles for patented recipes – like Maggi stock cubes. Also check which licenses the company grants and which ones it uses itself. This can include software, man­u­fac­tur­ing processes, and in­dus­tri­al property rights.

The cultural due diligence audit analyzes a part of the company that is difficult to grasp – corporate culture. This term sounds a bit like abstract marketing talk, but it can have an impact on the success of a company merger. Unlike the corporate image, the corporate culture describes the perceived reality within a company. If two company cultures are in­com­pat­i­ble, com­mu­ni­ca­tion problems or even disputes can easily arise. However, the re­spec­tive managers will usually present “their” company in the best light. For this reason, it makes sense to learn about corporate culture yourself – for example:

• Establish a re­la­tion­ship with the en­tre­pre­neurs or managing directors in advance so that the guiding culture can be crys­tal­lized through dis­cus­sions and co­op­er­a­tion.
• Analyze fluc­tu­a­tion rates. Is the man­age­ment fleeing to another company or is the workforce stag­nat­ing?
• Evaluate internal documents like protocols, newslet­ters, and corporate social networks. They often reveal how employees interact with each other and see the company.
• Ask external sources for their opinion. If you know self-employed people who maintain contacts with the target company, simply ask them for their as­sess­ment.

Strategic due diligence deals with the financial potential of a target. Strategic investors in par­tic­u­lar benefit from this analysis. The experts take various risk factors into account, determine the current situation, and develop a forecast for the future of a potential merger. For this purpose, they analyze the object of purchase, taking into account the re­spec­tive market. These are the most important aspects:

• The value chain
• Legal framework
• Op­er­a­tions: workflows and their de­pen­den­cies
• Com­pe­ti­tion analysis in the immediate and wider en­vi­ron­ment, trend fore­cast­ing
• Market analysis: demand, driving forces, and trends
• Per­for­mance analysis and com­par­i­son at strategic and op­er­a­tional level
• Entry barriers to the market: is the company easy to replace with new com­peti­tors or sub­sti­tute services?
• Risk analysis and planning of measures according to the analyzed de­pen­den­cies

This kind of risk analysis bundles many of the afore­men­tioned areas and serves to find a profit-max­i­miz­ing strategy for investors.

If two companies merge with each other, the merger needs to be planned. The merger in­te­gra­tion due diligence procedure examines all aspects that have an influence on it. A fusion is often referred to as a post-merger in­te­gra­tion, i.e. it takes place after the in­te­gra­tion of one company into another. The due diligence usually includes a pre­cau­tion­ary risk as­sess­ment of the object of purchase. In this case, however, the original meaning of the term is taken into account. With due care, both companies – buyer and seller – must be examined for sim­i­lar­i­ties and dif­fer­ences. Different types of mergers also require different ap­proach­es to the merger of two parties. These are the most common kinds of merger:

• Complete takeovers (ac­qui­si­tion): One company swallows another. The target company converts all processes and struc­tures according to the buyer’s spec­i­fi­ca­tions.
• Par­tic­i­pa­tion: The owner of the target company changes. The company owner changes, but struc­tures are retained. In fact, there is no in­te­gra­tion.
• Con­ser­va­tion: The target company remains largely au­tonomous. However, the pur­chas­ing company ul­ti­mate­ly has the say. Financial struc­tures should be in­te­grat­ed. This con­nec­tion often exists with parent companies and sub­sidiaries. 
• Symbiosis: This type of in­te­gra­tion is very rare and functions even less fre­quent­ly. In mergers between equal companies, the result is often the creation of a new company. For example, Daimler-Benz and Chrysler merged to form Daimler-Chrysler. Both initial companies gave up their busi­ness­es and the new company Daimler-Chrysler continued the work of both. In the symbiosis, both companies involved tailored the in­te­gra­tion measures to their common goals. 

Pre­ven­tive planning con­tributes sig­nif­i­cant­ly to the success of company in­te­gra­tion, but it is often neglected. Poor in­te­gra­tion and hasty purchase decisions, however, often lead to a loss of company value. Anyone who intends to buy a company usually knows the following statistic: 40-70% of all mergers are con­sid­ered un­suc­cess­ful.

This rather large spread can be explained by the range of the term “un­suc­cess­ful.” Complete bank­rupt­cy is far less common than declining profits. Therefore, it is sta­tis­ti­cal­ly unlikely that a company will have to file for bank­rupt­cy as a result of a failed merger. However, losses are likely.

The best-known example of a merger with cat­a­stroph­ic con­se­quences is that of the two once bitter but suc­cess­ful rivals: Penn­syl­va­nia Railroad (PRR) and New York Central Railroad (NYC). Both railway companies have been operating railway lines in the northeast US since the mid-19^th century. PRR was con­sid­ered the largest railway company at the time, and for a long time played a pi­o­neer­ing role in safe, efficient rail traffic. NYC main­tained some of the fastest, most legendary stream­lined lo­co­mo­tives in US history, like the Super Hudson.

The two companies competed for the New York-Chicago route. When the au­to­mo­bile boom began in the 1950s, the former com­peti­tors wanted to join forces to counter the trend. In 1968, the Penn­syl­va­nia Railroad Company and the New York Central Railroad merged in a merger of equals to form the Penn Central Trans­porta­tion Company. The newly founded trans­porta­tion company was the sixth largest company in the United States. Two years later, Penn Central filed for bank­rupt­cy. At the time, it was the largest bank­rupt­cy in US history.

The current figures show that this story is often repeated in some respects. CEOs with too much self-con­fi­dence are often quick to conclude major mergers with high risks. The share value of these companies de­te­ri­o­rat­ed over time compared to their com­peti­tors.

However, there is also good news. Thought­ful bosses of small to medium-sized companies rarely make these wrong decisions.

If investors are only in­ter­est­ed in making a quick profit by stream­lin­ing a company, a merger is def­i­nite­ly worth­while for them. The manager and CEO of a sold company also leave the company with severance payments after a suc­cess­ful handover. However, if the company is to make a lasting profit, it needs more than just a simple business plan. The new man­age­ment needs to un­der­stand both parts and their corporate cultures. It must analyze the product and its appeal, its clientele, and the market.

This is where merger in­te­gra­tion due diligence comes in. Anyone who not only wants to conclude a prof­itable deal in the short term, but also wants to grow with a new company in the long term, should keep the following guide­lines in mind:

• When two companies grow together, new or­ga­ni­za­tion­al struc­tures in­evitably emerge. Before new and old meet and com­pli­ca­tions arise, plan the or­ga­ni­za­tion­al struc­tures. Analyze the working methods and or­ga­ni­za­tion of the target company in detail. Maintain strengths and eliminate weak­ness­es.
• Mergers consume many resources, both monetary and personnel. Take up the inventory. Com­mu­ni­cate with staff. You can only achieve your in­te­gra­tion goals with suf­fi­cient capacity and mo­ti­va­tion from the people involved.
• The new company will need a business plan and a target-oriented strategy. Make sure that your measures are adapted to the market and the customers’ target company.
• Review your in­te­gra­tion planning. Calculate which time and financial resources the company needs. Plan B helps with bot­tle­necks.
• An internal in­te­gra­tion team with extensive com­pe­tences – and the necessary know-how – should monitor the in­te­gra­tion and analyze whether the resources provided are suitable and suf­fi­cient for their re­spec­tive tasks.

There are countless potential business partners on the market. Some may already pose a higher risk than others, due to the size of their business. A small start-up requires less detailed analysis than a large company from a risky economic sector. Ac­cord­ing­ly, different forms of pre­cau­tion­ary risk analysis exist that are tailored to different needs.

Sim­pli­fied due diligence: If it is likely to be low risk, sim­pli­fied analysis is suf­fi­cient. Young companies with few employees, for example, have a low risk potential. Bribery offences are rare among them, as there is usually no contact with public officials. If the company only acts do­mes­ti­cal­ly, even unknown third-party partners who may violate in­ter­na­tion­al law do not pose a threat. If the annual balance sheet analysis doesn’t raise any un­pleas­ant questions, this is a good sign.

A simple method: do your research online. News articles and employer as­sess­ment portals provide a first im­pres­sion. Preparing a not-too-extensive financial risk analysis and a tax audit are useful. In addition, you should obtain access to company databases to learn more about financial struc­tures in the business.

Extended due diligence: Large, in­ter­na­tion­al­ly active companies generally represent a greater risk. On the one hand, they have to comply with country-specific laws and in­ter­na­tion­al law; on the other hand, a large number of sub­sidiaries and business partners are more likely to act in a way that at least some of them are detri­men­tal to their business. High-risk in­di­ca­tors are, among others:

• In­con­sis­tent balance sheets
• Employees or partners who have close contact with (foreign) officials
• Companies located in known tax havens or countries with high cor­rup­tion indices
• Opaque in­for­ma­tion on ben­e­fi­cial owners

Possible warnings can be found, for example, on national and in­ter­na­tion­al watch lists (they include serious criminals or suspects of terrorism), sanctions lists (they include actors with economic and legal risk potential) and PEP lists (“po­lit­i­cal­ly exposed persons” – PEPs for short – are linked to politi­cians and are subject to strict reporting oblig­a­tions in order to prevent money laun­der­ing). In addition, country databases inform about possible risks, which are more pro­nounced in the re­spec­tive country than in other countries. For example, the Trans­paren­cy In­ter­na­tion­al Cor­rup­tion Per­cep­tion List gives in­di­ca­tions of how fre­quent­ly bribery offences occur in the in­di­vid­ual countries. Even extreme weather con­di­tions are gaining im­por­tance in risk as­sess­ment. The risk of flooding, forest fires, or storm damage also in­flu­ences the value of your future property.

On­board­ing is usually un­der­stood as the step-by-step in­tro­duc­tion of new employees to the company and its culture. On­board­ing due diligence, on the other hand, refers to business partners. These can be customers (client on­board­ing) or suppliers (dis­trib­u­tor on­board­ing).

The dif­fer­ence with client on­board­ing (also known as know-your-client-testing) is that it is not the customer who analyzes a purchased item for risks, but the seller who checks the customer. This not only affects the customer’s cred­it­wor­thi­ness, but also the le­git­i­ma­cy of their financial resources. Re­la­tion­ships with employees or public officials from whom the customer may derive unfair ad­van­tages are risk factors.

Dis­trib­u­tor on-boarding due diligence is carried out when you intend to enter into a long-term re­la­tion­ship with suppliers or order large quan­ti­ties of goods. If, for example, you process a supplier’s raw materials unchecked and as a result sell harmful goods to end customers, you must expect legal con­se­quences. Therefore, there are standards for com­pli­ance in the supply chain. A due diligence check assesses the risks as­so­ci­at­ed with a potential supplier.

Due diligence in the context of on­board­ing not only includes the risk as­sess­ment before you enter into a business re­la­tion­ship, but also the necessary diligence when you integrate and introduce customers or suppliers into your processes. This is similar to merger in­te­gra­tion due diligence.

You carry out ongoing due diligence during a business re­la­tion­ship. The review takes place at regular intervals and as soon as you become aware of a red flag (a risk signal) with your business partner. Such a regular review ensures that your supply chain com­pli­ance standards are met.

An example of risks as­so­ci­at­ed with corporate takeovers or co­op­er­a­tions:

The fashion industry is con­stant­ly at­tract­ing attention with vi­o­la­tions of en­vi­ron­men­tal law and workplace safety, as well as unfair treatment of workers. Textile factories in Bangladesh, for example, made in­ter­na­tion­al headlines when two cat­a­stro­phes in quick suc­ces­sion killed countless workers. The fire at the Tazreen Fashion factory cost the lives of at least 112 people in 2012. In 2013, 1,134 employees died during the collapse of the Rana Plaza building. They had pre­vi­ous­ly been sent by their superiors into the cracked building despite their protests.

Large fashion chains like H&M, Primark, and C&A have business con­nec­tions with insecure textile factories in Bangladesh. However, under the in­creas­ing social pressure arising from media coverage, some of the large cor­po­ra­tions bowed down and promised not only better com­pli­ance audits. They also supported the state gov­ern­ment in im­ple­ment­ing fair pay and security practices. They laid that down in the Bangladesh Agreement. After not much had happened in the more than 3,500 textile factories in Bangladesh until 2016, textile worker trade unions sued a company of the sig­na­to­ries for $2.3 million. They won the case. Building security then improved in many factories by 2018.

After safety standards had improved at least in most factories, however, new ac­cu­sa­tions arose. This time it was about suppliers for the brand GAP. According to the Global Labor Justice or­ga­ni­za­tion, the workforce was in­creas­ing­ly exposed to verbal and physical assaults by superiors. According to that, the victims were beaten and insulted if they did not reach pro­duc­tion targets. These pro­duc­tion targets result from the ever shorter “micro-seasons” of the fast fashion industry. Whether this situation changes for the better remains to be seen.

Multi­na­tion­al companies can easily get bad press and a few million in damages for ne­glect­ing com­pli­ance standards in their supply chain. These sanctions hit small and medium-sized busi­ness­es far harder. They can’t easily take advantage of al­ter­na­tive markets when bad press in an area leads to a slump in sales. If you maintain business re­la­tion­ships with risky companies, you should ideally practice ongoing due diligence. This will enable you to react in good time if your suppliers are noticed neg­a­tive­ly.

Anyone who needs to comply with national and in­ter­na­tion­al laws against bribery and fraud should establish a com­pli­ance agreement. In order for this to work, the executive boss and the com­pli­ance manager need to in­ter­nal­ize and exemplify the re­spec­tive rules. A com­pli­ance man­age­ment system (CMS) helps configure and test the rules. National guide­lines in the US that uphold the auditing standard for compliant man­age­ment systems are the re­spon­si­bil­i­ty of the Open Com­pli­ance & Ethics Group (OCEG).

In most cases, the answer is certain: You just can’t do without due diligence in mergers and ac­qui­si­tions, since the “grey market” (an un­of­fi­cial market where se­cu­ri­ties are traded) is un­su­per­vised by au­thor­i­ties. Honest providers and fraud­sters can hardly be dis­tin­guished at a glance. If you invest in real estate, the money laun­der­ing risk is high. Ad­di­tion­al­ly, only due diligence can protect ben­e­fi­cial owners from possible legal con­se­quences. However, there are always crit­i­cisms of the usual due diligence procedure.

Due diligence is not a set-in-stone procedure. The forms of risk analysis presented in this article overlap in part. Others may not be necessary for your planned trans­ac­tions. To decide what should be analyzed at all, you should first put together a team of experts. Outside analysts often have a lot of ex­pe­ri­ence in their field, but don’t know your company exactly. If you set up a team from your own ranks, you can be sure that your employees are acting in the interests of the company. In addition, it’s more likely that an internal team will really check the points that are relevant to your purchase, rather than un­think­ing­ly working through a checklist. However, small and in­ex­pe­ri­enced companies without trained personnel benefit from external experts.

1. Before un­der­tak­ing a detailed due diligence procedure, you first need to research publicly ac­ces­si­ble sources. You can use the internet to do this. The best place to start is the company website. This shows where the other company is located and how they present them­selves to the outside world. Here you will also find initial in­for­ma­tion on owners and ex­ec­u­tives. Important customers are also often mentioned there. More in­for­ma­tion on internal and external relations can be found in job networks and official and un­of­fi­cial social media accounts. Pay attention also to con­nec­tions to politics or criminal persons or or­ga­ni­za­tions. Are there ques­tion­able investors and advocates?
   You should also examine the business en­vi­ron­ment. Which companies are ge­o­graph­i­cal­ly close? Who are the direct com­peti­tors in the re­spec­tive market segment? Does the company have a worrying history? For example, has it changed ownership on numerous occasions or was it forced to abandon its business model due to in­ef­fi­cien­cy? Have former employees left under unclear cir­cum­stances? Check to see if company employees have con­nec­tions with people you know. In­de­pen­dent first-hand as­sess­ments are helpful.
    
2. If you don’t see any warning signals during an initial overview, you can rely on your expert teams for a due diligence analysis. First, your team iden­ti­fies all important data and actors.
   When buying a company, the seller usually provides a “data room.” In­vest­ment bankers often represent the issuer. They prepare the in­for­ma­tion they consider important for risk analysis: contracts, real estate, leasehold prop­er­ties, all financial documents and tax returns. Creative capital like patents and reg­is­tered trade­marks as well as personnel documents like salaries and severance payments are also important variables. Open court pro­ceed­ings are just as in­ter­est­ing for risk analysis as those for which an agreement has already been reached or penalties have been imposed. In the case of a property ac­qui­si­tion, have the building structure, technical fa­cil­i­ties and exterior areas checked for struc­tur­al defects and en­vi­ron­men­tal risks.
    
3. Go into detail: Check the existence and integrity of ben­e­fi­cia­ries. Ask for in­for­ma­tion about their financial sources.
    
4. It is possible that some data may indicate that documents have been withheld from you. This is not nec­es­sar­i­ly sur­pris­ing when it comes to con­fi­den­tial data. Sometimes, however, these documents point to risks that would depress the purchase price during the purchase ne­go­ti­a­tions. A competent team will sub­se­quent­ly obtain these documents from the seller.
    
5. Finally, compare all known actors with national (and possibly in­ter­na­tion­al) sanctions lists. Con­nec­tions to money laun­der­ers, terror suspects, or po­lit­i­cal­ly exposed people (in short: PEP) are not always easy to uncover. You should therefore use the country databases, PEP and watch lists mentioned above.

6. Have you gathered the necessary in­for­ma­tion and uncovered sus­pi­cious elements? Now you should evaluate your findings in the context of risk as­sess­ment. In­con­sis­ten­cies in ac­count­ing can indicate cor­rup­tion in existing re­la­tion­ships with PEPs. Small con­struc­tion defects, on the other hand, can possibly be remedied at low cost. Ideally, the newly acquired in­for­ma­tion shows you that you can use your know-how to turn a poorly marketed product into a small gold mine. Strategic due diligence can help you do this. Avoid risks and take advantage of op­por­tu­ni­ties when you acquire real estate or company shares.

Re­gard­less of whether you are a private investor, standard investor or SME owner in­ter­est­ed in other companies: large in­vest­ments enable exciting projects and sub­stan­tial profits. However, they often also entail risks that are not im­me­di­ate­ly apparent. Whether money laun­der­ing, cor­rup­tion, tax fraud, or expensive en­vi­ron­men­tal sins. Before you negotiate a price for a purchase object, a due diligence check is necessary. Those who do not act widely with regard to their finances and the jobs of their staff in this kind of situation may lose more than their return.

At least small and young companies usually represent a rel­a­tive­ly low risk. However, even with these companies, it makes sense to have at least a basic ex­am­i­na­tion. We provide you with guide­lines for this kind of audit. Just download our free due diligence checklist as a PDF and check whether you have thought of every­thing before investing.

Please keep in mind that this list is not ex­haus­tive. Under certain cir­cum­stances, some of the risk areas listed may not be relevant or may be slightly relevant to your business area, while others are missing. The checklist is therefore just an initial guide.

Click here for important legal dis­claimers.