The ABC’s of Due Diligence Investigations

15.02.2019

The world of business is so complex that no single phenomenon remains unchanged for a long time. As you gain momentum, you need to keep on innovating—or you get left behind. We all witness milestones from big companies such as joint ventures, mergers and acquisitions, financings and other major investments. How do these businesses thrive? How do they satisfy the dynamics of the competition?

One key standard by which companies follow before a major investment is due diligence investigation. This is the process of researching and analyzing an individual or organization before a business transaction. This helps in assessing the practicality and profitability of a transaction or investment.

A — ASSESSMENT

Do I need a a due diligence investigation?

Assess yourself. Do you run a business? Are you stockholder of a big corporation? Are you about to accept a top-ranking position? Do you plan to enter a joint venture? All these entail due diligence investigations to give you a clearer picture of the company you are about to do business with.

The concept of due diligence is simple: it revolves around reasonable care or “required carefulness”. In simple terms, due diligence is studying for a major exam. In business, due diligence investigation is done in preparation for a major transaction.

B — BENEFITS

How can a due diligence investigation benefit my business?

The goal of due diligence investigation is to provide you with information, hidden or otherwise, to help you make an informed decision. Would you enter a battlefield unprepared? Certainly not.

By conducting a due diligence investigation, you can figure out what a company is going through. It is typical for the larger business to conduct this due to their large assets. If there is even just a small risk of failure, wouldn’t you want to discover it? A due diligence investigation does just that—because once problems start, they become difficult to fix. Even in business, prevention is a lot better than damage-control.

However, due diligence is not limited to investigate hidden information or analyze risks. It can also determine opportunities when the acquisition or venture starts. If it’s for the betterment of both parties, why not? Let’s say, for instance, the potential partner has a strong chance of winning bids in future contracts—your business can definitely benefit from this strength.

Remember that both risk and opportunity are two sides of the same coin—but you don’t have to flip it. Running a due diligence investigation can identify the risks and opportunities that will help you arrive at the best decision.

C — COMPLIANCE

What is the basis of due diligence investigations?

Due diligence investigation did not become a practice if it weren’t for the laws that emphasize on checking companies out of prudent and careful practice.

The use of due diligence rose due to the US Securities Act of 1933, originally referring to the process as “reasonable investigation”. Though every country practices their own laws and policies, here are the most common legal bases for investigative due diligence:

US Foreign Corrupt Practices Act

One strategy of the FCPA compliance program done by corporations is to tap into due diligence providers. They perform this as a precautionary yet sincere measure by identifying public officials associated with foreign companies.

US Patriot Act

The Act orders all financial institutions in the US to conduct due diligence in accounts established or maintained for foreign individuals or institutions. This is done as a means to combat money laundering.

UK Bribery Act

When the Act was still in the works, the Secretary of State published a Guidance outlining six principles followed in business. One of the principles, as stated in the Guidance, is due diligence, which is done in compliance with a code of conduct.

Non-compliance to these laws results in serious legal ramifications, ultimately damaging the reputation of the affected companies. Due diligence investigations are almost always called for in states, cities or areas where corruption is rampant.

D — DUE DILIGENCE PROCESS
How is a due diligence investigation conducted?

The due diligence investigation is an exploratory process and uses different styles to gather information. It encompasses person background checks, company background checks, mystery shopping, surveillance, and financial investigations.

The typical areas an investigator looks into are:

Company history and overview
Who founded the company? What is the vision-mission?

Employees

What benefits does the company offer to their employees? What is the dynamics of their workforce? Is there an existing association or union of their employees?

Financial record

How much is the monthly revenue of the company? Do they have a good credit history?

Audits

How does the company fare in marketing audits? Do they routinely perform IT audits?

Inventory management

What approach does the company use to manage their materials? How do they deal with issues concerning inventory?

Depending on the depth of the search, due diligence investigators can dig deeper. They can review public records, contact foreign offices and talk to actual individuals like customers to gather more information.

It is possible to perform a due diligence investigation on your own, but it might not be very effective. Investigators are experienced and wise, and they know what kind of information to look for and how to obtain it. They know how to acquire records legally and have authorized access to data that are not accessible to you or to the public. It is crucial to employ the service of an investigator to get hold of accurate and relevant information without compromising other precious resources like time and money, which you can use elsewhere.

E — EXAMPLES

What are the types of due diligence investigations?

Because there are various aspects in business, there are also many types of investigative due diligence that can cater to each area:

Legal due diligence

Does the company own rights to intellectual properties? Do they have contracts with all their partnerships? Do they have previous or current litigations in court?

Financial due diligence

How does the company deal with their finances? Is there a declaration of assets and liabilities?

Commercial due diligence

Does the company have a business plan in force? Do they have a pool of regular clients? Who are their competitors?

HR due diligence

Does the company’s human resource department conduct pre-employment screenings? What is the recruitment process? How do they handle employee grievances?

IT due diligence

Does the company utilize effective data-gathering tools? How do they analyze information? Do they act on intelligence to make business decisions?

Before any big change, it’s all about verifying if the company in question is indeed what they are showing to you. If the other party presents you with their own facts, a due diligence investigation can show you another aspect. Even if you practice integrity and professionalism in all your business dealings, there are still companies that may not mirror your own values.

How willing are you to risk your own business? Due diligence may cost your company a certain amount, but think of it is as a lifetime investment. Not doing a due diligence investigation prior to a major change is like entering into a battle blindfolded—you don’t know what you’re up against.

With due diligence investigations, your company can analyze all the aspects of the other party—allowing you to see the bigger picture. Once it’s clear, you will have the confidence to make informed decisions that will benefit your company without compromise.


Strengthening Defenses with Security Intelligence

04.01.2019

There’s so much you can do with the Internet—the good and the bad. Cybercrime is so ruthless that experts predict it will incur $6 trillion worth of damages by 2021. It is the largest threat to every company, and one of the toughest challenges of mankind, created by mankind, for mankind.

The evidence itself is in the numbers. Do you think nothing could be worse than drug trade, terrorism or human trafficking? According to Cisco, cybercrime will be more profitable than the biggest illegal drug trades in the world combined. Give it a few more years, and even the most savage syndicates will turn to cybercrime to strengthen their networks—if they haven’t already. Cybercriminals are always two steps ahead—who knows what they’re cooking now?

As a key person in an organization, you have the corporate responsibility to prioritize safety and security—of the employees, finances, and data down to the last detail. You do this through security intelligence, a smart approach to protect your organization from all threats possible.

What is security intelligence?

Security intelligence is the real-time collection, analysis, evaluation and response of data generated from an organization through users, software and IT infrastructure.

By intelligence, we mean information that holds relevant value to your organization. The ultimate goal of security intelligence is to give significant insight to identify, prevent or reduce threats regardless of the size of the organization.

You don’t just collect information in retrospect; you have to know what is going on right now in all nooks and crannies of your network. Then you gather data from every source within your network, so you can compare and see patterns. With analytics, you can perform behavioral profiling and determine false positives. As soon as you have the right intelligence, you present your findings in a concise approach to the top-level management of your organization.

In simple terms, the information provided by security intelligence is laid in front of you. You may not know it, but there may already be a breach of security as you speak—and you’ll never spot it without proper correlation and analysis of data.

How is security intelligence applied?

You’ve heard it many times, but what exactly does security intelligence do? What is it good for? How is it so beneficial?

Here a few ways on how you can apply security intelligence to your business:

● Monitoring accounts

What are the odds of having a rogue employee? Even with pre-employment screening, an insider can be a threat. Security intelligence tracks the routine events of your users. It can look into activities and access permissions and alert you for any unusual behavior.

● Detecting fraud

Your company’s customer service department is the highest risk vector for fraud. How many users comprise the call center? Imagine all of them having access to clients’ accounts, credit card details, and personal information. This is a serious security risk, but not all internal network monitoring systems can look into this specific network in real-time. Security intelligence, in comparison, can dive deep into this area and detect unusual activity suggestive of fraud.

● Recovering compromised accounts

You want to prevent unauthorized access to your network at all times. However, the access itself is not preventable as the attacker enters all valid credentials of the original user. Security intelligence only detects the infiltration through changes in the routine events of the user’s login after the successful access. This will instantly alert your team so you can take immediate action.

How is security intelligence flexible?

Do you own a small business? Do you run a social enterprise? Security intelligence is not exclusive for business giants with a lot of resources, big budgets, and employees. Once you’re in business, there’s always competition.

With your competitors in the background, what can put your business at risk? Complacency.

And complacency opens the doors for security threats to break your defenses. Without security intelligence, you won’t even know there’s a breach going on already.

Open source intelligence and competitive intelligence are both beneficial for strategy-building and decision-making, but you still need security intelligence to protect your company from cybercrime. So whether you belong to a small or large-scale company, security intelligence is helpful.

There is no universal platform used for security intelligence; it’s not a one-size-fits-all approach. It’s a complex process and the approach done by one organization may not be effective for your own. The good thing is that security intelligence is flexible, and there is room for configuration. You can modify it according to your company’s risk posture and weaknesses. Utilizing the right approach identifies both internal and external threat data and transforms them into threat intelligence, forming the basis for making security decisions.

How does security intelligence provide insight?

Not all companies have their own analysts to perform security intelligence. In many organizations, third-party providers comprising of security intelligence experts trained in IT security do the service. In both cases, what matters is the accuracy of the results from which you derive insight.

Collecting the right information—sifting the relevant data from the less significant ones—is crucial in security intelligence. Do you know how much data you hold in your organization? You’ll be surprised how much big data you have stored in your networks. How do you deal with the overload? Security intelligence can help you make sense of the big data. A comprehensive insight will let you look at the big picture and guide you to make the right security decisions.

There is a need to add layers of defense to your organization’s network. This reflects on how you secure your assets, including business data, IT infrastructure and intellectual property. In turn, your ability to secure all these will reflect your organization’s reputation.

Security intelligence is more defensive than it is offensive. Fortunately, this approach is within reach to any organization who takes security seriously. This matters because as you innovate, threats become more sophisticated. As you read, enemies may be breaching your organization’s defense layers right now—utilizing complex measures to infiltrate your network in ways you have never imagined.

Can you stop them?


Opportunities for wealthy persons and families (HNWI´s / UHNWI´s) in the age of the new EU-DSGVO

27.11.2018

The new EU-DSGVO (data protection basic regulation) offers new approaches in connection with an occasion-related or holistic online risk management to protect privacy on the Internet or in online media (for example in connection with domain registrations, party donation lists, wealthy and rich lists) in the best possible way.

From practice:

Domain holder data are now not readily available online … until recently this was quite different.

With the new DSGVO, security managers now also have an additional means of pressure at their fingertips to have any unwanted critical content on websites, blogs and forums deleted. The „right to forgetting“ and the associated deletion of (old) data records supports security officers in the context of the holistic support of wealthy persons.

The extent to which the deletion of data on party donation lists and so-called wealthy and rich lists is favoured by the DSGVO will have to be demonstrated in practice in the coming months and years. It is quite possible that in the foreseeable future there will be a precedent before an administrative court in this regard, in order to make a final judgement as to whether personal rights (also in connection with the protection of privacy and the like) have priority over the public’s right to information and disclosure.

The situation is similar in connection with the „right to official information embargo“ for wealthy families and persons. In the past, authorities have often refused applications for information embargo if the addresses of the persons concerned had to be researched elsewhere (simply and quickly) on the Internet. In our opinion, this can and will change in the future if the security manager has completed the correct steps and measures before applying for an official information ban.

So much in a nutshell. We would be pleased to prepare an individual protection concept for you, taking into account the DSGVO special feature and our best practice approaches.


UNHWI Security, HNWI Security UNHWI protection, Ultra High Networth Individuals Security

21.09.2016

Very few people will even be familiar with the term HNWI or UNHWI, the differences are negligible. And, even fewer yet, will have ever been in contact with one or even be one themselves. UNHWIs or Ultra High Networth Individuals, meaning, in simpler terms, very, very wealthy people, will generally not be found in a local Walmart or Tescos.

In many cases, UNHWIs will be more or less completely removed from ‘commoners’ lives, and that is a fairly vital part of their security. With greed and envy being the most human of emotions, those who have a lot need to be wary of others taking it. This means protection. Protecting one’s belongings has been a concern for humans since we stopped living in caves and it hasn’t become any easier since then.

Nowadays, people hardly protect their own anymore, they hire others to do it for them. This can take the shape of security firms, individual bodyguards, security systems and all kinds of alarms. Naturally, the wealthier someone is, the more they have to protect, the more they need UNHWI Security.

The approaches to this particular branch of security (as with HNWI Security) are varied. There are standards, like cameras, that will be found in almost all properties, and bodyguards during high-risk events or in larger crowds, however even those aren’t guaranteed to be around. No, it is simply up to the individual what kind of security they go for.

UNHWIs will, as a rule, know enough about their personal situation to be able to make somewhat informed decisions and those who don’t will hire professionals to do it for them. Security is no longer a one-man-job, instead various people, organisations, and technologies will work together to protect the Ultra High Networth Individual.

Yes, to a ‘normal’ person this can seem fairly costly, and, in absolute numbers it often is, however compared to the risk of being robbed, kidnapped or extorted, it is a comparably small price to pay. Protection of assets as well as people is what allows UHNWIs to lead normal lives without needing to hide away completely.

Especially for those who have a family and children, wealth can become as much of a hindrance as an advantage children may feel ostracised and hindered in their daily lives by their parents’ security measures, taken as they are to ensure their safety. From a protection standpoint, being an HNWI is certainly not easy.


Background Checks Companies, Background Checks Individuals, Business Partner Finance & Compliance Checks

24.08.2016

Background checks are usually considered uncomfortable. The person being checked will often feel intruded upon or mistrusted. Despite that feeling of being uncomfortable it is largely accepted as a necessary evil. After all, who wouldn’t rather have background checks done for people who work with children, for example?

The legal background varies greatly from country to country. In America for example, very nearly everyone can conduct a background check on someone if they have the necessary information. In the UK on the other hand, the person being checked needs to give permission and the check is then being done by a government agency.

Now, in what kind of situation are background checks common? Many countries require them for people who want to work with children. Banks and larger companies like to know if their employees have a criminal background as well, before employing them. However, background checks aren’t just done on potential employees, but also on, for example, new business partners. Business partner finance checks have a very obvious purpose-to give information about whether or not the potential partner is lucid and therefore a viable partner.

There are several kinds of different background checks-some are really more identity checks, while others give a full scale criminal record, credit check and a list of former residences. In most cases, someone that requests such a check will do so with a certain intention and therefore only check certain things. Typically, it’s governments that will perform more in-depth searches into potential employees or persons of interest.

A bank’s interest into potential clients is equally obvious-it will perform individual credit checks to see if someone is eligible for credit or an account. The reason to do this needs no elaboration-a bank cannot simply give credit to anyone, they first need to see if the person can be trusted with the responsibility.

As far as performing the actual checks goes, they can be done by several parties, for example background check companies, the government, a government backed organisation, or the police. Background check companies will need to be certified and adhere to a lot of rules and regulations concerning the dealing with personal information. Respecting privacy while performing these checks is an essential checkmark in these situations and one of the few comforts possible for people that feel intruded upon by the checks. The companies are usually liable for leaked or misused information and will never give the information to anyone not allowed access to them.


favicon-196×196