OSINT in Due Diligence: Minimizing Risk Through Open Data

Social Links -

The corporate world is fast-moving and high-risk, where getting a clear picture of things can make the difference between success and failure. When even a tiny oversight can unravel multi-billion dollar deals, having the correct information and knowing who you are dealing with is crucial. That is where due diligence investigations come into the picture.

In this article, we’re diving deep into the importance of a proper due diligence process. We’re going over what it is, why it’s a vital yet often misunderstood topic, and how open-source intelligence enters into the equation. See how it is possible to save a ton of headaches (and money) by including OSINT solutions in this very particular form of investigation.

So without further ado, let’s see what it’s all about!

What is Due Diligence?

It’s become a byword for corporate risk assessment, but what actually unfolds the term? In short, the due diligence process involves verifying, investigating, and auditing a potential deal or investment opportunity to confirm all relevant facts and figures, financial or otherwise. It’s the investigative leg of the Know Your Customer (KYC) procedure as well as a crucial part of Anti-Money Laundering (AML) regulations.

Due diligence is critical for mergers and acquisitions (M&A) deals. It enables investors to determine the financial viability of the acquisition and identify any issues with the target company's operations. By conducting a thorough investigation, decision-makers can make informed choices about the arrangement's feasibility. Businesses recognize the importance of this process, given the significant impact the results can have on the success of the investment.

Broadly speaking, we can talk about three distinct types of due diligence:

  • Simplified due diligence (SDD). The lowest form of due diligence that an institution can conduct. It is applied in cases where criminal risk is slim to none and covers a superficial verification of the person’s identity.
  • ‘Customer due diligence’ (CDD). The most common form of due diligence aims to detect risk and prevent money laundering. It's actually a legal requirement, with companies facing penalties if they neglect to conduct CDD checks. Corporations failing to meet the requirements may be fined $560-2240 per violation.
  • ‘Enhanced due diligence’ (EDD). What makes EDD checks different from CDD processes is the level of scrutiny. Customer due diligence identifies the subject but does not verify their claims. Enhanced due diligence goes into much more detail to track, analyze, and consider every aspect of the subject’s financial life to minimize any potential risk. While EDD also aims to detect risk and prevent criminal wrongdoing, it’s reserved for high-risk individuals and businesses due to location, occupation, and political exposure.
The depth of inquiry increases with each step

The Need for Proper Due Diligence

While the number of deals is rebounding following the lows of the pandemic, there is still a high degree of failure in M&A deals. With the turbulent global economic state making investors nervous, due diligence has become a critical component of decision-making. Here's why.

Growth of investment deals

According to UNCTAD, the volume of foreign direct investments (FDI) reached $1.6T in 2022 due to looser financing conditions and rapid momentum in M&A markets. Despite global economic growth slowing to 1.6%, projections for M&A in 2023 are enthusiastic, ranging between $4.1-5T. However, a turbulent due diligence process can easily undercut the optimism presented in the numbers.

Increasing volume of M&A deals

2022 saw 36,704 deals take place. Though the number did not break the record highs of 2021, the average deal value increased by 9%. While the demand for top-quality due diligence remains high, inconsistent analysis and changing economic conditions lead to 70-90% of M&A transactions falling through, requiring businesses to adapt to newer ways of operating to gain a competitive edge.

The number of M&A transactions soared in the last decade

Market volatility and global turbulence

Challenges such as a looming recession, uncertainty of global financial markets, and the impact of the COVID-19 pandemic have made investors more skeptical and cautious. As a result, gaining a detailed understanding before going through with a deal has become the norm. In this context, dormant cash is seen as potentially harmful to funds because of rising inflation, making due diligence increasingly crucial for financial decision-makers.

Global corruption skyrocketing

With the annual cost of the world's corruption reaching an enormous $1T, international peace has been declining for the last 15 years. In such circumstances, due diligence gives critical insights into funds gained from illicit sources, providing a way to shield social institutions and prevent the further impoverishment of countries and at-risk demographics.

The Anatomy of OSINT-Driven Due Diligence

It is essential to understand that the role OSINT plays in due diligence is supportive, as the bulk of the work still falls on accounting and the legal side of things. However, open-source intelligence can still provide value for gaining powerful insights to help companies make informed decisions. Here’s how OSINT fits into the various departments:

Financial

The role of financial information in the due diligence process can scarcely be understated. Taken together, all account activities of a company, including revenue streams, transactions, investments, or records of expenses, always tell a very vivid story and are essential sources for conducting accurate risk assessment during the audit process.

OSINT tools allow analysts to quickly find public financial information (share capital or balance sheets) and yield information on a company’s transactional history (analytical reports on previous deals). Furthermore, the ability to trace cryptocurrency transactions makes it possible to find potentially high-risk payments and to show a lack of transparency in the subject’s accounts, indicating areas for further investigation. As a result, an ongoing deal's course might change in time.

Having a paper trail to prove the company's actions can be a lifesaver in successfully concluding M&A deals. ‘Legal’ serves as an umbrella term, covering any official documentation as well as accounts records. Gathering all contracts, real estate records, patents, tax receipts, and other required documents makes it possible to back up or debunk claims made by individuals and corporations.

However, any single company can amass colossal quantities of diverse paperwork, which can be extremely difficult to collate and form into a coherent picture. With OSINT solutions, scanning and analyzing news reports on legal suits, sanctions lists, and non-governmental investigative reports (such as the OCCRP) is easy. Furthermore, visualization tools can enable analysts to plot how all this diverse paperwork fits together and can help to view a full portrait of the company’s internal processes.

Compliance

All positive or negative policy compliance cases, such as ESG (Environmental, Social, Governance) or CSR (Corporate Social Responsibility), can play an important role in M&A deals. If a company’s actions don’t align with its words, it can prove disastrous for its reputation and put them at risk of getting fined.

Issues related to compliance are frequently discussed on online social platforms, providing a precious opportunity to scan public sentiment and uncover data touching upon these topics (particularly for ESG and CSR violations). OSINT tools allow for the effective tracking of such discussions on social media channels. In addition, geospatial and image analysis functions can provide much-needed insights for potential ESG infringements.

Company Structure, Policy, and Staff

By giving a picture of how well organized a company’s internal processes are, an organization's structure, policies, and corporate culture can often reflect indications about how it operates more broadly. Also, with many companies having embraced remote work, it is important to be able to check that the staff is where they are supposed to be and doing what they ought to be doing.

Take, for example, LinkedIn. This social network can provide a wealth of data on a company’s corporate structure, management, personnel changes, and more. Meanwhile, users continually leave indications about geolocation through social media and other platforms such as fitness trackers.

OSINT tools allow analysts to draw from various sources in verifying data points or inferences on a company’s individual members of staff, including where they are based and their attitude to their work. They also create a picture of the company’s internal structure and operational mode and how effective they are.

Sanctions and Stop Lists

Global sanctions and potential ties to countries and institutions that don’t align with the company's values can present notable problems during a due diligence investigation. While individuals with such ties pose risks, the same goes for those on a watch list or politically involved. Such subjects are prime candidates for enhanced due diligence investigations, as their connections tend to be numerous and highly complicated.

By applying knowledge derived from sanctions databases (such as the one offered by OFAC), OSINT solutions can visualize a detailed network of connections that the analysts can track and examine. Very often, crucial links can be hidden, making them imperceptible through ordinary search methods. But with the help of metadata, it is possible to derive a comprehensive informational context and map out connections that very likely exist but have been obfuscated or erased.

Reputation

With social media and increased competition in all markets, any damage to a company’s reputation can set off a domino effect that ultimately sinks the organization. The way a business is represented online through its management's profiles, corporate media presence, customers' reviews, and public sentiment is crucial to understanding the exact position a subject occupies in the market.

Many OSINT solutions come equipped with a whole suite of textual analysis tools that allow conducting in-depth sentiment analysis around a specific company and in relation to a number of issues. NLP models mean that huge volumes of online text can be swiftly analyzed and summarized to provide a prompt picture of the public mood towards a given company. Thus, open-source intelligence allows one to go deeper and identify the sentiment, check its authenticity, and whether it has been artificially generated or not. This gives analysts greater accuracy in their work.

Cybersecurity

Data leaks can be extremely damaging and costly for an organization. And not only is the number of victims involved showing an upward trend, but the average cost of a data breach is also at an all-time high. In such a climate, it’s easy to understand why cyber resilience and data security are major issues in assessing the risk of a proposed M&A deal.

Using OSINT tools, analysts can continually monitor the online space for security gaps and promptly identify cyber vulnerabilities of various kinds. Besides, such intelligence solutions have the ability to scour the Dark Web for red flags. This is often crucial in assessing cyber resilience because it’s the place where leaked data is most commonly traded. It’s also where malicious tools and services—zero-day vulnerabilities and DDoS-as-a-Service, for instance—are most commonly circulating.

OSINT proves itself invaluable in many areas

The Benefits of OSINT for Due Diligence

Open-source intelligence software provides a range of advantages that can enable analysts to save all kinds of resources. In particular, OSINT tools can make a huge difference in the following areas.

Time Efficiency

By various estimates, an average due diligence audit takes approximately 30–90 days. Since Extended Due Diligence procedures are expected to be comprehensive, the timeline can easily get out of hand. Therefore, overtime can become quite painful since an extra day of research can cost a fortune when the stakes are high.

The advanced automated search methods provided by many OSINT systems allow analysts to streamline their workflows and make considerable time savings. For example, image recognition technologies help sweep the Surface Web for any data vulnerability that might be attached to the company’s brand. Plus, data visualization features enable analysts to organize the expansive amounts of data they are dealing with and build a comprehensive picture more quickly.

Budget

Basic due diligence services cost $30–40k per case and increase depending on complexity. But the total sum of investigations can easily become hard to manage. And this can happen for various reasons—for example, if much of the information the analysts require is not forthcoming, if the subject itself is being uncooperative, or if unexpected findings come up.

The cost of due diligence is firmly tied to the time investment required by the teams carrying out the work. Powering the research side with OSINT software can considerably reduce due diligence costs.

Staff

According to McKinsey, in-house due diligence teams in M&A departments comprise 30–40 specialists. These professionals are equipped to handle all aspects of deal planning, including initial screening, legal structuring, and finance.

However, assembling a specialized unit can be a serious challenge for many companies, especially small ones. With huge amounts of information to go through and a wide variety of skills needed, staff size requirements might significantly complicate the whole investigation process.

OSINT solutions allow for big investigations with smaller teams. Going through boxes and boxes of documents in the past required multiple people to read through each file. Still, because of digitization, open-source intelligence software can read documents and provide detailed reports and summaries.

Due diligence puts the magnifying glass on every department of a company

Expansion of Data Scope

Going by the idea that a danger foreseen is half avoided, it is crucial for companies to have the broadest and deepest view of their subject that they possibly can. OSINT systems provide analysts with access to an extremely wide pool of open sources while offering the incisive tools needed for extracting the precise nuggets of data needed to complete the objectives at hand. In the context of due diligence, essential sources include:

  • Databases
  • Corporate Registers
  • Non-profit Registers
  • Social Media
  • News Media
  • Educational Records
  • Legal Reports
  • Investigative Reports

Scaling

OSINT technologies can put a lot of power in the hands of a single worker. With an expansive range of tools and sources, all channeled into a single interface at a single workstation, tasks that in the past may have required a full team of people to carry out can now often be achieved by a single well-organized operator. Viewed from a more global perspective, this also means that one small team of well-equipped specialists can achieve what once would have called for an entire department.

Conducting Background Checks with SL Professional

Let’s now jump into a practical example and see how SL Professional helped resolve a real case of Social Links' client. For confidentiality reasons, we will use abstract names.

The scenario involves Company A (our client) considering the acquisition of Company B. To make an informed decision, Company A required a thorough verification of Company B and its affiliates. SL Professional was employed to help with the work.

To start off, our client began by running [Facebook] Search and [Facebook] Get Friends transforms to obtain information on Company B’s CEO’s acquaintances. Then, using the [Facebook] Get Coworkers Ever and [Facebook] Get Details search methods, our client revealed a network of strongly interconnected friends, except for two individuals: Company B’s CEO and Account X.

The plot then thickens: soon Company A’s analysts noticed suspicious similarities in both profiles. After additional inspection, it became clear that Company B’s CEO and Account X is … the same person (Company B’s CEO had changed his appearance, name, and country of residence but kept in touch with old friends). Through conducting research on the old name of Company B’s CEO, it became apparent that the subject had been involved in money laundering schemes. With this insight, the deal was canceled, saving Company A from significant financial losses.

SL Professional revealed nonobvious connections and easily uncovered a fraudster

The example above is just one among many applications of SL Professional in due diligence. With the help of the tool, analysts can conduct in-depth investigations of organizations and people of interest to prevent risks and unwanted consequences. This is achieved by:

  • Using social media data and human connections to flag any potential threats
  • Expanding the data set with additional information gathered from corporate sources, blockchains, or the Dark Web, to detect individuals involved in illegal activities
  • Boosting the investigation process and reducing its duration by up to 30% (by the estimation of the Social Links team)

And that brings us to the end of our introduction to the role of OSINT in due diligence. We hope you gained insights into how open-source intelligence solutions can enrich the intensive audit process.

💡
Conducting scrutinized due diligence is crucial for being confident in future decisions and preventing unwanted risks. Want to know how OSINT can make the whole process safer and faster? Simply follow the link below and book a one-to-one consultation with one of our experts. We will assist with all kinds of questions and help resolve the specific case.
GET A FREE DEMO