How M&A Due Diligence Can Protect the Outcome of Your Deal

Businesses merge together or outright acquire one another on a regular basis. Two companies that have enjoyed a partnership for several years may decide to fully merge so they can share resources more easily, or a company might find a smaller business that is highly innovative and purchase them to bring their new products or production methods under their brand. Regardless of the reasons, mergers and acquisitions occur often. 

While they may be routine, mergers and acquisitions (M&A) are still full of risk. If your company is preparing to merge or acquire another business, you need to do your due diligence into the other company. Once the M&A is complete, your brands and reputations will be intertwined, and that may pose a variety of risks.

As with any product, you need to know what you’re buying. Do you know if the other company has been vetted in the past? Has anyone conducted executive due diligence or were only cursory background checks reviewed? Have any of the executives been part of major civil litigation? If so, have the issues been resolved or do they remain open?  Are there hidden or undisclosed matters that could create serious exposures now or in the near future?  Do they have vendors or subcontractors in countries that have been sanctioned? You need to be able to answer all of these questions and more before you go through with the purchase or merger. Infortal is here to help you uncover the information you need to go into any M&A with the facts you need to weigh the risks, opportunities, and rewards.

The Basics of Mergers and Acquisitions

Mergers and acquisitions is a broad term that covers most of the ways two or more businesses can join together. In addition to mergers and acquisitions, it may also cover consolidations, the purchase of another company’s assets, management acquisitions, stock tender offers, and even hostile takeovers. All of these are different types of transactions, and all carry potential risks and rewards, which is why you will need to conduct due diligence regardless of what type of M&A you’re executing. In addition to legal or financial due diligence it is important to conduct due diligence on the business entity being acquired as well as the key executives involved in that business.  For the purpose of this blog, we will use mergers and acquisitions or M&A to indicate the full  spectrum of transactions.

When merging or acquiring another company, you’re not simply taking on their name, their intellectual property, or their assets. You’re often taking on their executives and their reputation. Do you know what these executives have done in their past? There’s always a risk that one or more of the executives involved have a checkered past that has not been disclosed. They may have had criminal charges filed against them, or they may have been involved in bribery or corruption. If you’re merging or acquiring a company based out of or that does business in foreign countries, executives could be engaged in activities that are not criminal there but may be considered illegal in the U.S.  They could also be working in countries the U.S. has imposed sanctions on

Taking on executives with a criminal past is just one of the risks you face during an M&A. Let’s take a look at some of the other risks and how doing your due diligence can help mitigate some of these issues.


What Risks Are You Taking on When Buying or Merging with Another Business?

There are a number of different risks you assume when buying or merging with another business beyond taking on executives who may cause embarrassment, public scandal, or reputational harm to your business after the transaction completes.

Reputation damage

You could irreparably damage your own brand’s reputation by acquiring a company that has a history of illegal activities, including fraud and bribery. Even if it’s just one executive with a criminal past, it’s going to reflect on you and show that you failed to do your due diligence. You may lose customers, investors, and other partners. It’s possible you could lose government contracts, and your company’s stock price could plummet. Some of your own executives may even resign rather than remain with a company that has a poor reputation. There are numerous examples of this every year.

A poor return on the investment

When buying or merging with a company, you expect a significant return on any investment you’re putting into the deal. No company buys out another with the expectation of losing money. For example, if you plan to buy a company for $50 million dollars, you may have projections showing you can make $100 million back within a few years.

However, if you buy a company and later find that they’re embattled in lawsuits or government inquiries, you can end up spending much more. The company may end up being fined, have to settle lawsuits, and cover legal fees. This can all add up to $millions more, which means you’ve now spent millions more on the company than originally planned. The acquisition is no longer worth it, and it may be years before you actually start to see a return on your investment.  Additionally, the new management team may waste considerable time on lawsuits and unexpected PR issues which may undercut financial results for the newly combined companies.

Financial liabilities

Have you taken a long, hard look at the company’s financials? While the company you’re merging with or acquiring may have disclosed some financial information, they may not have disclosed everything. They may try to hide significant losses or payments made to less than reputable vendors or business partners. Some executives may have spent millions of dollars in bribes over the years but were able to carefully cover their tracks. 

Thorough legal and financial due diligence are essential in M&A transactions. For example, when Hewlett Packard purchased Autonomy in 2011, they thought they were given solid financial documents that covered everything. HP even believed that they had done their due diligence. However, later litigation revealed that all they had done was around six hours of conference calls. That’s why they failed to realize that Autonomy’s income statements were fraudulent. They had backdated purchases, lied about buyer commitments, and more. 

Issues with subcontractors, vendors, subsidiaries, and investors

Few businesses operate completely in a vacuum. The company you’re buying or merging with is likely to have hundreds, if not thousands, of contracts with various vendors and other companies, many based in other countries. You may be obligated to keep these vendors on for the remainder of their contracts. Some may even be necessary to continue operations, especially if they’re a vendor for a very niche industry. They may also have subsidiaries or other companies they have acquired.

The risk you take here is that these vendors and subsidiaries may not be operating legally or may not have disclosed everything. In 2012, for example, Caterpillar purchased ERA Mining Machinery Limited. In doing so, they also purchased Siwei, one of ERA’s subsidiaries. While ERA appeared solvent, Siwei was posting losses to the tune of $2 million. Despite the red flags, Caterpillar completed the acquisition. Later, they discovered that Siwei had lied on documents. In fact, a deeper investigation found that they had been lying on financial documents for years. Despite this, Caterpillar still claimed that they had done robust due diligence prior to the purchase. 

You also have to look into a company’s investors and large stockholders. One positive example of M&A due diligence working comes from Mondelez International’s aborted attempt to purchase Hershey in 2016. While Hershey did reject Mondelez’s initial offer, there were some behind-the-scenes issues with Hershey’s controlling trust. Mondelez officers took those issues into consideration and decided that the company would not pursue the purchase further. 

How M&A Business Due Diligence Protects You

M&A due diligence can protect your business by addressing all of the risks above and more. Here are some of the ways Infortal can help protect your company.

You learn about the executives you’re taking on

Infortal’s M&A due diligence process involves conducting executive due diligence on the key leadership of the company you’re merging with or acquiring. Doing a typical background check may reveal about one percent of an executive’s background concerns. Basic due diligence might bring to light around five percent of serious issues. Our executive due diligence, however, provides much more information. We make use of open source intelligence to gather information going back decades, while a background check only looks at the last seven years.  

It highlights any civil litigations the business was involved in

Do you know if the company you’re about to buy has been sued? If it was a major lawsuit that made headlines, you probably do. But what about a key lawsuit in a different state that was settled out of court ten years ago? This may not have been disclosed, yet may indicate other concerns about the company and even how it’s executives treat business issues. Companies may only disclose civil litigation that occurred in one state or one country. You can’t make a fully-informed decision unless you know what other litigation the company has faced. Infortal will provide you with a more complete picture, including hidden or undisclosed information on past and ongoing civil litigation and investigations. 

You learn about their supply chain vendors and other partners

Bribery, corruption, and other illegal activities can occur in global supply chains, especially when companies operate in countries where such things are done without consequences. When a company purchases another, it can be easy to simply leave all their supply chain contracts in place. It’s also easy to assume that the company you’re buying has vetted all of their vendors. However, it’s very risky to assume that. 

There’s always the risk that a sales manager in one of a company’s supply chain vendors could be taking bribes or that managers are doing something illegal with your products. Without doing your due diligence into these vendors, you run the risk of these illegal activities causing risk to you, damaging your reputation and potentially costing you millions of dollars.

Infortal Can Help You Learn Who You’re Really Acquiring or Merging With

Infortal can assist you with your mergers and acquisitions by doing deep dive due diligence into the executives and history of the business you’re joining with or buying. It’s vital that you have this type of information, so you know exactly what risks you’re assuming by completing the deal. You may still find that the rewards are worth it, but you’re going into the deal with your eyes open. To learn more about how we can help, reach out to Infortal today.

What is the Difference Between Basic and Deep Dive Due Diligence?

Imagine hiring a new executive only to find out that they were involved in a serious crime, have a major conflict of interest, or have a history of suing the companies they work for. Once the ink is dry on their contract, it’s too late to easily change your mind without some type of cost to your company.

Moderna’s board of directors found this out the hard way in May of 2022 when they hired Jorge Gomez to serve as their new chief financial officer. While they did some due diligence into his background, they didn’t look much beyond the basics. After publicly announcing Gomez was joining their team, Moderna make a shocking discovery: his former employer was under investigation for financial misconduct. Gomez served a single day as Moderna’s CFO before being released from his contract in exchange for $700,000, the costs and time involved in the hiring process, and a hit to their reputation.

This is just one example of why you must do more than basic due diligence when hiring an executive. A deep dive into Gomez’s history would have revealed the investigation and his role in it before he was hired, allowing Moderna to avoid the embarrassment of hiring a CFO with a checkered past.

What is Due Diligence?

Many people think due diligence is the same as a background check, but it’s much more detailed than that. Background checks are done when hiring anyone, regardless of their level in the company. This provides a very basic snapshot of someone’s criminal and financial past in that they will tell you if someone has been convicted of a felony or declared bankruptcy. However, they won’t tell you more than that.

True due diligence is typically only done when hiring executives, especially C-suite level leaders, and when acquiring or merging with another company. The goal of due diligence is to bring to light any risks that could result in a loss of reputation, income, or clients. This includes much more than felonies and the occasional bankruptcy. Due diligence should also look into items such as a criminal past in other countries, online activity, conflicts of interest, financial irregularities, civil suits, and more.

With this in mind, let’s take a look at how basic and deep dive due diligence are different, how a deep dive into a candidate’s past can help protect a company, and how Infortal Worldwide is here to assist you with these deep dives.

When is Deep Dive Due Diligence Necessary?

Basic due diligence is more than a background check, but it doesn’t really dive into someone’s background. It’s enough to shed light on whether a potential hire has committed felonies, embezzlement, or is extremely litigious. However, it only checks around 30 different databases of information. That’s not going to find everything. It might find some basic risks to hiring the person, but it typically only highlights about one percent of potential issues.

Even moving up to a second level of due diligence, which would include making use of open source intelligence tools to gather and analyze all publicly available information may not be enough. While this will pull in media reports, social media, court filings, public trading information, and more, it’s still only going to reveal around five percent of the information you truly need when hiring an executive. It’s better, but it’s just not enough.

That’s where deep dive due diligence comes into play. This level dives into all of the open source intelligence information plus scans international watch lists, dark web activity, connections to other businesses, and much more. It will look at aliases and connections to other people that could lead to conflicts of interest.

Whether than asking specific questions such as “did this person work at this company? Did they live in this area during this specific time period?” that background checks do, deep due diligence casts a very wide net. It looks at connections the potential hire has and how they could use those connections instead of simply verifying data. This is absolutely necessary when hiring a company executive. Because it’s so extensive, one of these searches can take up to 30 hours of work, but it will reveal much more than other levels of due diligence.

See how infortal helps protect our clients

Key Ways Deep Dive Due Diligence Protects Your Company

Deep dive due diligence will help your board of directors, hiring committee members, and others by providing information that would simply not be found without it. While using open source intelligence, watch lists, and other databases will bring up a variety of information on a potential hire, here are a few key ways deep dive due diligence in particular is necessary to make a fully informed hiring decision.

Learn Candidate Aliases and Other Names

Some candidates have used other names in the past. While some of these names will come up on basic searches, there’s always the chance that one or two will not. This is especially true if the candidate took pains to hide those aliases or use different names in other states or countries.

A deep dive also sifts through candidates with very common names to find information about them. Someone with a very common name like Joe Smith may not be easily searchable online because there are thousands of people with that name. A deep dive will use other factors such as addresses, birthdate, employment history, and other data to determine when information is about a candidate and when it is about someone with a very similar name.

Get the Full International Picture

Some companies only look at information in local, state, or federal U.S. databases. While this will usually reveal if the individual was tried or convicted in the United States, it will not reveal anything about any international civil or criminal cases. Executives, especially those who have worked with large multinational corporations in the past, are likely to be involved in business in other countries.

Knowing if they have been accused of fraud or were named in a malpractice lawsuit in another country can quickly make it clear that a candidate is not a good fit. This type of due diligence will also reveal whether the candidate is an investor or owner in any business based in another country. This could highlight potential conflicts of interest that would not come to light otherwise.

There’s also always the chance that a candidate left their home country to avoid being arrested or charged with crimes. This may seem like something out of a movie, but it does happen. Even if the person left for legitimate reasons, companies should still review their criminal history and business activities done before they moved to the U.S.

A Basic Search May Not Reveal All Conflicts of Interest

A conflict of interest can lead to misconduct. An executive who has a connection to another company may work to get that company better prices or to move contracts or partnerships to that business. While these partnerships aren’t always bad for either business, they do typically result in the executive getting a cut from both sides. That’s a serious conflict of interest that should never occur.

Unfortunately, basic due diligence may not necessarily uncover this, especially if the executive has gone out of their way to disguise or hide their connection to the other business. There are a number of ways this can be done, but it’s a conflict of interest regardless of what methods they use.

A deep dive due diligence will reveal these connections. Company leaders will be made aware of what other businesses the candidate has a connection to, allowing them to avoid any partnerships or relationships. Even if the business is in a different industry that the company would never interact with, knowing that the candidate was not forthcoming is good information. It’s a red flag, and it may indicate that they have been less than truthful about other things as well.

Basic Due Diligence Does Not Search the Dark Web

The dark web contains information that few people ever see. This information, however, can be vital when making hiring decisions. If the candidate has any sort of presence on the dark web, it’s almost always a red flag. Even if they did nothing wrong, there may be information about them out there that could be used to blackmail or coerce them. This could affect the company, especially if the candidate could be blackmailed for money or favors. Companies may want to make candidates aware that their personal information has been published on the dark web, even if they decline to continue the hiring process.

Why is it Important to do Deep Due Diligence?

As highlighted with the Moderna example, executive, C-level, and other highly visible leadership positions can quickly damage a company’s reputation at best and result in severe losses at worst. Hiring a CEO with a very checkered past can lead to a loss of respect and trust in the brand if their past becomes public. Bringing on a CFO who was the subject of a criminal investigation in another country or a CTO who has been a part of multiple SEC violations can be embarrassing, and it can result in business partners and investors cutting ties with the company.

If you’re lucky, you simply have to pay out a year or more worth of salary and take a small dip your stock price. Moderna was especially lucky in that they did bounce back fairly quickly as far as revenue goes. However, the embarrassment has greatly damaged their reputation, and that may haunt them for years. Not every company experiences such minor damage from a poor hiring decision. Some go years without finding out that their CEO, CFO, or other executive has a dark past or often engages in illegal activity. These individuals could even use company assets to line their own pockets, putting the entire business at risk.

See how infortal helps protect our clients

Infortal Provides Deep Dive Due Diligence to Alleviate Risks

Many companies understand how to do basic due diligence and do regularly check at least the criminal backgrounds of those they hire. However, few companies fully understand how to do a deep dive into a candidate’s background. They do not have the tools or the experience to find some of this information. Others simply do not have the time.

Infortal has the skills, tools, and time to do these deep dives. If you’re preparing to hire an executive, you need to have a full picture of who you’re about to invite to join your company. To learn more about how we can help, contact Infortal today.

The Importance of Due Diligence in Executive Search

When an executive leaves a company, it creates a vacuum. Often, an entire division of the company is left without executive leadership. The CEO or board has lost a trusted expert to provide advice and guide the company’s operations, finances, HR, technology, or other area. However, the company should never rush the search for a new executive. These individuals do more than just serve in a leadership capacity—they also often serve as ambassadors of the company and its brand. What they do reflects on the brand, and if they have a sordid past, criminal convictions, financial misconduct, or conflicts of interest, it can negatively impact the brand.

Any company or board that is seeking a new executive needs to perform their due diligence. However, the due diligence for someone at the C-suite level needs to do more than check their work history and criminal background. You need to know if they have a criminal history overseas, if they’re highly litigious, or if they have any unreported conflicts of interest. In short, you need to do a deep dive into any candidate who makes the shortlist for the position. 

Let’s take a look at what such a deep dive entails, why it is important, and how partnering with Infortal Worldwide is the best way of protecting your company from hiring an executive who may put your brand at risk.

What Is Executive Due Diligence?

Executive due diligence goes beyond simply looking at someone’s employment history, credit history, and criminal background. Those are basic records that should be reviewed for almost any hire. With an executive, however, more information is needed. The last thing a company wants to do is hire a highly visible C-level employee only to find that they have ties to unsavory organizations, have made statements in the past that are counter to the company’s mission and vision, or have a criminal past in another country.

Due diligence includes these basic background searches, of course, but it goes far beyond that. First, all public records, including those from other states and other countries, are searched for the provided name and any aliases. Someone who has conducted business in another country may not necessarily disclose that information, and a background search in the U.S. may not reveal it, either. This is also true if the individual was involved in litigation or other court cases in other countries. Limiting a background search to the United States only often fails to provide the full picture.

Second, many companies simply do not have the time or skills needed to look into someone’s background without asking specific questions. It’s fairly easy to verify information, but it’s not as easy to see if anyone is a con artist, fraudster, or engaging with hate groups online or has family connections to criminal organizations. These types of searches often reveal that a candidate may be, at best, a PR risk, and at worst a criminal themselves. 

Infortal’s deep dive executive due diligence includes searching public records, global watch lists, domestic US and overseas criminal (where available) and civil court records, corporate board conflicts, financial pressures, behavioral concerns, and more. In the end, we provide our clients with a full picture of the candidate that includes any criminal history, court issues, concerning online activity, conflicts of interest, and other indications of risks they could bring to the business.

Infortal can help protect you from bad actors with our due diligence services

Why Due Diligence is Important in an Executive Search

When it comes to an executive, there are a number of reasons why doing deep dive executive due diligence is important. Here are a few of the risks a company faces if they fail to do their proper due diligence.

Standard background checks aren’t enough

While a standard background check can be fine for many employees, for executives, it simply doesn’t contain all of the information a company needs to make a well-informed hiring decision. Our research shows that one out of every five executive-level candidates have concerning information in their history that a standard background, credit, or criminal check will not reveal. This includes information from other states and even other countries. 

Even a basic due diligence search will only bring to light around one percent of these issues. A deep dive, however, will allow you to make a much more informed decision by providing you with a fuller picture of the potential hire.

Proper executive due diligence provides context

A background check may reveal that a candidate was named in a lawsuit, but it may not reveal the context of that lawsuit. It’s up to the company to dig into the legal documents and determine what the candidate’s involvement was. Infortal will provide that context so companies know if the candidate tends to be litigious or if they were simply named along with other company leaders or individuals. A highly litigious individual could plan to bring suit against your company by carefully creating a series of events that make them appear to be the victim. A wide variety of civil litigation disputes may underscore a history of litigious behaviors which may later cause unwanted impacts and reputation damage to your organization. 

Further, if the executive involved is an investor, or posing as an investor, they may have breach of contract and fraud claims brought by other companies seeking investment offerings which were not found because the executive was involved with other companies which had not been identified during legal and financial due diligence.  

Business connections and involvement in other companies is an important part of investigative due diligence that are frequently overlooked, but which may pose reputational harm and in many cases conflicts of interest which should be explored.

Conflicts of interest often aren’t revealed

Finding certain conflicts of interest is not always simple. For example a valued long term key executive may work directly for your rival competitor, or may even own that company as we have found in one situation. Or an individual could be a part-owner or investor in a company that has a controlling interest in other companies or could have invested under an alias that a routine background check could not find. These individuals could use their connections with the other company to falsify information, run a kick-back scheme, or influence important business decisions. The executive could be double-dipping at another employer, and even words may have been planted by a competitor to sabotage your company from within or steal intellectual property or trade secret information. Infortal has encountered all of these situations at real companies, yet most companies think this “could never happen to them”.

Background checks may not flag forged degrees or other falsified information

According to one study, only slightly over half (53%) of employers actually even verify a candidate’s degree. This means that it can be quite easy to slip falsified education through the hiring process, especially for executive candidates who have years of work experience. 

It’s easy for a hiring committee to assume a candidate who has a resume featuring well-known Fortune 500 companies and other successful businesses has earned the degrees they say they have. The case could be made that with years of experience, education no longer really matters. However, there’s another important question that a falsified degree or other credentials should raise: if a candidate has lied about this, what else have they been less than truthful about? Finding a forged degree should certainly be a red flag.  Yahoo’s reputation was damaged some years ago by a CEO, Scott Thompson, who claimed a degree he did not have, this resulted in both a stock drop and years of reputational damage. Marilee Jones Jones, dean of admissions at Massachusetts Institute of Technology, claimed she had three degrees, even though she had none. 

David Edmondson, CEO of Radio Shack resigned after falsely claiming he had two degrees when he had no degrees. In Infortal’s experience, at least 15% of employees lie or misrepresent their degrees. 

The damage from a bad hire can be substantial and long-lasting

Finally, and perhaps most importantly, failing to do due diligence for an executive can result in substantial, long-lasting damage to the company. Hiring a candidate who has a number of risks associated with them can cost the company a substantial amount of money. Companies may have to pay out on a large severance agreement, even if the executive only worked for the company for a short period of time. They could be sued by shareholders, face stiff regulatory fines, or have to pay out millions of dollars to correct improper actions taken by the executive. 

The damage done to your company’s brand can result in the loss of clients, strategic partners, government contracts, and more. Stock prices can drop, investors can sue or pull out altogether (another PR issue), , and other executives or employees could decide to seek employment elsewhere. This can take years to recover from. 

In some cases, the damage could be so great that the company has to fold. Finding out that the CEO has moneylaundering, bribery and corruption, or even murder charges against them in another country which could easily destroy the company’s reputation. A CFO with a hidden past involving financial misconduct could bleed the company dry before anyone realizes what’s happening. 

It’s very easy for one unscrupulous individual in the right position to destroy a company. There are many examples of this in recent times including Bernie Madoff’s $64 billion ponzi scheme, Jeffrey Skilling CEO’s fraud at Enron, and Elizabeth Holmes’ fraud involving fake blood testing equipment at Theranos.

Infortal can help protect you from bad actors with our due diligence services

Protect Your Business

In the end, it comes down to trust. How much trust can be put in a candidate for an executive position? A company must protect itself from risk, and that includes the risk of hiring an individual who brings with them liabilities. Putting trust in someone without doing executive due diligence is a risk that could greatly damage the company, its reputation, and its profits. Infortal aims to reduce that risk with our deep dive executive due diligence investigations on executives and other key personnel. 

We understand that a company’s first duty is to protect themselves from potential damage. While many candidates for executive positions will be honest about their past, there are approximately 20% who may not. There are even a few candidates who may not disclose something because they do not see it as a risk or as something that could potentially be a red flag for employment. While they were not maliciously hiding information, it still means the company does not have a full picture of who they may be hiring and the hidden risks they may pose. 

Infortal has over 35 years of experience in executive due diligence. We work closely with our clients to find all relevant information about a candidate so they can make informed decisions after fully evaluating the risk the candidate may represent. With our assistance, you can confidently hire into your C-suite, or your board of directors, without bringing undue liability to the company. 

To learn more about how Infortal can help you, contact us today.

Identifying the Three Main Levels of Due Diligence

On May 9, 2022, Jorge Gomez joined Moderna, maker of the COVID-19 vaccine, as their new CFO. Gomez was fired just one day later when it was found out that he was the subject of an internal investigation by his prior employer Dentsply Sirona. Gomez’ brief stint at Moderna cost $700,000 in severance pay to Gomez, unless Gomez is found to have been involved in misconduct at Dentsply Sirona, as outlined in a claw back agreement. Gomez will forfeit his signing bonus, bonus eligibility and eligibility for new hire equity awards, Moderna said in a securities filing.

According to Endpoint News, the probe was initiated in March in 2022. Moderna told them “that it had been unaware of the Dentsply’s investigation involving Gomez until it was publicly disclosed on May 10th,” the day of Gomez’ resignation. Endpoint further reported that “despite the end result, Moderna defended its decision to hire Gomez and its swift action to let him go.” Moderna’s spokesperson said:

“The May 11, 2022 announcement and departure of Jorge Gomez from Moderna strongly reflects the seriousness with which Moderna takes corporate governance. We are confident that Moderna conducted all appropriate due diligence on this matter prior to the hiring of Mr. Gomez, based on available information.”

The spokesperson was not the only Moderna employee to defend their hiring. Financial Times reported that Noubar Afeyan, Moderna’s co-founder and board chairman told them legal constraints prevented the company from learning about Dentsply’s internal investigation earlier. Afeyan further said: “Both the process of recruiting and vetting, and the process with which we reacted to the new facts that came out, were completely appropriate. I can’t think of a different approach that we could have used under those circumstances.”

How Can Companies Protect Themselves?

The elephants in the room here are “How is the company confident that they “conducted all appropriate due diligence” prior to hiring Mr. Gomez?” and what exactly do they believe to be “appropriate due diligence?” Many C-suite executives, board members, and even investors, often “can’t think of a different approach” than the one’s Moderna most likely followed.

Many companies conduct a basic background check and conduct reference interviews on new executive hires and think this is a sufficient level of due diligence, however, this is insufficient due diligence for executive hires. Federal regulators know the difference if an issue occurs that requires demonstrating the levels of executive due diligence conducted. Thorough levels of executive due diligence can provide an extra layer of fiduciary protection for the board.

It is important for executives and board members to be able to understand and identify the three main levels of due diligence, especially in regard to corporate hires to mitigate risk and prevent a company from encountering a situation similar to Moderna’s hiring of Mr. Gomez.

See how infortal helps protect our clients

Understanding Background Checks Versus Due Diligence Investigations

Most companies default to standard background checks. These checks, sometimes called routine background checks, are initiated internally by the company’s human resources department or through an executive search firm that a business is relying on to not only locate potential executive hires, but to vet them for potential issues. These default standard background checks reveal less than 1% of serious issues compared to the 20% revealed through due diligence investigations. Why is there such a big difference in the results found?

When hiring executives and board members, executive background checks, a deep-dive executive due diligence investigation, should always be conducted.

Standard background checks typically look at only 5 components. They usually verify employment history, criminal records, degree or education verification, social security validation and address verification, and sometimes credit history. These are the same basic background checks performed on any level of employee. Companies mistakenly believe that if they have their executive recruiters conduct a routine background check plus reference interviews that they will find any negative information on executive hires.

Background checks only provide a small window into a potential hire’s public information and fail to capture substantial amounts of detail, particularly hidden or undisclosed information. Standard background checks are a starting point, but are entirely insufficient when assessing a new executive hire or board member. These backgrounds are unsuccessful at taking a comprehensive look into an individual’s reputation, litigious history, behavioral issues, fraudulent behavior, SEC violations, undisclosed work history, and conflicts of interest to name only a few issues of concern at this level.

Due diligence investigations are designed to detect hidden and undisclosed information that is not readily available in standard background checks. Open Source Intelligence (OSINT) investigations are an important source of information in addition to publicly available records as this part of the investigation examines deep, dark and historical information on the world wide web (far beyond simple Google searches). Due diligence investigations evaluate criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, relationships of executives to foreign officials, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues.

The information gathered in deep due diligence investigations is invaluable and can save a company monetarily, reputationally, regulatory fines and penalties, and even legally. Executive due diligence is very thorough and provides additional substantiation in fiduciary duty of care. A high-quality executive due diligence investigation can uncover essential information that a routine background check could never find.

Due Diligence Investigations, Tier I

A Tier I due diligence investigations is the most basic level. It incorporates the elements of a standard background check, but expands on this. Tier 1 due diligence checks both federal and county level criminal records and civil litigation history, professional licenses, bankruptcy filings, along with other public records. It also looks at anti-terrorist lists, anti-money laundering (AML), politically exposed persons (PEPs), OFAC and sanctions on over 1,700 global watch lists, and similar government listings from law enforcement and government agencies around the world. This level is suitable for mid-level executives.

Due Diligence Investigations, Tier II

Tier II incorporates everything in a Tier I due diligence, but takes a deeper dive into every aspect of public records information plus a negative keyword search of 40 million online digital articles, news media and other publications. Typically, this includes a basic 20 to 30 keywords search among other relevant data. It sits squarely in the middle of due diligence investigations and is far more suitable for senior executives than a background check. Tier II provides more than basic executive due diligence results but is not comprehensive due diligence.

How Can Companies Protect Themselves?

Tier III due diligence investigation, or deep dive due diligence investigation, includes everything in the prior levels, but is more robust and takes a comprehensive search regarding executive’s activities, and business history. At this level, it not only helps to reveal bad individuals or find bad actors, but can identify behavioral patterns which may indicate an inclination for sidestepping internal controls, or skating to close to ethical lines that leave a company open to future legal or reputational issues, should the individual’s behavior continue after they come aboard. These issues can vary dramatically and include: conflicts of interest either business or personal, breach of contract matters, litigious behavior, sexual harassment, anger-related issues, such as bullying or violence, to even being a fraudster. Or for example serious financial pressures, numerous collection accounts, or high tax liens, may indicate a drug habit or a history of gambling, tax avoidance, or mismanagement of monies. An undisclosed history may yield information on SEC type violations (in the USA or another country), time served in prison, fraud committed at a prior undisclosed company, undisclosed board involvement, ongoing civil litigation, or even involvement in other companies where serious crimes were committed. Some situations may be rationalized; others are red flags. When compounded with other issues, serious financial pressures can occasion unusual behaviors, even at the executive level. Would you be concerned if you were not aware of something like this that may have later repercussions to your company, or that you inherited when acquiring a company?

Some surprising findings uncovered by deep dive due diligence investigations include: money laundering and bribery, hidden aliases, undisclosed board involvement, SEC violations, IP theft, interstate bankruptcies, signs of malfeasance, misconduct (with or without criminal conviction), concealed criminal activity, media negatives, social media negatives, sexual harassment, class action lawsuits, murder and manslaughter, historical issues, undisclosed business ownership, money-laundering, embezzlement, bribery and racketeering, signs of malfeasance and/or misconduct, identification of fraudsters, and con-artists, and litigious or negative behaviors.

This enhanced due diligence, includes a deep search of online media that includes periodicals, newspapers, digital media, and other publications can uncover a great deal in regards to past behaviors and affiliations. It also searches the accessible portion of the dark web. In the case of an individual who has an international footprint, there may be in-country information that can only be found through local language and in-country searches.

The majority of this information can be found through a combination of publicly available records and skilled investigative analysis. 20% of information not found in routine background checks can put a company at risk in terms of identifying serious issues, for corporate compliance, good governance, and in keeping compromised individuals or bad actors from being onboarded.

An expert investigative firm will customize a deep due diligence investigation to your company, industry, and needs, to provide not only the results of the investigation, but recommended actionable steps, especially when there are issues that warrant further consideration such as involvement in other companies and other potential conflicts of interest.

See how infortal helps protect our clients

Tier III Addition: Deep Dive Due Diligence-Enhanced Country-Specific

When conducting business in a foreign locality, having global subsidiaries, undergoing Mergers and Acquisitions (M&A) in another country, or hiring or acquiring through M&A an overseas executive, a Tier III investigation should be supplemented with a country specific deep dive due diligence. These investigations should be conducted by professional investigators who can provide site visits, speak local languages, have local contacts, are familiar with the culture, and have the experience and expertise to seek information in these locations.

On a more basic level, what is socially, and sometimes legally, acceptable in one location, may in fact, be a legal issue in another.

In-country due diligence may be needed in some situations to gain “on the ground” business intelligence. When operating in a foreign domain, a business is still accountable for adhering to the FCPA and other applicable laws if they have management or financial activity providing a business or banking nexus through the USA.


The different approach Moderna could have used would have been to conduct a Tier III due diligence investigation into Jorge Gomez before bringing him onboard. A Tier III due diligence investigation would have uncovered his prior employer Dentsply Sirona’s issues and recent change of management at the very least raising questions.

The Most Significant Consequences of Insufficient Executive Due Diligence

According to common practice, a strong compliance program focuses on policies, employee training, books and records and internal controls, onboarding questionnaires and risk ranking of third parties, with a little investigative due diligence at the end. Company compliance programs are primarily driven by paperwork and training programs. Overall, the emphasis is on financial controls with due diligence coming in a distant second. It shouldn’t, but it does. This is because most due diligence programs apply legal due diligence on the front end and financial due diligence on the process side of things. Risk management due diligence, or human due diligence, and human intelligence, are often an afterthought if even that. In reality, human due diligence, or due diligence investigations are the main preventative tools in mitigating risk and evaluating the human side of the risk equation.

Due diligence investigations, including business and executive due diligence, is how a business can prevent many future problems, by vetting and screening executives and prospective or existing business partners, up front. The sooner this vetting is performed, the fewer problems a company will have with its internal controls. It’s one of the most important components that is often overlooked. Most companies today think of investigative due diligence or third party due diligence as a check the box exercise, which it shouldn’t be.

Insufficient, subpar, or neglect of due diligence can lead to substantial problems for a company. The simplest way to protect your company is by preventing fraudsters and con artists from gaining entrance to your business to begin with, rather than trying to find bad actors and rogue

players once they come aboard. To accomplish this, first a company needs to know what a proper due diligence investigation looks like and second, what are the significant consequences of insufficient due diligence. It is well known that 90% of FCPA violations occur because of third party issues, often involving bribery and corruption.


What a (Tier III) Due Diligence Investigation Is

Due diligence investigations are designed to detect hidden and undisclosed information that is not readily available in standard background checks. These deep dive due diligence investigations (a Tier III investigation) evaluate, among other markers: relationships of executives to foreign officials and other companies and entities, reputation issues, financial misconduct, legal issues, civil litigation issues, criminal history, political influence, conflicts of interest, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, behavioral issues, anti-competitive behaviors, and other serious matters.

A Tier III due diligence investigation or executive due diligence background check should be conducted by corporations on new executive hires and board members, or when an executive promotion occurs. Deep dive due diligence investigations are also critical when bringing aboard new entities through Mergers and Acquisitions (M&A); these can be conducted on the business entity itself, as well as the acquired key executive team. Executives will be in the highest positions of trust, a basic background check does not include any of these important searches, and therefore will not reveal these types of issues, however, effective executive due diligence investigations enable this information to be discovered, thus protecting the board and shareholders from unnecessary risk exposure.

This Tier III level due diligence investigation not only incorporates technology, such as incorporating Open Source Intelligence (OSINT), but is conducted by expert investigators who are skilled at triangulating complex and disjointed information, searching for hidden connections, and investigative analysis during which behavioral issues can come to light. The behavioral history of an individual can disclose observable patterns with type and frequency of issues such as, civil lawsuits, sexual harassment, class action lawsuits, fraud, and breach of contract matters.

These due diligence investigations become even more critical when doing business globally. Due diligence investigations when involving foreign entities need to be looked at relative to culture, along with location of executives and organizations. What can be considered socially or even legally acceptable in one nation, may be unacceptable and illegal in another. The Securities and Exchange Commission (SEC) and Department of Justice (DOJ) have joint enforcement authority of the Foreign Corrupt Practice Act (FCPA) to fight corruption. Many US-based multinational companies struggle to have employees understand how common business practices such as gift-giving and small facilitation payments may be considered corruption in the USA.

Significant Consequences of Insufficient Due Diligence

The consequences of not giving as much weight to due diligence investigations in a corporate compliance program can be grave.

Insufficient due diligence can lead to reputational damage, affect the bottom line, cause financial damages, or even lead to criminal convictions, incarceration of executives, and stiff regulatory fines and penalties.

Reputation Damage

Scandals can ravage brands, destroy careers, tank stock prices, and ruin lives. Insufficient executive due diligence allows individuals with harmful proclivities and histories an easier chance to be hired or work within your company where their external bad actions or their internal bad or illegal ones can do serious harm.

Just recently, the fashion house Balenciaga has come under fire for a holiday ad campaign with toddlers holding teddy bears in bondage gear. Backlash came immediately, the hashtag #boycottBalenciaga and #cancelBalenciaga trending on social media from TikTok to Twitter. Balenciaga and its creative director Denma have been accused of condoning child exploitation and pedophilia. Balenciaga has since pulled the ads, said they would hold internal and external investigations, and while the company did apologize, took no responsibility. Instead, they filed a $25M lawsuit blaming the third-party agency and set designer, whose representative stated her client is “being used as a scapegoat” and that “Everyone from Balenciaga was on the shoot and was present on every shot and worked on the edit of every image in post-production.” Business of Fashion withdrew its 2022 Global Voices Award to Denma. The Balenciaga store in Hollywood was graffitied. People are posting videos cutting up and tossing out their Balenciaga items. Adding fuel to the fire, a Spring 2023 ad by Balenciaga has been noted to have what appears to be a page from a court document of a Supreme Court case that “ruled on federal laws regarding child pornography.” Balenciaga’s current controversy showcases what can go wrong when scandal strikes.

Even when a company has no issues, if their board of directors, employees, executives, or partners are caught in a scandal, their customers, the media, and investors may treat with disfavor a business for having hired them in the first place and question their facility to manage their internal affairs and protect theirs.

Scandals can also affect company stock price. There may also be shareholder lawsuits, particularly if it has a negative impact on company valuation. Enron, the former energy company, whose stock shares reached a high of $90.75, fell to 26 cents around the time the company declared bankruptcy in 2001. Shareholders lost close to $75 billion.


Some recent corporate and individual bad actors that serve as warnings include: Elizabeth Holmes, Martin Shkreli, Harry Weinstein, Volkswagen’s emissions scandal, Stericycle, and Enron, to name a few.

Due diligence investigations (and the decision to act on them) could have made all the difference in every one of these cases.

Affects Bottomline

Culture starts top down in companies. The executives set the tone. When fraudsters and con artists, or unethical people are hired, it can have a highly negative impact on productivity, fairness, teamwork, core business, customers, and the bottom line. Executives and other individuals may have impressive names on their CV or resume, but if they have poor work ethics, showcase litigious behavior, bullying, harassment, gambling or drug and alcohol problems, or other behavioral issues, the morale, trust, and outlook of employees and customers may be negatively impacted. Integrity and good work ethic should be critical for every executive hire. A Tier III due diligence investigation can help assess this and reveal hidden or undisclosed issues.

Corporate Fines

The Foreign Corrupt Practice Act (FCPA) contains both anti-bribery and accounting provisions. FCPA violations have increased over the last few years, with some COVID-19 related slow down. In 2019, FCPA enforcements rose to $2.65 billion in penalties, an all-time high. 2020 FCPA enforcements rose again to $2.78 billion. That same year also saw the largest singular FCPA fine against a company at $1.6 billion.

Financial damages can be punitive and personal. Additional penalties include: injunctions, forfeiture of associated profits, forfeiture of assets, and suspension (or in some instances banning) from doing business with the government.

As of September 2022, FCPA enforcements for just three companies Stericycle, Inc., South Korea’s KT Corporation, and Tenaris the Luxembourg totaled about $189.3 million and there are over 100 open and on-going FCPA investigations.


For almost twenty years, Bernie Madoff ran a Ponzi scheme defrauding investment clients of billions of dollars. He was convicted of 11 federal crimes and sentenced to 150 years in prison and restitution of $170 billion.

This year, Elizabeth Holmes, whose company Theranos was once valued at over $9 billion was convicted on 4 counts of fraud in a federal court and was sentenced to 11 years and three months in prison. Her one-time romantic partner and Theranos executive Ramesh “Sunny” Balwani was convicted on 12 counts of fraud and awaits sentencing. All of these executives had prior issues that could have been evaluated by investors had they conducted executive due diligence investigations. Smart investors did conduct legal, financial, and investigative due diligence and were able to steer clear of the disasters left in the wake of these fraudulent executives.

Due Diligence Investigations Mitigate Corporate Risk

Due diligence investigations are vital in aiding companies in foreseeing and mitigating risk and minimizing corporate liability exposure. Rather than being tacked on at the end of a compliance program, it should be a serious part of all regulatory compliance efforts.

Companies should not rely on executive recruiting firms to conduct due diligence investigations. Most only conduct only basic background checks and reference interviews which is insufficient due diligence. Today federal regulators at the DoJ and SEC are well aware of the differences.

Tier III due diligence safeguards the interests of the company, board, employees, and stakeholders. Due diligence investigations, also benefit corporate governance programs, FCPA compliance, Sarbanes Oxley (SOX) compliance and minimizes liability exposures from possible future inappropriate activities and crime. These human due diligence investigations add fiduciary protections for corporate board of directors, especially for publicly traded companies

Preventing bad actors and unethical individuals from entering your business to begin with, safeguards your company from the start, so there will be fewer control issues later. Due diligence investigations should stop being an afterthought in corporate compliance programs, but rather, something you lead with.

FCPA Recidivists and Due Diligence Investigations


According to FCPA tracker data, there are around 100 Foreign Corrupt Practices Act (FCPA) investigations ongoing as of August 2022, with 20 new investigations disclosed since the beginning of 2020. A recent report on FCPA Blog, notes that of these 20 newly-disclosed investigations, three of the companies, or 15%, were involved in prior FCPA enforcement actions.

What accounts for this recidivism in FCPA offenders and how can due diligence investigations protect companies from repeat offenses?

FCPA Recidivists

It would seem that going through an investigation by the Department of Justice (DOJ), Security and Exchange Commission (SEC), or other investigative agency, would inspire a company to put its ethical house in order. However, as reported by the FCPA Professor blog in a June 6, 2022 post, “19 companies have resolved FCPA enforcement actions – not once – but twice.” Ten of these instances happened since 2017.

The List

Tenaris with enforcement actions of $78.1 million in 2021 for conduct in Brazil and an $8.9 million enforcement action in 2011 for conduct in Uzbekistan.

Credit Suisse with a $99 million enforcement action for financial deals in Mozambique in 2021 and in 2018 for hiring practices in China and the Asia Pacific region with a $77 million enforcement action.

Deutsche Bank had enforcement actions in 2021 and 2019 of $123 million and $16.2 million, respectively. The 2021 enforcement focused on the bank’s relationship with third parties in Saudi Arabia, Italy, China, and Abu Dhabi. And in 2019, enforcement concerned employment of foreign government officials’ relatives in Russian and the Asia Pacific Region.

Novartis settled a $347 million enforcement action in 2020 for misconduct in Vietnam, South Korea, and Greece and in 2016 had a $25 million enforcement action over its conduct in China.

Eni in 2020 resolved a $24.5 million enforcement action regarding its conduct in Algeria. While in 2010, the company’s conduct in Nigeria resulted in a $125 million enforcement action.

Technip received a $87 million enforcement action with regards to its conduct in Iraq and Brazil in 2019 and a $340 million enforcement action for its actions in Nigeria in 2010.

Stryker received enforcement actions in 2018 for conduct in China, India, and Kuwait at $7.8 million after a prior $13.2 million settlement only 5 years prior in 2013 for its conduct in Argentina, Romania, Poland, Greece, and Mexico.

Halliburton resolved a $29.2 million enforcement action with regards to its conduct in Angola in 2017. In 2009 the company had a combined DOJ-SEC $177 million settlement regarding its misconduct in Nigeria.

Biomet in 2017 settled a $30.4 million enforcement action regarding company conduct in Mexico and Brazil, and in 2012 a $22.8 million enforcement for conduct in Argentina, China, and again Brazil.

Orthofix resolved a $6 million enforcement action for conduct in Brazil in 2017 and in 2012, five years prior, a $7.4 million enforcement for its conduct in Mexico.

Goodyear had some bad years as in 2015 it reached a $16 million settlement concerning its conduct in Angola and Kenya and in 1989, it resolved an enforcement action with regards to conduct in Iraq.

Marubeni in 2014 resolved a $88 million enforcement action concerning its conduct in Indonesia and only two years before a $55 million enforcement action with regards to its conduct in Nigeria.

Tyco reached a $26.8 million enforcement settlement in 2012 with regards to conduct in India, Thailand, China, Bosnia, Indonesia, Poland, Croatia, Slovenia, Slovakia, Servia, Saudi Arabia, Iran, Syria, Libya, the United Arab Emirates, Congo. Madagascar. Niger, Malaysia, Egypt, and Turkey. While, in 2016 it received a $50 million enforcement action for conduct in Brazil, the majority of which was an accounting fraud enforcement, the smaller portion involving FCPA violations.

IMB in 2011 settled a $10 million enforcement for conduct in China and South Korea and had a cease-and-desist order imposed in 2000 concerning conduct in Argentina.

General Electric reached a $23.3 million settlement in 2010 regarding its conduct in Iraq and in 1992 a $9.5 million settlement for its conduct Israel and related FCPA charges.

ABB in 2010 settled for $58.3 million for conduct in Iraq and Mexico and in 2004 reached a $16.4 million settlement for its actions in Angola, Kazakhstan, and Nigeria.

Alcatel-Lucent S.A. reached a $137.4 million settlement in 2010 for its actions in Honduras, Taiwan, Malaysia, Costa Rica, Bangladesh, Ecuador, Nigeria, Kenya, Mali, Uganda, Angola, Burkina Faso, and the Ivory Coast. In 2007, the company received a $2.5 million enforcement for its conduct in China.

Aibel Group Ltd./Vetco Gray Ltd. UK settled in 2008 for $4.2 million regarding conduct in Nigeria and in 2007 for $26 million for its actions in the same country.

Baker Hughes in 2007 received a $44 million enforcement action for its actions in Angola, Nigeria, Indonesia, Uzbekistan, Kazakhstan, and Russia, while in 2001 received a cease-and-desist order for its conduct in Brazil, India, and Indonesia.

What to Make of Repeat Offenders

This is a more complicated matter than it seems at first. The FCPA Professor blog notes that “several instances of corporate FCPA repeat offenders involve companies whose first FCPA enforcement action (as well as second) was resolved via an NPA or DPA,” and that while the DOJ has “advanced the policy position that DPAs (and NPAs) ‘have had a truly transformative effect on particular companies and, more generally, on corporate culture across the globe,’” the answer is unclear. The DOJ themselves wrote in its Final Follow-Up to Phase 3 Report and Recommendations:

“Scholars have recognized that quantifying deterrence is extremely difficult. This is equally true for the deterrent effect of DPAs and NPAs. Thus, as discussed at the time this recommendation was made, measuring ‘the impact of NPAs and DPAs in deterring the bribery of foreign public officials’ would be a difficult task, save providing certain anecdotal and other circumstantial evidence.”

Companies that have reached a resolution for prior FCPA enforcement are usually subject to post-enforcement action compliance obligations, but in spite of these strictures, vulnerabilities to future breaches remain.

What Companies Can Do

The best protection for any business is a robust compliance program with a strong due diligence investigation component. Legal and financial due diligence alone will not prevent many of these FCPA violations from occurring. Along with this, making hiring for integrity, starting with C-Suite and executives all the way throughout the company helps ensure that company culture is one of integrity. Executive due diligence will provide critical due diligence information, lifestyle, and behavioral issues that cannot be found by other means. Dealing with “bad actors” once they are inside a company is more difficult than keeping them out to begin with.

The Role of Due Diligence

After an FCPA resolution, companies clean house of those who were central to the misconduct. When issues recur it either means that individuals were missed or came aboard after the fact without sufficient due diligence to check key areas of risk exposure. This can happen through hiring, M&A, or even through other business partnerships. Due diligence investigations evaluate relationships of executives to foreign officials, criminal history, financial and legal issues, civil litigation issues, relationships with other companies and entities, reputation issues, shell company involvement, evidence of fraud, signs of money laundering, financial impropriety, conflicts of interest, drug, alcohol and human trafficking, anti-competitive behaviors and numerous other serious issues. These executive due diligence investigations need to be looked at in relation to the culture and location of the executives and organizations as well. When doing business or operating in a foreign domain, businesses are still liable to adhere to FCPA and other applicable laws and regulations.

Many questions are raised when looking for a cause for recidivists and ways to mitigate repeat behavior, and while there is no silver bullet solution, weeding out “bad actors and rogue players” from your company and partnerships, preventing them from coming aboard to begin with, and enacting a culture of integrity, are a critical foundation for all businesses.