Due Diligence
A thorough investigation and verification process carried out before entering a business relationship, contract, or transaction - to confirm all claims are accurate and all compliance obligations are met.
For business owners, operations managers & HR teamsWhat is Due Diligence?
Due diligence is the process of investigating, verifying, and confirming material facts about a business, individual, or transaction before making a decision or entering a binding relationship. In compliance management, it means verifying that the people and organisations you work with are who they say they are, hold the qualifications they claim, carry the required insurance, and are operating within the law.
Many legal systems recognise a "due diligence defence" in regulatory contexts: demonstrating that you took all reasonable precautions and exercised due diligence can be a complete or partial defence to prosecution under consumer protection, food safety, and health and safety legislation. The defence only works if the due diligence was genuine, documented, and proportionate.
For businesses that engage contractors, hire staff, take on clients, or enter commercial contracts, compliance due diligence means systematically checking: do they hold valid licences? Is their insurance current? Are their certifications valid? Is there any regulatory history that affects the relationship? And is all of this documented?
Key Elements
Identity Verification
Confirming a business or individual is who they claim to be. For companies: corporate registry verification, tax identification confirmation. For individuals: identity documents, background checks, work authorisation verification.Licence and Certification Verification
Confirming all required licences are held and current. For contractors: trade registrations, professional body memberships, specialist competency certifications. For businesses: sector licences, ISO certifications, regulatory registrations.Insurance Verification
Checking that insurance certificates are current, cover the relevant activities, and meet minimum requirements. Must be done at initial engagement and on each renewal - an old certificate is not evidence of current cover.Financial Due Diligence
For significant contracts or partnerships: credit checks, review of published accounts, evidence of financial stability. A supplier that goes insolvent mid-contract creates operational and financial exposure.Regulatory History
Checking whether a contractor or supplier has a history of regulatory enforcement, improvement notices, data protection investigations, or criminal convictions relevant to their work.Real-World Example
A school engages a cleaning contractor without carrying out compliance due diligence. Eight months into the contract, a cleaning chemical is mishandled, injuring a student. Investigation reveals the contractor had no public liability insurance, and two of their staff had no background checks.
The school faces: a workplace safety investigation for failure to manage a contractor's health and safety competence; potential civil liability for the injury; possible safeguarding concerns due to the absence of background checks; and reputational damage. Compliance due diligence - requesting and verifying insurance and background check certificates before contract award, and tracking renewals - would have identified both deficiencies. The school's failure to perform due diligence means it cannot rely on the due diligence defence.
Watch Out For
Checking once but not monitoring
Due diligence at onboarding is a starting point, not a complete programme. A contractor who was fully compliant in January may have lapsed insurance by September. Ongoing monitoring of expiry dates is required to maintain the due diligence defence throughout the relationship.Accepting self-certification without verification
A contractor saying "yes, we're insured" is not due diligence. Evidence must be verified - the certificate of insurance checked, registration numbers confirmed on the relevant official register, and background check certificates examined for date and disclosure level.How to Use This in Your Favour
Document every check and its outcome
Due diligence is only a legal defence if it can be evidenced. Record what you checked, when, who checked it, what evidence was provided, and what decision was made. A compliance platform that automatically logs document submissions and approvals does this without manual effort.Make due diligence part of your procurement process
Embed compliance document submission into your contractor onboarding workflow: no insurance certificate, no contract. This is not just risk management - it also improves the quality of your supply chain by filtering out contractors who cannot demonstrate basic compliance.Frequently Asked Questions
What is the due diligence defence?
The due diligence defence is a statutory or common law defence available in certain regulatory proceedings in many jurisdictions - typically under consumer protection, food safety, and health and safety legislation. It allows a business to avoid criminal liability if it can prove it took all reasonable precautions and exercised all due diligence to avoid the offence. Regulators also consider evidence of due diligence when deciding whether to prosecute and when determining penalties. The defence is proportionate: more complex or higher-risk activities require more rigorous due diligence.
How often should I carry out compliance due diligence on contractors?
At initial engagement, and then on each anniversary of the relationship or whenever a key document (insurance, certification, licence) approaches expiry. Practically, this means tracking expiry dates for all key contractor documents and re-requesting updated evidence before each expires. For high-risk contractors (those working in safety-critical environments, with vulnerable people, or on high-value contracts), quarterly verification is prudent.
What documents should I collect for supplier due diligence?
The minimum for most businesses: current employer liability insurance certificate (if required in your jurisdiction); current public liability insurance certificate; professional indemnity insurance (for advisory or professional services); any sector-specific licences and trade registrations; relevant staff certifications; and corporate identity verification. High-value or high-risk suppliers may additionally require financial accounts, safety pre-qualification accreditation, and ISO certifications.