In practical terms it is defined as the verification and investigation of the information that someone provides (person or company), to make a decision. Such verification must be done against independent and reliable sources. And make sure that the information handled is up to date; otherwise false positives may occur.
Due diligence must be applied prior to entering into any contractual relationship; to any potential client, employee or third party (supplier, agent, representative, etc.) that will be related to the company.
To execute the due diligence is necessary several areas of the company. In general terms the Compliance area or Compliance Officer should be in charge of it; but this will depend on the size and detail that each company has.
Due diligence starts with the "KYC" (Know your customer) or "KYE" (Know your employee) or "KYT" (Know your third party) where the area that has direct contact physically knows the person and collects the information necessary and sufficient to make sure that person or company is who it claims to be.
There are 3 types of due diligence: the "normal", the extended or improved and the simplified. The difference between these is the degree of detail in the information being requested, as well as to whom it is applied. For example: generally companies categorize customers based on the risk they represent in: high, medium and low.
In the case of high-risk clients, evidently companies require more information in order to mitigate the risk... therefore the extended or improved due diligence is applied. Whereas low-risk customers there is no need to request certain documentation so, simplified due diligence is applied. Depending on the regulations of the country, a guide can be found on when they are applied and in which sectors. It started as an essential requirement for the financial sector but in the fight against money laundering, it has spread to other industries.
At all times it is important to remember that the risks are dynamic and as such, periodic evaluations must have to carry out. Because what yesterday was high risk, today can not necessarily be and vice versa. And above all, it is necessary that the company has the documentation support, the evidence to prove which source has been used to carry out such decisions.
Also, for new clients, applying due diligence can help us categorize the level of risk they hold for the company. Therefore, due diligence is not another administrative process... it is the key to preventing and mitigating risks. And avoid fines and damage to the reputation of companies.