How to Record Due Diligence

How to Record Due Diligence

Almost all businesses in the UK have practices and systems that they must adhere to. These can be set out in legislation and regulations both in terms of general business practices and industry-specific compliance issues. And in almost every case, not only does your business need to comply with these laws and regulations, but you also need to be able to prove it.

Being able to provide this proof is known as demonstrating due diligence. And it can be incredibly complex.

What does demonstrating Due Diligence entail?

To be able to demonstrate due diligence you must be able to show evidence that proves you did everything in your power to ensure you were following the law at all times. The evidence must support the idea that any errors or incidents that took place resulting in a breach of legislation were not down to your failure to uphold your responsibilities.

What is Due Diligence?

Due diligence is taking all reasonable steps to prevent a regulatory or legislative breach. What constitutes due diligence is generally spelt out precisely within the relevant Act or regulation. Food safety is our bread and butter, so we will use the food industry as an example of what exactly due diligence defence can include.

The Food Safety Act states a due diligence defence exists when a business has:

  • Carried out reasonable checks, or could reasonably rely on a supplier to have done so
  • No offence or act was committed by someone under the control of the business
  • There was no reasonable expectation that an action or omission would result in an offence.

What’s the purpose of Due Diligence?

Due diligence requirements are dual purpose. First, they are designed to prevent a breach in the first place. By putting in place controls, measures and recording practices businesses automatically gain tighter control, maximum oversight and deeper insight into their operations.

The second purpose of recording due diligence is to provide a legal defence in the event of a breach. This is not only essential in terms of protecting your business but is often a condition of liability insurers.

How do you prove Due Diligence?

Proving due diligence requires thorough record-keeping and remaining fully up-to-date with all regulatory and legislative changes. The type of record-keeping will vary depending on your industry and the legal framework to which you must comply.

Examples include:

Risk Assessments

Risk assessments are the process of evaluating and analysing a particular risk to identify controls and measures that must be taken to mitigate or eliminate it.

Policies, Controls and Procedures

Following a risk assessment, the data should be used to inform and develop a set of policies, control and procedures that ensure risks are managed and eliminated wherever possible. This can include issues surrounding Health and Safety, employment issues, third-party risk and a whole host of other types of controls and policies that must be implemented.

Customer and Supplier Data

GDPR makes it clear that all businesses must be compliant with eliminating risk to data and privacy breaches, data capture and storage and the transfer of sensitive information.

Training Records

In many cases, employee and leadership training is a fundamental part of the due diligence process. Providing the necessary proof that training has been provided, completed and updated wherever necessary is essential.

Supplier and Customer Identify Information

Customer due diligence and supplier due diligence are a series of checks businesses should undertake to verify the identities of the people they do business with. The purpose is to manage the reputational and legal risk of being guilty of illegal practices by association.

Records of Test Results

Where there are legislative controls on the content or quality of products, businesses must record testing procedures and the results of such tests to prove all reasonable steps were taken to ensure quality control.

UK-standard and industry-specific Health and Safety Procedures

Almost all businesses have health and safety responsibilities to their employees, the public and their customers. Ensuring you have a robust due diligence process is often a coverage requirement of liability insurers.

Awareness is Key

It’s your business’s responsibility to seek awareness of all relevant legal or regulatory demands placed upon your organisation. Then you must take responsibility for collating all the relevant evidence and setting up systems to record and audit it. Due diligence can be complex, and time-consuming and the potential for human error is high. The price of inadequate record keeping is a due diligence defence that falls under scrutiny.

A system that can help your business track, analyse and record all due diligence requirements will provide you with peace of mind. Additionally, you can get real-time alerts and analyses to ensure all aspects of due diligence are continuously up-to-date. Email or call 0800 999 1303 to discover how we can help.