For a multidirectional risk approach to due diligence in a M&A context

Opinion piece, Nadia A. Ziani, Head of Compliance and Risk Business EMEA at Square Facts

Mergers and acquisitions (M&A) can be crucial investment opportunities and a path to business growth. The stakes are high and corporate governance plays a key role. More than a preliminary audit focusing on purely financial and accounting data, due diligence in M&A must be a more robust and holistic process designed to probe compliance and integrity risk. This type of comprehensive approach to due diligence is becoming the norm for two main reasons: how a company manages overall risk is increasingly factored into target company valuations and tighter national anti-corruption laws are impacting the M&A due diligence requirements.  

The term due diligence is closely linked to mergers and acquisitions through the preliminary audit. And yet – paradoxically – there is no law that makes due diligence mandatory or defines what exactly the checks should cover, before or after the deal. Until recently, many investors unfortunately fail to see the value of widening the scope of due diligence beyond the strictly legal and financial considerations and often questioned why compliance and integrity due diligence was needed at all.

Compliance and integrity due diligence: what’s at stake for your business?

While compliance and integrity due diligence certainly meets basic compliance needs, such as identifying ultimate beneficial owners or ferreting out individuals or entities on international sanctions lists, it also, and most importantly, addresses the protean – and long under-estimated – risk of reputation. In M&A, the due diligence process will be shaped by the type of deal: is it a hostile takeover or a friendly one? Competitive or bilateral? Is the acquirer aiming for a minority or majority stake, or taking outright control over the targeted company? Is the targeted company a national or a transnational business, with operations in different jurisdictions?  

Indeed, the type of M&A deal will also influence the conditions for obtaining information for the compliance and integrity due diligence on the acquiree. Regulatory wise and besides the Anti-Bribery Act, the UK global Anti-Corruption Sanctions Regime could be an even more crucial step forward in the fight against corruption and kleptocracy. Merger and Acquisition falls under those core principles where it is recommended that anti-corruption checks form an integral part of any M&A workstream. All aspects of reputation and analysis of reputation risk are slowly but surely becoming a crucial component of the M&A process, pointing to the value of deep business knowledge, expertise and rigorous methodology when considering mergers and acquisitions of all kinds. 

Over and above what the regulations require, when systematically and granularly done well, due diligence has an added value to the overall investment process, bringing new business opportunities and insights to make more informed investment decisions. 

Due diligence can be conducted at different stages of the M&A process, right at the start, during the preliminary screening of the potential target, and at a later stage, in the form of an additional post-closing audit. 

What are the benefits of a multidirectional approach to risk?

A due diligence report aims to:

  • Confirm the target is legally established, verify its shareholder and management structure and identify subsidiaries and related entities;

  • Meet legal obligations to check sanctions lists and watchlists for companies and its shareholders, set up to combat money laundering, terrorist financing or trade with embargoed countries;

  • Screen senior executives and shareholders to check if they are classed as Politically Exposed Persons (PEPs) or related to PEPs; establish whether the target entity is a state owned enterprise ;

  • Consolidate data on reputation and integrity from different origins: open source, KYC databases and information gleaned from 360 degrees interviews;

  • Analyse and substantiate the corruption, money-laundering or terrorist financing uncovered risks.

We recommend a multidirectional approach to risk so that due diligence is as comprehensive as possible and takes all forms of risk into account. This sweeping risk assessment covers five major risk categories: compliance, reputation, jurisdiction, operations and supply chain, and ESG (environment, social and governance).

We have developed a four-level risk index (low, average, critical and very high) that we apply to all our due diligence reports. 25 risk categories are included, making sure we cover all five key types of risk in M&A due diligence.

It is critical to assess the integrity of the target entity. The risk of contagion to the acquirer’s reputation cannot be underestimated, as we have seen from two recent cases, which illustrate the value of this multidirectional approach.

In the first example, a close look at the shareholder structure during the compliance due diligence process for a proposed deal uncovered a myriad of shareholders in different jurisdictions – all with family or former business consolidated shares – ties to a majority shareholder, a Russian national PEP and the ultimate beneficial owner. Since this contravened the 50% rule by the US Treasury’s Office of Foreign Assets Control (OFAC), the M&A transaction was reassessed. In the second case – a perfect example of the importance of extending due diligence across the entire entity, including its subsidiaries’ practices – a review of the business environment of the top managers of a company based in Africa (a French company subsidiary) revealed conflicts of interest and malfeasance that would have threatened the acquirer’s viability post-acquisition. If the target entity had been investigated for corruption after the deal was closed, it could have faced criminal sanctions for the new acquirer.

Interviews and digging deep into the business environment: two critical components of due diligence

Holding compliance and integrity interviews in the target’s environment rounds off the open-source data research and anti-corruption checks to confirm or refute the information obtained from these sources. The deeper the due diligence process through a cross-source approach that combines data from open source, KYC information and interviews, the fuller and more detailed the information on the reputation of the target is. Conducting compliance and integrity interviews involve identifying and selecting legitimate sources that are sufficiently diverse to reduce the risk of partial feedback, making contacts and consolidating information, and writing and editing. We recommend holding interviews to ensure a holistic approach.

Mapping the business environment of the target company, its key executives and shareholders is the final stage in the due diligence process. It shows the main external stakeholders (customers, partners, suppliers, intermediaries and government bodies) whose power to make decisions or exert influence could have a positive or negative impact on the target’s business and its potential exposure to corrupt practices.

The law: another argument in favour of compliance and integrity due diligence

Due diligence is not just an opportunity in the UK. In France, to grasp a European example, the recent Sapin II law on transparency and anti-corruption makes assessing the integrity of third parties a key measure in the country’s anti-corruption legislation. As the AFA recently pointed out in its “Practical Guide: Anti-corruption due diligence for mergers and acquisitions”, incomplete – or non-existent – checks expose the parties to criminal liability and the risk of sanctions. It could not be clearer: in the UK and in many other jurisdictions, it is essential to uncover the corruption and compliance red flags as early and as clearly as possible to protect the acquirer or the newly-formed entity. Post-deal, the acquiring company could be held criminally liable for breaches or practices by the target that predate the acquisition. Or, when a new legal entity is formed between the companies, the universal transfer of their respective assets to the new entity also effectively transfers any civil liability they may have incurred for acts of corruption committed before the merger.

In conclusion, due diligence cannot be narrowed down to an isolated legal or regulatory compliance ticking exercise. Compliance and integrity due diligence must be part of the M&A process to allow for more informed, safer and more ethical investments that meet the standards of a good corporate governance. It is a factor in valuations and so can also be a significant negotiating tool.

Over the years, this type of due diligence process has become firmly established in the UK. The emergence of new structural rules in Europe more recently will also see a shift as practices converge towards this standard. General and widespread adoption of compliance and integrity due diligence will be a major differentiator and key success driver for M&A.


Square Facts propose des solutions dédiées à la conformité vous permettant de passer en revue grâce à une externalisation, à un expert métier, l’ensemble de vos relations d’affaires et ainsi faciliter votre mission de due diligence en France et à l’international.

Nos packages de conformité simplifiés, renforcées et d’investigation améliorés sont adoptés par les responsables juridiques, responsables de la conformité, responsables de la sécurité, conseillers juridiques, directeurs généraux et conseils d’administration.

Nous tirons parti de toute notre expertise, de notre réseau et de nos capacités technologiques pour améliorer votre compréhension de votre exposition aux risques. Nous préparons des rapports consolidés et analysés dans un format clair et concis, livrés au sein d’une plateforme SaaS sécurisée et centralisée pour permettre une traçabilité et un audit complet.



Retrouvez-nous sur LinkedIn

Profitez dès à présent d’une démonstration de la solution Risk & Compliance !


Nadia A.Ziani


Directrice Risque et Conformité EMEA


Discover more

This is a staging enviroment

Secure Your Spot for Our Exclusive Risk & Compliance Masterclass!

Don’t let this opportunity pass you by!

Join us on February 29, 2024, at 11 AM CET for a deep dive into Risk & Compliance Management. Our expert-led webinar will provide you with the essential knowledge and tools to conquer compliance challenges confidently.