Personal Security
Personal Privacy

What is Due Diligence? | Ferret

If you found this article, you know one thing for sure: Due diligence is a necessary process fraught with challenges, requires careful execution, and can be a make or break activity. So, you’re in the right place. 

Throughout this piece, we will focus on the legal due diligence process, and how you can avoid getting caught with your pants down. Say ‘no’ to getting bamboozled and level up your strategy, so you can make certain every relationship you invest in is a secure one.

Let’s look at the actual definition of due diligence from our friends as Oxford Dictionary:

due dil·i·gence


— reasonable steps taken by a person in order to satisfy a legal requirement, especially in buying or selling something.

— a comprehensive appraisal of a business undertaken by a potential buyer, especially to establish its assets and liabilities and evaluate its commercial potential.

Basically, “...investment due diligence is a necessary process for both buyers and sellers to undertake to ensure the swift execution of their envisaged transaction,” and is an integral step in any business relationship dealings. 

In terms of these steps, due diligence typically commences after your business associate has offered a letter of intent, or term sheet.

Next, you work with your team to conduct an assessment over the course of one or two months, and this assessment is where you and your team review all the investment details, financial records, assets, and data to check for any inconsistencies.

“Due diligence allows the potential buyer to confirm pertinent legal information about the seller, such as contracts, finances, and customers. By gathering this legal information, the buyer is better equipped to make an informed decision and close the deal with a sense of certainty.”

And lastly: “Due diligence generally commences when the letter of intent (LOI) is signed. Learn more about due diligence in mergers and acquisitions, what steps you can expect to happen during the M&A process, and why due diligence is very important,” writes Brandon Brown of Business Benefits Group.

For the purposes of this article, we will primarily focus on “investment due diligence.” 

This bucket under the due diligence umbrella covers a wide range of scenarios. In this article, we will focus on checklists for startup and VC funding, Mergers & Acquisitions, debt financing, and long-term supply contracts. 

How each of these scenarios plays out in regards to due diligence will be unraveled as each scope and approach will vary.

Whether you’re a …

  • big shot investor
  • looking to launch your first startup 
  • investing in a new business venture

…you’ll see how to avoid any missteps along the way to perform operational due diligence - using this handy Due Diligence 101 Guide. 

Big Shots & Due Diligence 101: Startups & VCs

Savvy investors and venture capitalists are no strangers to bad actors. Since Silicon Valley exploded in the late ‘90s, we now live in a world where things like the Elizabeth Holmes’ Theranos scandal are, sadly, common occurrences. The long-short of it: Shrewd investors know that there are nefarious characters out there looking to swindle. 

So, how do smart investors prevent getting hoodwinked? There are several tried-and-true steps, but along the way, oftentimes, we get comfortable with skipping some steps. Especially if we get a personal referral or recommendation, but take it from Ferret, this potential risk is never a good idea. 

First off, check out the investment team. 

What you should see is a broad swath of expertise. This team should have exceptional skills that can help elevate your business.

One of my favorite bits of advice comes from GroundFloor Partners, they write: 

Ask to see the most important legal documents for the company (articles of incorporation, operating agreement, etc.) Check the Secretary of State’s office, and any other relevant certification or compliance agencies to make sure the company follows state rules and regulations. Are there any outstanding lawsuits, liens, or judgments against the company or its officers? Have there been any in the past? If so, are these legitimate, and do they reveal major problems with the organization?” 

This is, of course, one of the cornerstones of due diligence. But most advice-givers offer the same preponderance of information: check with the Secretary of State office. That’s a tall order, and will likely yield very little information. And it’s a slow process…

Ask for an anti-reference. 

An anti-reference is exactly what it sounds like. It’s a reference where the person you are vetting was involved in a deal that went south. What you’re looking for here is how this person acts when they’re in a legitimate bind. 

Examples include:

- A portfolio company, where they followed up in later round

- A portfolio company that raised further capital, but where they decided not to follow up

- A portfolio company that failed

“You will hear how they behave at their worst, and it will most likely not be sugar coated. A serious investor should both be conscious about this, and willing to share. If they cannot think of such a person or occasion, that’s a telltale too…,” explains Sanna Westman, an investment-focused blogger.

“Ask to be introduced to founders they have worked with before. Ideally, you would talk to people who were at a similar stage (seed, A-round etc) as you but where the outcome differed e.g.,” Westman goes on to note.

Other Types of Diligence for Investors & VCs:

Explore these eight aspects of proper due diligence all investors need to focus on to ascertain whether they’re making a sound decision. Here’s a quick roundup:

Financial Due Diligence

Get a look under the hood of your investments by checking the company’s financial statements and projections. VCs and investors should have consistent methods for measuring their potential investments finances, though areas of interest may vary between different industries.

A financial check will come early during the vetting process. In fact, it’s likely the very first step when considering an investment. Entrepreneurs don’t have time to involve themselves in financially unstable or fruitless endeavors.

What numbers are you interested in? Typically a full-financial check will involve examining data related to:

  • Current revenue – How much is the business bringing in at the moment. If you’re investing in a startup it’s not uncommon to see low or no profit for the first year of business. That said, by the second or third year, most successful businesses will begin to turn a profit.

  • Type of revenue – Sales, interest, dividends, rent—how the business makes money is equally as important as how much money they make. Be mindful that different revenue sources may be subject to different federal and state taxes, ultimately impacting the bottom line.

  • Product margins – Select businesses operate at a loss until they can reach a high enough production rate to increase their product sales margins. Where some products may have an inherently high-profit margin, many businesses retain their profits through market saturation or high rates of sales.

  • Burn rate – For startups that have yet to turn a profit, the burn rate will indicate how long the business can operate before running out of money. These numbers are tied directly to major deadlines for product releases and subsequent rounds of funding.

  • Free cash flow – How much money does the business have left over after accounting for monthly expenses? A high free cash flow can mean more opportunities for development and more secure investment.

Your potential investment industry should have all these metrics readily available, but you may want to consider proceeding with your own audit. 

You can request the raw numbers from the business in the form of financial statements like:

  • Year-end statements
  • Balance sheets
  • 12 months cash flow plan
  • Profit & loss statements
  • Latest profit & loss statement
  • Yearly budgets
  • Tax statement extracts

Hold off on any investment until you’ve processed all relevant financial statements. It may take several weeks to secure the necessary materials and approvals to move forward.

Regulatory Due Diligence 

For regulated industries, such as privacy-focused firms, financial institutions, and manufacturing firms, it’s imperative to ensure all aspects of the business abide by state and federal regulations.

Compliance can be a time-consuming and costly process, but the cost of non-compliance is substantial. Any business operating without full compliance is a major potential risk for potential investors.

A regulatory audit aims at ensuring all projects, personnel, and business affairs are above board and aligned with all known requirements.

To conduct a proper regulatory audit, take note of the following:

  • Regulatory policy – Every regulated business should have its regulations and policies regarding compliance firmly outlined. Obtain a written compliance statement that includes standard procedures, responsibilities, and roles for compliance within the company.

  • Compliance officers – A compliance officer is an individual entrusted with a business’s compliance procedures. If possible, interview this person to ascertain relevant compliance information.

  • Product compliance – Confirm all product standards are met regarding federal laws and guidelines. You also may wish to request product documentation and facility records.

  • Regulatory Investigations – Previous or ongoing regulatory investigations may be red flags for investors. In the case of a regulatory investigation, request records about the company’s actions and the nature of the investigation.

  • Antitrust regulations – Examine any relevant antitrust laws which may affect a business's ongoing affairs or their potential for mergers and acquisitions. Additionally, you may need to review the Federal Trade Commissions guidelines related to antitrust law, including the Premerger Notification Program. 

Tax Compliance

Ensure your potential investment is in full compliance with the tax code. An audit from the IRS can be a major setback for businesses and their investors, so due diligence demands a full tax assessment of any business you’re looking to invest in.

Businesses may be responsible for paying any of the following:

  • Income taxes
  • Sales taxes
  • Property taxes
  • Excise taxes
  • Payroll taxes
  • Franchise taxes
  • Taxes on shareholder

Many of these taxes vary from state to state, and where a company operates and incorporates can have an impact on their total taxes. Investors should spend time with a business’s accountants and tax professionals for a full understanding of their tax compliance. Additionally, you may request IRS documentation and proof of payment.

Liability Compliance

When conducting due diligence, VCs and investors need a clear understanding of their liabilities when investing in a company. Your rights and protections as a potential investor should be clearly outlined during financial negotiations. 

During the due diligence process, there are several key liability questions to consider, including:

  • Controlling stakes – Confirm your role based on your investments within the company. Large investors can expect a larger amount of control based on the capital they’ve provided and the investment structure of the business. This could also determine your liability related to the company’s conduct and performance.

  • Legal standing – A full legal review may be necessary to determine the quality of an investment. Ongoing lawsuits and legal complications can be a deterrent for many investors.

  • Partnerships and licensing agreements – Is the company involved with subsidiaries, franchises, or various licensing agreements? In the case of complex partnerships, due diligence may require examining the businesses associated with the primary investment.

A licensed legal professional can provide clarity during a liability compliance audit. A trusted third party may be the best route for a sound investment and total assurance.

Intellectual Property Compliance

Copyrights, trademarks, and patents all fall under the umbrella of intellectual property (IP). For VCs and investors, it’s crucial that a business stringently follow all laws related to IP compliance. Otherwise, the business may fall prey to heavy fines and legal ramifications.

IP can impact the large and small aspects of any business, and may cover materials like:

  • Packaging
  • Advertising materials
  • Logos
  • Inventions

As well as the actual products that the business produces. 

For the purposes of due diligence, investors should take careful note of the following IP-related procedures and institutions:

  • Claims and discrepancies – If another company has made a claim against your potential investment’s intellectual property, it may result in extended legal battles and costly proceedings. While IP lawsuits are fairly common for corporations, understanding the details of any claim is critical when considering an investment.

  • Trademark and patent registration – Investigate the details of a business’s various filings with the patent office and trademark commission. Request documentation of IP procedures to check that the business has fulfilled its duty to protect its assets.

  • IP department – Many companies enlist an entire department responsible for assuring IP compliance. This may be an offshoot of the business’s legal team, tasked with ensuring IP protections.

Digital Infrastructure Compliance

Is a company practicing safe and professional behavior regarding its IT department? Today, digital infrastructure and cyber protection are more important than ever before. 

Consult with the business’s IT team and conduct an internal audit based on the businesses response to current digital threats such as:

Malware and ransomware – Critical data can be taken and held by bad actors in exchange for a financial payout. Additionally, servers and databases may be at risk of malicious software aimed at disrupting digital systems.

Data leakage – Without proper protection, a company could risk exposing their clients’ and investors’ sensitive information. High-level security measures should be implemented to prevent data leaks.

Insider attacks – Threats to a company’s interests may come from within. Businesses should conduct secure digital operating procedures, offloading, and continual reassessment to protect against insider attacks.

Operations Due Diligence

Examine the business's daily operating costs and expenditures from a human resources perspective. Take the business’s everyday operations into account to develop a larger perspective of their investment potential.

A comprehensive operations analysis may include:

  • Business walkthrough – Investors and VCs may opt to experience the business first hand by touring offices or production facilities. This may be a guided tour or a less formal invitation to get a peek behind the scenes. Either way, you can assess what standard operations look like on an average day.

  • Business plan comparison – Contrast how a business operates with its proposed operations by studying its current business plan. If they are neglecting procedures previously outlined in the plan, it may be worth asking if they’ve pivoted or reassessed.

  • Data monitoring – Request access to various logs and documentation that measure daily output and efficiencies. Some businesses may have clear and actionable data available while others may have a less structured work environment and more complex metrics for measurement.

Market Share Due Diligence

All businesses are chiefly concerned with their space in the market. Market share due diligence involves inspecting their proposed market value in relation to competitors, as well as their strategies for growth.

Key data for understanding a business’s market share may include:

  • Yearly growth
  • Competitor sales
  • Total market size

The company should provide actionable data to capture its market while expanding across others. 

Mergers & Acquisitions: What’s Different?

There’s actually not a vast difference between VC due diligence and M&A due diligence but one factor sticks out: Confidential Information Memorandum (CIM)

According to The Corporate Finance Institute, “A Confidential Information Memorandum (CIM) is a document used in mergers and acquisitions to convey important information about a business that’s for sale including its operations, financial statements, management team, and other data to a prospective buyer.”

Also known as an Offering Memorandum, this step involves hiring an investment banker, or an M&A specialist, or advisory firm to create an accurate profile of the company the buyer is looking to acquire.

“The banker prepares the CIM and uses it as a marketing document, which is intended to make the company look attractive as the objective is ‘not just to sell, but to sell for maximum value.’ The reason an investment banker tries to sell a company at the maximum value is because they represent the best interest of their client (the seller), and their commission is based on the sale price,” The Corporate Finance Institute notes.

During the sales process, the banker builds content for the Confidential Information Memorandum; an example table of contents for an offering memorandum can be seen here:

  • Executive Summary
  • Investment Thesis
  • Overview of the Market
  • Overview of the Target Company
  • Products and Services
  • Revenue Profile
  • Employee Profile
  • Customer Profile
  • Financials – Historical and Projections
  • Management Structure

Due Diligence Done Better

The process of due diligence is a complex and demanding procedure that requires expertise and experience. To stay protected and profitable regarding all your investments, connect with Ferret—the industry leader in due diligence tech and world-class relationship intelligence.

Latest Blog Posts

Sign up below to join our Beta Waitlist!