Due Diligence and Reputation Research: Testing Integrity Before Saying ‘Yes’

In mergers, acquisitions, major client relationships, and investments—both domestic and international—the emphasis has traditionally been on financial and legal due diligence. Balance sheets are scrutinized, contracts are reviewed, and tax structures are analyzed. However, in practice, it often turns out that integrity issues, sanctions risks, and reputational damage, rather than numbers, are the true dealbreakers.

This article focuses on Integrity Due Diligence (IDD)—also known in international practice as Reputational Due Diligence. IDD does not replace legal, tax, or financial DD; rather, it serves as a complementary layer that answers a different question: “Do we actually want to be associated with this party?”

 

Why Financial and Legal DD Are Not Enough

Financial, tax, and legal DD are indispensable. They map out whether the figures are accurate, which contractual obligations exist, and which hard claims, securities, and tax risks are at play. Furthermore, regulators and legislators expect organizations to have their financial and legal houses in order.

At the same time, the bar is shifting. Sanctions regimes are becoming stricter, AML (Wwft/Wft) expectations are becoming more concrete, and media, NGOs, and regulators are looking more closely at ESG, human rights, and supply chain responsibility. Consequently, board members are increasingly told they “should have known” that a potential acquisition or key partner had integrity issues.

Additionally, reputational damage is difficult to repair. The traditional notion that legal, tax, and financial DD constitute “the” due diligence—and that integrity research is merely an optional add-on—no longer aligns with modern business realities.

The Blind Spot: In transactions, we often see a single total budget agreed upon for due diligence. This amount is usually consumed by standard components first. Anything outside of that is quickly dismissed as “nice-to-have” and is the first to be cut. This is precisely where blind spots are created.

 

The Foundation: Standard DD with IDD as a Complementary Layer

Modern due diligence has long evolved beyond the classic trio of financial, tax, and legal. While these remain the foundation—one cannot close a responsible deal without insight into figures and obligations—a whole generation of “supplementary” DD streams has emerged. Cyber and IT DD, technical DD, commercial and ESG DD, and sector-specific variants like environmental or regulatory DD are increasingly set up as separate workstreams.

In this article, we zoom in on Integrity Due Diligence (IDD). IDD is not a competing alternative to financial or legal DD, but a conscious broadening of scope. While traditional research focuses on the formal side of the enterprise, IDD looks at the behavior, integrity, and reputation of the organization and the people surrounding it.

This process combines:

  • Open Source Intelligence (OSINT): Registers, sanctions lists, court rulings, and regulatory sites.
  • Background Checks: Analyzing the track record of directors, UBOs (Ultimate Beneficial Owners), and key personnel.
  • Media Analysis: Reviewing NGO reports, social media, and international press.

The result is a cohesive picture that shows not only if the company is formally compliant, but whether you, as a buyer or investor, actually want to stand beside them.

 

Cross-Pollination Between Legal, Tax, Financial, and IDD

On paper, legal, tax, financial DD, and IDD complement each other perfectly. However, in practice, these streams often run too far apart, meaning important facts are not cross-referenced.

Consider an illustrative example: a standard question is whether directors or shareholders have ever been involved in a bankruptcy. In a legal Q&A, this question was answered in the negative. However, the IDD research—searching trade registers and media—revealed that one of the individuals had indeed been a director of a bankrupt company. This information was available in public sources. The discrepancy was only noticed by placing the legal Q&A answers alongside the OSINT findings from the IDD.

Similar cross-pollination is possible with financial and tax DD:

  • Public Annual Reports: Provide a high-level check on turnover, profit, and solvency to compare with data room figures.
  • Bankruptcy Reports & Litigation: Reveal past liabilities or seizures relevant to both legal and financial teams.
  • Tax Disputes & Fines: Visible in case law and news media, these can be reconciled with tax DD findings.

The goal is not to “replicate” a full financial DD using open sources, but to see if the internal image aligns with the public trail and identify where gaps or tensions exist. This requires a conscious “information bridge”: granting the IDD team access to relevant Q&A topics and systematically feeding IDD findings back to the legal, tax, and financial teams.

 

In-depth Anti-Corruption DD: Beyond the FCPA

For groups operating internationally with significant government contact or activities in high-risk countries, a generic IDD is sometimes insufficient. In these cases, it is supplemented by an explicit anti-corruption stream.

The FCPA (U.S. Foreign Corrupt Practices Act) is a well-known reference, but it is not the only one. The UK Bribery Act, France’s Sapin II law, and Brazil’s Clean Company Act all impose strict standards regarding bribery, anti-money laundering, and internal controls.

In practice, this translates into an in-depth DD track:

  1. Analyzing high-risk payments (gifts, hospitality, facilitation).
  1. Reviewing the role of agents and consultants.
  1. Evaluating approvals and monitoring in high-risk jurisdictions.

The aim is to assess whether the integrity and control levels align with the jurisdictions where the party is active and with the risk appetite of the buyer or financier.

 

The IDD Report as a “Living” Dossier

A high-quality IDD report has value throughout the entire lifecycle of a deal, not just at the moment of signing.

  • Phase 1: Supports the go/no-go decision.
  • Phase 2: Used for (re)financing with banks who conduct their own integrity checks.
  • Phase 3: Demonstrated to grant providers or funds to prove that integrity and sanctions risks have been carefully vetted.

Case Study: In a project involving a new data center, extensive screening was conducted on a party intended to be the center’s largest tenant. While the immediate goal was the client relationship, the investor looked further ahead: the real estate and client portfolio might be resold in the future. A robust IDD report serves as evidence for future buyers that risks were consciously accepted or mitigated, making the IDD a recurring building block in the asset’s documentation chain.

 

Red Flags and Risk Translation

IDD often produces a mix of hard facts, allegations, and “noise.” Not every negative report is a dealbreaker. The art lies in determining when a finding constitutes a true Red Flag.

Patterns of recurring corruption, involvement in sanctions evasion via dubious intermediaries, or repeated regulatory interventions point to structural integrity problems. Long-standing controversies regarding human rights or environmental issues in the supply chain also fall into this category.

The next step is always the same: translating fact into risk.

  • How old is the issue and how was it resolved?
  • Was it an isolated incident or a pattern?
  • What remediation measures have been taken since?
  • What does this mean for strategy, permits, and stakeholders?

This analysis determines whether to proceed, under what conditions, and with what additional safeguards.

 

Roles: Board, Compliance, and Researchers

A successful IDD requires clear responsibilities:

  • Board/M&A Teams: Define the risk appetite and make the final go/no-go decision.
  • Compliance & Legal: Translate that appetite into concrete research questions and reporting formats.
  • External Forensic Researchers: Conduct in-depth OSINT and reputational research, including anti-corruption tracks (FCPA/UKBA/Sapin II).
  • Financiers: Expect projects to be demonstrably tested against integrity, ESG, and governance standards.

 

Conclusion: From Deal DD to KYC

IDD is the “front end” of the same field where integrity investigations and whistleblower cases form the “back end.” What you do not sufficiently investigate before saying “yes,” you are likely to encounter later as an incident, investigation, or crisis.

In the next article in this series, we will shift the focus from one-time deal DD to daily practice: KYC (Know Your Customer) screening and CDD (Customer Due Diligence). We will explore how to translate the principles of IDD into ongoing monitoring, UBO verification, and PEP screening throughout the entire customer relationship.

 

Get in touch

Dennis van der Meer | +31618948848 | dennis.van.der.meer@compliancechamps.com

Boy Custers | +31649935735 | boy.custers@compliancechamps.com

 

Read more articles here.