A short list of the main checks businesses should complete before onboarding a third party.

Third-Party Due Diligence: What Businesses Should Check Before Entering a Relationship

Investigative Uncertainty
April 22, 20263 min read

Third-party due diligence is no longer a procurement formality. For manyorganisations, it is a frontline control for fraud risk, corruption risk, financial crime exposure, legal liability, and reputational harm.

Whether the relationship involves a supplier, distributor, consultant, referral partner, service provider, joint venture participant, or acquisition target, the core issue is the same: do you actually understand who you are dealing with, how they operate, and what risks they may bring into your business?

What third-party due diligence is designed to answer

Good third-party due diligence is designed to answer a practical set of questions:

  • Who owns and controls the entity?

  • Who are the directors, officers, and key decision-makers?

  • Is the business financially stable?

  • Are there red flags in litigation, insolvency, enforcement, sanctions, or adverse media?

  • Does the third party operate in a higher-risk jurisdiction, sector, or transaction type?

  • Can the organisation explain why the relationship is commercially and ethically acceptable?

If these questions are not answered properly at onboarding, the risk is often discovered later, when the organisation is already exposed.

The core checks that matter most

1. Identity and legal existence

Start with the basics. Confirm the legal entity name, registration details, place of incorporation, business addresses, and trading identity. This sounds obvious, but errors at this level can corrupt the rest of the due diligence process.

2. Ownership and control

A business relationship should not proceed on the basis of surface-level entity details alone. You need to understand who ultimately owns or controls the entity. That includes beneficial ownership, parent structures, nominee arrangements where identifiable, and whether control sits with an individual, family network, political actor, or another business group.

3. Directors, officers, and key associates

Directorships, executive roles, related entities, and known associates can reveal patterns of risk that are not visible from a simple company extract. This is particularly important in higher-risk markets, public sector exposed transactions, and businesses with complex cross-border relationships.

4. Financial and commercial indicators

Where appropriate, check solvency history, court actions, defaults, insolvency records, secured interests, asset position, or other available financial indicators. A business that looks operationally attractive may still present serious counterparty risk.

5. Regulatory, sanctions, and adverse information checks

A robust screening process should consider regulatory actions, enforcement history, sanctions exposure, watchlists where relevant, and credible adverse information. One result alone may not determine the outcome, but patterns matter.

6. Relationship-specific risk

Not all third-party due diligence should be identical. A low-value domestic supplier should not necessarily be assessed the same way as a politically connected intermediary, overseas consultant, merger target, or revenue-sharing partner. The scope should match the risk.

When consent-based due diligence adds value

Where the subject is aware of the process and willing to participate, due diligence can be significantly strengthened. Consent-based approaches can allow records, explanations, supporting documents, and clarifications to be obtained directly from the subject in the first phase, followed by corroboration and deeper analysis.

That can be particularly useful in recruitment, sensitive appointments, investor relationships, or major business transactions where trust and transparency matter.

Common failures in third-party due diligence

Businesses often weaken their own process by:

  • relying only on basic company extracts

  • failing to look through ownership layers

  • treating all vendors as the same risk level

  • skipping checks where the relationship feels urgent or commercially attractive

  • documenting the outcome poorly

The result is a process that appears compliant but does not genuinely reduce risk.

Final word

Third-party due diligence should help decision-makers understand the real risk of the relationship, not just tick an onboarding box. A strong process combines identity checks, ownership analysis, financial indicators, screening, and context-specific assessment.

The goal is not endless investigation. It is proportionate confidence. Before entering a relationship that can expose your organisation financially, legally, or reputationally, make sure you know who is really on the other side of the table.

vendor due diligencebusiness due diligence checksKYB checksUBO checksthird-party risk assessment
Daniel Baulch is the founder of Integrity Solve and an experienced investigations, governance, risk and compliance executive. He writes on AML implementation, financial crime risk, investigative capability, and practical compliance frameworks for business and government.

Daniel Baulch

Daniel Baulch is the founder of Integrity Solve and an experienced investigations, governance, risk and compliance executive. He writes on AML implementation, financial crime risk, investigative capability, and practical compliance frameworks for business and government.

LinkedIn logo icon
Back to Blog