Due Diligence: KYB and KYC for safer clients and companies

People checking documentation with a laptop


    icon newsletter
    Get the latest news right in your inbox

    Due Diligence refers to an investigation process prior to and necessary to any contractual agreement between two entities and is usually carried out on a regular basis in certain areas such as financial, commercial, for compliance needs, the operations function or even environmental impact.

    The nature and application of the process vary depending on the sector, area or operation. However, getting to know the identity of the individuals and legal entities involved in a deal is critical and is critical in any case and wherever a due diligence process takes place. 

    In the following, we will discuss the concept of Due Diligence and its meaning. In addition, we will go into detail about how it is performed, why it is necessary, and how it is linked to the Know Your Customer (KYC) and Know Your Business (KYB) processes.

    What is Due Diligence?

    Due Diligence is a process where an individual person or a legal entity, company or organization is investigated prior to establishing any type of contractual relationship or agreement with it, whether it is to make any type of investment, merger or acquisition with the company in question or to start a business relationship with a potential partner or client. 

    The task of Due Diligence, also known as "legal audit" or "purchase audit" in very specific cases, lies above all in understanding the current situation of the subject and making inquiries in relation to security, possible fraud arising from an agreement with it, legal terms or anomalous financial situations. Although we find that this term is more commonly used in B2B environments and between companies where large investments of money are usually made or risky decisions are taken, it is also applied in B2C environments when incorporating new clients.

    Sometimes, due diligence occurs as a legal obligation, since certain regional, national and international rules, regulations, directives and laws require controls on certain companies in a sector or on certain types of transactions between parties. However, the exercise of due diligence generally takes place on a voluntary basis, being a common practice of most businesses to avoid risk. The benefits of developing these procedures far exceed the investment in resources and time required, which is becoming less and fewer thanks to better platforms with innovative technology.

    We do not always have complete information about the company or subject that will be involved in the transaction or agreement. The fact that the latter has previously carried out some activity that may have reputational, economic and legal repercussions on our own after the start of the contractual relationship is a risk that businesses and organizations cannot assume.

    That is why due diligence processes are performed to ensure that the relationship between two parties starts under a framework of trust, security and guarantees. With this in mind, we can also define Due Diligence as the gathering of information, its verification and ratification to build a risk assessment for a relationship between two or more parties.

    Customer Due Diligence and KYC Processes

    Customer Due Diligence (CDD) is the term used to refer to the controls that companies put in place when onboarding their customers, especially in those where the risk of money laundering when contracting their products or services is higher.

    This process - also known as Client Due Diligence (CDD) - consists of several types of controls. The first one is the Know Your Customer (KYC), which is often confused with Client Due Diligence, which encompasses all of them. Subsequently, the performance of certain AML (Anti-Money Laundering) controls will ensure that the potential customer is not trying to launder money by contracting our products.

    KYC focuses on determining that the customer is who they say they are, eliminating identity fraud and helping the business comply with the most stringent regulations in their industry in order to onboard new users.

    On the other hand, the AML tries to generate a risk score to decide whether the client is suitable to use the company's services. This is usually more common in companies in the financial, banking, insurance or real estate industries.

    Discover Tecalis tools for Due Diligence procedures of any kind

    Due Diligence and KYB processes

    KYB (Know Your Business) and due diligence are often confused with each other. While the former tries to establish a guarantor relationship and promises instantaneousness to establish any kind of initial relationship, the latter includes the former and goes on to obtain detailed information on certain aspects of the subject to be investigated.

    In either case, the technologies used for the different objectives are the same, based on certified communications, electronic signatures or anti-fraud controls. Performing a due diligence process under blockchain standards and with full traceability ensures that it is valid and is not being tampered with.

    A representative example of confluence between KYB and all appropriate due diligence controls is that of an acquisition, where a potential buyer performs an evaluation of the company being offered.

    With the rise of hiring freelancers, freelancers and companies as suppliers, especially remotely regardless of distance, KYB is playing a very important role in allowing companies that need reliable and quality suppliers to be able to find them and work with them without fear of any complications or non-compliance.

    In many markets, there has been a great evolution of alliances and partnerships to create synergies that result in the growth not only of the two allied companies but also of the entire industry. This boom has led Due Diligence and KYB to work together to make them solid, stable and secure from minute one.

    Types of Due Diligence: Expanded or reinforced measures

    KYC and KYB processes and their consequent application are essential measures to perform due diligence in a compliant manner, guaranteeing the minimum security levels required. 

    The levels vary according to the degree of security required for each operation, or even sector, and according to the risks assessed. The higher the risk, the more intensified the measures to be adopted. Thus, we can speak of 3 different levels for Due Diligence processes:

    Simplified Due Diligence

    Simplified due diligence is, among the three possible levels, the most basic. This is usually performed when, after a very brief and simple prior investigation, the risk of concealed activities related to money laundering or other criminal activities is considered to be particularly low.

    These processes are usually related to Customer Due Diligence (CDD), customer due diligence, in which no transactions involving large amounts or other types of insurance services, for example, are to be carried out.

    Also, in B2B environments, when the subject to be investigated, for example, is a public company, an institutional body or a listed company. Sufficient credentials to consider that the risk is low and, therefore, to investigate in a more superficial way.

    Enhanced Due Diligence (EDD)

    In the Enhanced Due Diligence (EDD) or enhanced customer due diligence process, data will not only be acquired in case any kind of inconvenience arises after the signing of an agreement or the start of a contractual or commercial relationship, but it will also be retained and verified with public and private listings.

    This is where all the exhaustive AML controls and even investigations related to possible financing of terrorism (CFT) come into play. This procedure delves into the financial capacity of the organization, whether it is on the PEP or related sanctions lists, its indebtedness to third parties or even factors in the personal life of the company's directors (appearances in the digital press).

    This is usually the most common of the three types to be applied due to its versatility, great response capacity and compliance with the regulations that require it. It is the control to be applied when, for example, more than €15,000 in deposits are to be deposited.

    Intensified Due Diligence

    Intensified Due Diligence is usually performed in high-risk transactions. It is performed on a voluntary basis, especially in acquisitions or large deals that are of vital importance to the survival of the organization in the event of a mishap arising from anomalous activities.

    Intensified due diligence investigations are conducted, in particular, in the following cases:

    • Transactions exceeding $100,000 in cash and $200,000 in financial transactions of any kind.
    • Multiple transactions that exceed the above amounts in their entirety in a period of less than one year.
    • When the investigated party is foreign and comes from regions that do not apply or require compliance with FATF-FATF recommendations.
    • Politically Exposed Persons (PEP).
    • Companies with bearer or limited shares with little information available about them.

    Intensified due diligence is also known as enhanced due diligence (EDD) processes that extend over time even after signing. This is known as continuous monitoring and is a periodic development of the EDD investigations, as opposed to the EDD where they are generally performed only once.

    Legal Due Diligence is the same process with a focus on regulatory compliance of the investigated. We have seen that investigations focus on all areas: identity, finance, behavior, press... but certain operations demand tailored due diligence to see if the agency in question is complying with the rules of, for example, a particular market or if it will be able to do so.

    Let's take an illustrative example: One company wants to acquire another. The acquirer wants to close the deal primarily to expand into the second company's market and, additionally, to distribute the second company's products and services in its home market. Here, legal due diligence will delve into how the company is performing its processes in order to comply with the regulations that would allow it to do this in both markets. If not, the ability to quickly and inexpensively transform its processes so that they comply with the regulations of the market in question, and thus be able to operate in that market, would also be analyzed.

    Due diligence focused on compliance or legal due diligence delves into this aspect. That is why having a RegTech consultant for due diligence processes is crucial.

    How to perform due diligence and the role of SMEs in it

    Due diligence should ultimately be done by external consulting firms or auditors. This will ensure impartiality, independence and professionalism in a bilateral process.

    Relying on a trusted third party or trust services provider to examine in depth the aspects that we have developed throughout this article and that is part of the due diligence is fundamental to creating trust and guarantees.

    In the case of SMEs, which do not usually have large compliance, financial or operations departments with time to devote to these tasks, it is even more noticeable. The procedure, for a specialist partner, can take as long as two to three weeks (although this time can be greatly shortened if current digital platforms compatible with due diligence are used)

    These companies will create a due diligence checklist that will include the steps to be followed to carry out the necessary investigations, the technologies or platforms to be used to achieve the objectives of these investigations and the means to store, process and verify the information obtained.

    Due Diligence Checklist 

    When performing Due Diligence, companies can apply the security measures that are most appropriate for each project based on the assessment of the perceived risk. However, such self-regulation carried out by companies independently is framed within a common regulation to which all processes must be adapted.

    The most common sources of information from which data will be obtained in due diligence processes may be the following:

    • Public census of public administrations.
    • Open data from non-governmental organizations or independent reporting institutions.
    • PEP lists and sanctioned lists issued by ministries or public agencies.
    • Available digital press and public information on the web.
    • Open court rulings.

    Reduce your due diligence processes by 50%

    Newsletter icon

    Get the latest news right in your inbox


    Trust, identity and automation services

    Tecalis creates disruptive digital product to make the most innovative companies grow and evolve. We drive growth and digital transformation processes to bring the future to businesses today.

    KYC (Know Your Customer) Video Identity Verification, Digital Onboarding and Authentication (MFA/2FA) solutions and services enable our customers to provide their users with an agile and secure experience.

    Our RPA (Robot Process Automation) software enables the creation of sustainable, scalable, productive and efficient business models through BPM (Business Process Management), allowing unlimited growth.


    Advanced and Qualified Electronic Signature and Certified Communication services (Electronic Burofax) allow customer acquisition, contracting and acceptance processes that used to take days or weeks to be completed and approved in minutes or seconds.

    Customer Onboarding (eKYC), Digital Signature (eSignature) services and Automated Fraud Prevention are making it possible for companies to operate online and without borders.


    As an EU-certified Trust Services Provider and an established RegTech partner, we help organizations comply with the most demanding regulatory standards in their sector and region, including AML (Anti-Money Laundering), eIDAS (Electronic IDentification, Authentication and etrust Services), GDPR (General Data Protection Regulation), SCA (Strong Customer Authentication) or PSD2 (Payment Services Directive) regulations thanks to Tecalis Anti-Fraud Controls and Document Verification.