Investment Due Diligence Checklist 2026: Financial, Legal, Operational and People Due Diligence
Reading time: 22 minutes
What this guide covers: Investment due diligence is the pre-close evidential process by which investors verify financial performance, legal standing, operational health and counterparty integrity before committing capital. This guide covers the seven workstreams of a complete investment due diligence checklist, the four pillars framework, the documents required, the red flags that kill deals, and the people screening layer that institutional investors increasingly treat as non-negotiable.
What investment DD isThe four pillars7-workstream checklistFinancial DDOperational DDPeople DD & OSINTRed flagsDD by asset classProcess & timelineDD costsCommon mistakesHow Neotas helpsGlossaryFAQs
- A complete investment due diligence file covers 7 workstreams: financial, legal & regulatory, commercial, operational, people & integrity, technology & IP, and ESG.
- The 4 P’s framework (People, Performance, Philosophy, Process) is the standard structure for fund-level DD on PE and hedge fund managers.
- The people workstream is the most consistently under-resourced and the most likely to surface undisclosed findings. Background screening, OSINT and UBO verification are the standard checks.
- For SEC-registered advisers, the DD file is a regulatory artefact under Rule 206(4)-7. For UK firms, FCA SYSC 8 generates equivalent obligations.
What is investment due diligence?
Investment due diligence is the pre-close investigation that verifies what a seller, target company or fund manager has represented about a business or investment opportunity. It tests the financial statements against documentary evidence, identifies legal and regulatory exposure, examines the operating model, screens the people behind the deal, and produces a documented record that supports the investment decision. Done properly, it is the gap between an investment thesis and an investment commitment.
The process exists for two reasons. The first is commercial: investors who skip diligence price deals incorrectly and overpay. The second is regulatory: SEC-registered investment advisers operating under Rule 206(4)-7 of the Investment Advisers Act of 1940 are required to maintain written policies on service-provider and counterparty oversight, and UK firms regulated under FCA SYSC 8 face equivalent obligations. A documented due diligence file is now the basic compliance artefact regulators expect to see during an examination.
One observation that surprises new deal teams: the workstream most often blamed for post-close value destruction is not financial. Bain’s 2025 research found that operational and commercial risks accounted for the majority of deal disappointments, with people-related issues a close third. The financial workstream is the most heavily resourced and the one least likely to fail. The under-resourced workstreams are where deals quietly go wrong.
Key takeaways
- Investment due diligence is an evidential exercise. The deliverable is a documented file regulators and audit committees can review, not a verbal comfort level.
- A complete checklist covers seven workstreams: financial, legal, commercial, operational, people, technology and ESG.
- SEC Rule 206(4)-7 and FCA SYSC 8 both place documentation obligations on regulated investors. The DD file is a compliance artefact, not optional working paper.
- The people and integrity workstream is the most consistently under-done. It is also where adverse findings most often arise post-close.
Section summary: Investment due diligence has both a commercial purpose (pricing the deal correctly) and a regulatory purpose (documenting the assessment for examination). Treating it as a paperwork exercise to support a decision already made is what produces the 42% underperformance rate that Bain’s research identifies.
The four pillars of investment due diligence: the 4 P’s
The four pillars of investment due diligence are People, Performance, Philosophy and Process. The framework was developed in the institutional LP community for evaluating fund managers and has since been adopted across PE, VC and direct investment contexts. It is the most commonly cited investor framework in AI Overview results for the query “what are the 4 P’s of investment due diligence.”
Each pillar is a category of evidence the investor needs to gather. None substitutes for the others.
Pillar 1 · People
Quality and integrity of the people behind the deal
Investment team experience, track record, depth, and background integrity at founder, GP and C-suite level.
Investors assess the depth of the investment team, prior track record, sector experience, and key-person dependency. The integrity layer sits beneath this: who actually owns the entity, what their regulatory history looks like, and what background screening surfaces about named individuals. This is where most diligence programmes are thinnest and where Neotas’s OSINT-enhanced reporting concentrates.
Pillar 2 · Performance
Verifiable financial track record and returns
IRR, MOIC, PME, EBITDA quality, working capital movements and historical return attribution.
Internal Rate of Return (IRR), Multiple of Invested Capital (MOIC) and Public Market Equivalent (PME) are the standard performance measures for fund-level diligence. For direct investments, the focus shifts to quality of earnings analysis, EBITDA normalisation and working capital. Performance figures only carry weight when they are verifiable against audited accounts and independently calculated.
Pillar 3 · Philosophy
Investment philosophy and alignment of interests
Strategy, value creation approach, fee structure, carried interest and LP-GP alignment.
For fund investments, philosophy means understanding how the manager generates returns: through operational improvement, financial engineering, market timing, or sector arbitrage. The fee structure, carried interest waterfall, GP commitment and clawback provisions are the alignment instruments. Misalignment between stated philosophy and actual deal flow is one of the most common late-stage DD findings.
Pillar 4 · Process
Repeatable, documented investment process
Investment committee structure, deal sourcing, decision-making, risk management and operational controls.
A repeatable process means investments aren’t single-person calls. The diligence examines investment committee composition, voting records, deal pipeline source mix, monitoring frameworks and exit decision criteria. Operational due diligence on the manager itself (back-office controls, segregation of duties, valuation policy, cyber posture) sits within this pillar.
The 4 P’s framework is useful as a structure for fund-level diligence, but it can flatten the people pillar into “team experience” and lose the integrity layer beneath it. For PE and VC diligence specifically, the people pillar should explicitly include background screening, UBO verification and adverse media review on founders and GPs.
The diagram below illustrates the 4 P’s framework – People, Performance, Philosophy, Process and the primary evidence categories within each pillar.
The 4 P’s of investment due diligence: People, Performance, Philosophy and Process. The framework is standard for fund-level LP due diligence on PE and hedge fund managers.
The seven workstreams: a complete investment due diligence checklist
A complete investment due diligence file covers seven workstreams. Each addresses a specific category of deal-kill risk. The weight given to each varies by deal type. A growth-stage venture investment will weight technology and people heavier than financial. A buyout will weight financial and operational. A real estate deal will weight legal, tax and environmental. The seven workstreams below are the master list.
Workstream 1 · Financial
Financial due diligence
Quality of earnings, normalised EBITDA, working capital peg, debt schedule, tax compliance and three-year audited account review. The objective is to verify the financial story the seller is presenting and adjust the price for normalising items the seller has buried.
Workstream 2 · Legal & Regulatory
Legal and regulatory due diligence
Corporate structure, material contracts, IP ownership, employment, litigation, regulatory licences, AML/KYC programme quality, and sanctions exposure. For regulated targets, the licence inventory and historical regulator interactions are central. For tech targets, IP assignment from founders is the most common point of failure. See the AML compliance checklist for the financial crime layer.
Workstream 3 · Commercial
Commercial due diligence
Market size, growth rate, competitive positioning, customer concentration, pricing power, churn analysis, and revenue quality. A commercial DD that doesn’t include customer reference calls is incomplete. Revenue concentration above 30% in a single customer is a structural risk that warrants explicit pricing adjustment.
Workstream 4 · Operational
Operational due diligence
Management team depth, key-person risk, vendor concentration, cyber security posture, AI model governance, business continuity, and back-office controls. The IBM 2025 figure of $4.91M average breach cost via third-party access makes vendor and cyber operational risk a top three workstream by financial exposure. See the third-party risk management platform for post-close vendor oversight.
Workstream 5 · People & Integrity
People due diligence and integrity screening
Background screening on founders, C-suite and major shareholders. UBO verification through corporate registries and OSINT. PEP and sanctions screening against OFAC, UN, EU and OFSI lists. Adverse media review across all relevant jurisdictions. The workstream most institutional investors run on a questionnaire basis and that delivers the highest hit rate of unflagged findings when run independently.
Workstream 6 · Technology & IP
Technology and IP due diligence
Tech stack assessment, code quality, scalability, data provenance, IP ownership chain, open-source compliance, and AI model governance under the EU AI Act. For software targets, the IP assignment chain from founding engineers is examined document by document. A single missing assignment can void the value of a core product.
Workstream 7 · ESG
ESG due diligence
Environmental liabilities, modern slavery and supply chain integrity, governance quality, climate exposure, and reputational ESG risk. Mandatory for LP-led investments where ESG screening is embedded in mandate documents. See the ESG due diligence checklist for M&A transactions for the full evidence list.
Section summary: The seven workstreams are cumulative, not alternatives. Deal teams that drop workstreams to compress timelines tend to drop the ones that don’t fit their professional background (lawyers cut commercial, accountants cut people, technologists cut ESG). The fastest path to a missed risk is letting the team’s existing expertise determine the scope.
The diagram below maps the seven workstreams of a complete investment due diligence file, with the primary sub-checks that each workstream must cover.
Image: The seven workstreams of a complete investment due diligence checklist. Each workstream addresses a distinct category of deal-kill risk.
Financial due diligence checklist: what investors verify
Financial due diligence is the verification of historical financial performance, quality of earnings, and the financial position the seller is representing. It is not an audit. It is an investigation conducted from the buyer’s perspective, calibrated to the price being negotiated. The output is an adjusted EBITDA, a working capital peg, a debt schedule, and a list of items that change the deal economics.
The minimum document inventory for a credible financial workstream is below.
| Document | Purpose | Red flag if absent or restated |
|---|---|---|
| Audited financial statements (3 years) | Baseline of historical performance, audit opinion, related-party disclosures | Going concern qualification, restated prior periods, auditor change without explanation |
| Monthly management accounts (24-36 months) | Seasonality, working capital movements, earnings quality testing | Material divergence between management accounts and statutory accounts |
| Quality of earnings analysis | Identifies one-off, non-recurring or owner-related adjustments to arrive at adjusted EBITDA | Adjusted EBITDA more than 25% above statutory EBITDA without clear supporting evidence |
| Debt schedule and bank confirmations | Senior, mezzanine, convertibles, hidden debt-like items including factoring and earn-outs | Undisclosed factoring arrangements, off-balance-sheet liabilities, deferred consideration not on the debt schedule |
| Working capital analysis (LTM) | Establishes normalised working capital peg for the closing mechanism | Year-end manipulation of receivables, payables stretching, inventory build-up to flatter cash |
| Cap table and dilution waterfall | Fully-diluted ownership, preferences, anti-dilution, vested vs unvested options | Undisclosed warrants, side letters, advisory share grants outside the formal plan |
| Tax compliance history | Open tax periods, transfer pricing, VAT/sales tax positions, R&D credit claims | Open enquiries, aggressive transfer pricing positions, R&D credits without supporting documentation |
Restatement warning: Any restatement of prior-period financial statements requires explanation in writing before diligence continues. Restatements within the last three years are one of the strongest predictors of further surprises post-close.
For VC and growth-stage targets, financial DD also covers unit economics: customer acquisition cost (CAC), lifetime value (LTV), payback period, gross margin trajectory and cohort retention. For PE buyouts, the focus shifts to free cash flow conversion, capex requirements and quality of revenue (recurring versus project-based).
Operational due diligence checklist: what kills deals post-close
Operational due diligence assesses the systems, processes, people, vendors and infrastructure that produce the financial results. It is the workstream most likely to surface risks that don’t appear in financial statements and that destroy value after close. Bain’s 2025 research identified operational and commercial issues as the single largest cause of deal underperformance.
The operational workstream covers six categories.
| Category | What to assess | Severity |
|---|---|---|
| Management team depth | Bench strength below CEO, succession planning, key-person insurance, retention agreements | Critical |
| Vendor and supplier concentration | Single-source dependencies, contract termination rights, supplier financial health | High |
| Cyber security posture | ISO 27001 or SOC 2 certifications, incident history, penetration testing, ransomware exposure | Critical |
| AI and data governance | Training data provenance, EU AI Act exposure, model bias testing, customer data licensing | High |
| Business continuity and DR | BCP documentation, last test date, RTO/RPO targets, insurance coverage adequacy | Standard |
| Back-office controls (fund DD) | Segregation of duties, valuation policy, administrator independence, compliance programme quality | Critical |
Operational risk in numbers
IBM’s 2025 Cost of a Data Breach Report put the average cost of breaches involving third-party access at $4.91M, 12% above the cost of direct breaches. For a target with concentrated vendor dependencies and weak third-party oversight, this is the financial exposure being inherited at close. See the third-party risk management framework for how to structure post-close vendor oversight.
People due diligence: background screening, OSINT and integrity checks
People due diligence is the workstream that screens the individuals behind the deal: founders, C-suite, GPs, key personnel and ultimate beneficial owners. It covers background screening, OSINT-based reputational intelligence, UBO verification, sanctions and PEP screening, and adverse media review. Of the seven workstreams, it is the one most likely to surface a finding the seller has not disclosed.
There is a reason for that. Financial, legal and operational diligence work primarily with documents the seller provides. People diligence works with sources the seller doesn’t control: corporate registries in third-party jurisdictions, regulatory enforcement databases, adverse media in foreign-language press, court records, and OSINT signals. The asymmetry is structural. Independent screening doesn’t have to rely on the seller’s cooperation, which means it produces findings that questionnaire-based diligence cannot.
The people Due Diligence workstream covers five evidence categories.
| Subject | Check type | Red flag indicators |
|---|---|---|
| Founders and CEO | Background screening, career verification, directorship history, adverse media, OSINT reputational review | Undisclosed prior insolvencies, directorship disqualifications, regulatory sanctions, fabricated credentials |
| C-suite and key personnel | Employment verification, criminal record (where lawful), regulatory register checks, PEP screening | CV inconsistencies, undisclosed prior employment terminations, regulatory bar in any jurisdiction |
| Ultimate beneficial owners (UBOs) | Corporate registry tracing to natural person level, nominee structure identification, jurisdictional risk | UBO chain ending in opaque jurisdiction without natural person identification, nominee structures, sanctioned individuals in chain |
| Entity-level sanctions | OFAC SDN, UN Consolidated List, EU Sanctions, OFSI Consolidated List, sectoral sanctions | Direct designation, indirect designation via UBO chain, sectoral exposure |
| Adverse media and OSINT | Adverse media across 200+ languages, social media intelligence, court records, regulatory press releases | Adverse media in non-English sources not surfaced by standard tools, undisclosed litigation, regulatory criticism |
The non-English adverse media gap: Standard sanctions and adverse media tools that index only English-language sources miss the majority of risk findings on cross-border targets. Neotas screens across more than 200 languages using OSINT analyst review, which routinely surfaces regulatory criticism, litigation history and reputational findings in local-language press that English-only checks do not catch.
Questionnaire-only Due Diligence versus independent Due Diligence
The defining choice in people due diligence is whether to rely on what the target tells you or to verify it independently. The table below sets out the practical difference.
| Evidence area | Questionnaire-only | Independent Due Diligence (Neotas EDD) |
|---|---|---|
| UBO identification | Self-declared by target. Stops at the entity’s chosen disclosure level. | Traced via corporate registries to natural person across all jurisdictions. Nominee structures identified. |
| Adverse media | “Aware of any adverse media?” Self-reported, with no obligation to disclose foreign-language findings. | Screening across 200+ languages with source-cited findings. Surfaces regional press not indexed by English tools. |
| Sanctions and PEP screening | Single-list, entity-only checks at point of submission. No UBO-level screening. | OFAC, UN, EU, OFSI consolidated lists at entity, director and UBO level. Dated screening output. |
| Directorship history | CV disclosures. Voluntary, unverified. | Cross-jurisdictional corporate registry checks. Identifies undisclosed prior directorships, insolvencies, disqualifications. |
| Regulatory evidence value | Weak. Treated as a starting point by supervisors, not a complete DD record. | Source-cited, dated and methodology-documented. Meets SEC Rule 206(4)-7 and FCA SYSC 8 expectations. |
For SEC-registered investment advisers, the people DD workstream is also a compliance artefact. Rule 206(4)-7 of the Investment Advisers Act requires written policies on counterparty oversight. For UK-regulated firms, FCA SYSC 8 and the AML obligations under the Money Laundering Regulations 2017 generate equivalent documentation expectations. See enhanced due diligence services for the report structure Neotas delivers against this standard.
Red flags in investment due diligence: the ten signals that kill deals
Some risks surface clearly in the early stages of diligence. Others appear only when a specific check is run. The ten red flags below are the signals that most often correlate with post-close value destruction or deal collapse.
| Red flag | Workstream | Severity |
|---|---|---|
| Restated financial statements in prior 3 years without clear explanation | Financial | Critical |
| Undisclosed related-party transactions or side letters | Financial / Legal | Critical |
| Customer concentration above 30% in a single client | Commercial | High |
| Founder or C-suite with undisclosed PEP status or adverse regulatory history | People | Critical |
| UBO chain ending in nominee or opaque jurisdiction | People | Critical |
| Material divergence between management accounts and statutory accounts | Financial | High |
| Core IP not assigned to the company in writing | Legal / IP | Critical |
| Cap table inconsistencies, undisclosed warrants, or option grants outside the formal plan | Financial / Legal | High |
| Adverse media in non-English jurisdictions missed by standard checks | People / OSINT | High |
| Recent or pending cyber incident not disclosed in management presentation | Operational / Technology | Critical |
The pattern across the critical-rated red flags is consistent: they involve information the seller chose not to volunteer. None of them are surfaced by a vendor-completed questionnaire. They are surfaced by independent checks run against external sources.
Investment due diligence by asset class
The seven-workstream structure is consistent across asset classes, but the weighting shifts and certain workstreams require asset-specific depth. The four categories below cover the majority of investment diligence work.
Private equity due diligence
PE buyout diligence is the most fully developed application of the framework. Financial DD is heaviest (quality of earnings, debt schedule, working capital), legal DD covers warranty and indemnity insurance scope, commercial DD includes customer reference calls, and operational DD examines back-office maturity and management bench. People DD increasingly includes management screening at C-suite level, particularly for sponsor-backed bolt-ons where the acquired management team will run the combined entity. The private equity due diligence checklist covers the full buyout-side framework, and the management due diligence in PE briefing covers the people layer specifically.
Venture capital and startup due diligence
VC diligence weights people, technology and commercial pillars more heavily than financial, because audited statements rarely exist and historical performance is short. Unit economics (CAC, LTV, payback), founder background screening, IP assignment and product-market fit evidence dominate. Cap table integrity is unusually important: founder dilution preferences, anti-dilution clauses and option pool sizing all directly affect post-money returns. The social media due diligence for investment decisions covers the OSINT layer specifically for founder screening in early-stage deals.
Real estate investment due diligence
Real estate DD has its own document inventory. Title and ownership history, planning and zoning, environmental Phase I and Phase II site assessments, tenant covenant strength, lease abstracts, capex requirements, and building condition reports. The legal workstream is heavier than for operating businesses. For investments above certain thresholds, environmental DD is non-negotiable: contamination liabilities follow the property and can exceed the purchase price.
Investment manager and fund due diligence
LP diligence on funds uses the 4 P’s framework and is documented through standardised questionnaires. The ILPA Due Diligence Questionnaire (current version 1.2) is the most widely used format for PE fund DD. The AIMA Illustrative Questionnaire covers hedge fund and alternative investment manager DD with a 2025 update introducing a modular structure. Operational DD on fund managers is examined in detail in the operational DD workstream and covered comprehensively in the AML compliance checklist.
Section summary: Asset class changes the workstream weighting and the document inventory, not the framework. A diligence team that knows the seven workstreams and adapts the depth and emphasis to deal type produces a more consistent output than one that uses different methodologies for different asset classes.
The investment due diligence process: timeline and steps
A buyer-side investment due diligence process moves through six stages, from indication of interest to signed transaction. Bayes Business School’s research on M&A timing found that the optimal duration for completed transactions was approximately 139 days, with shorter and longer durations both associated with worse outcomes.
Stage 1 · Pre-engagement
Investment thesis defined, target identified, indicative offer made, exclusivity period agreed. The diligence scope is set here. Most teams underspecify scope at this stage and discover gaps mid-process.
Stage 2 · Data room access
Virtual data room opens. Seller uploads documents against the buyer’s document request list. Document indexing, gap identification and Q&A workflow established. Typical document count for a mid-market deal: 200 to 400 documents across all workstreams.
Stage 3 · Workstream execution
Financial, legal, commercial and operational workstreams run in parallel with named workstream leads. People DD runs alongside. Each workstream produces findings into a central diligence tracker with status, severity and decision impact noted.
Stage 4 · Management interviews and site visits
Management presentations, deep-dive Q&A on critical findings, site visits where relevant. This is where workstream leads test management’s grasp of their own business. Inconsistencies between management responses and document evidence are recorded.
Stage 5 · Findings consolidation and negotiation
Workstream reports consolidated into final diligence report. Material findings drive price chips, warranty scope, indemnification, escrow size, or contract structure. Critical-severity findings either change deal economics or stop the deal.
Stage 6 · Sign and close
Final SPA negotiation, disclosure schedules, completion mechanics. Diligence file is archived as part of the transaction record and retained for the warranty period (typically 18 to 36 months). For regulated investors, the file is also the regulatory evidence of the assessment.
The timeline below maps the six stages of a buyer-side investment due diligence process, from initial exclusivity through to signed transaction.
Image: Investment due diligence process timeline across six stages.[/caption]
How much does investment due diligence cost?
Investment due diligence costs scale with deal size, complexity and the depth of independent verification required. The benchmarks below are practitioner ranges drawn from mid-market deal advisory engagements in 2025-2026.
| Workstream | Mid-market deal (£10M-£100M EV) | Lower mid-market (under £10M) |
|---|---|---|
| Financial DD (QoE) | £35,000 – £150,000 | £15,000 – £40,000 |
| Legal DD | £40,000 – £200,000 | £15,000 – £50,000 |
| Commercial DD | £50,000 – £180,000 | £15,000 – £45,000 |
| Operational / IT DD | £25,000 – £100,000 | £8,000 – £25,000 |
| People DD / EDD per subject | £2,000 – £8,000 per founder/exec | £1,500 – £4,000 per subject |
| ESG DD | £20,000 – £60,000 | £8,000 – £20,000 |
Total mid-market DD spend typically runs between 1% and 3% of enterprise value. The cheapest workstream by ratio (people DD) tends to deliver the highest hit rate of unflagged findings. The most expensive workstream (commercial DD) carries the highest political risk: dropping it is the most common compromise made by overstretched deal teams.
Common mistakes in investment due diligence
The mistakes below are drawn from recurring patterns across Neotas’s enhanced due diligence engagements in 2025-2026. They are not theoretical risks. They are the specific points where investor diligence files most often fall short.
1. Relying on the questionnaire response for UBO verification
The vendor lists “ABC Holdings Ltd” as the parent and the response is treated as the answer. Independent registry tracing would identify the natural persons behind the holding company and surface any nominee structure. This is the single most common gap in cross-border deal files.
2. Running adverse media checks in English only
For any cross-border target or founder with international career history, English-only screening tools miss the majority of findings. Regional press, regulatory enforcement notices and court records in local languages are where the substantive risk often sits.
3. Treating diligence as a paperwork exercise to confirm a decision already made
When the investment thesis is locked before diligence begins, the team unconsciously interprets findings to support the thesis. The mitigation is to write the diligence scope and severity definitions before the work starts, not after the findings come in.
4. Dropping the workstream that doesn’t fit the team’s expertise
Lawyer-led teams cut commercial. Accountant-led teams cut people. Technologist-led teams cut ESG. Every dropped workstream is a category of risk left unexamined. The fix is to outsource the dropped workstreams to specialists.
5. Closing the diligence file without dating and source-citing the people workstream
Background screening that is not dated and source-cited has no regulatory evidence value. The same applies to sanctions screening. A supervisor reviewing the file will ask when each check was run, against what source, and what was found. An undated file fails that test.
How Neotas supports investment due diligence
Neotas delivers OSINT-enhanced enhanced due diligence reports to support the people and integrity workstream of investment due diligence. Reports are structured to satisfy the evidence requirements of SEC Rule 206(4)-7, FCA SYSC 8 and the AML obligations under the UK Money Laundering Regulations 2017. Every report cites sources, dates findings, and documents the screening methodology used.
| Service | Workstream addressed | Evidence delivered |
|---|---|---|
| Enhanced due diligence report | People DD on founders, C-suite, GPs and key personnel | Source-cited report covering background, adverse media, sanctions, PEPs, directorship history, OSINT findings |
| UBO verification | People DD on ultimate beneficial owners | Corporate registry tracing to natural person level, nominee identification, jurisdictional risk assessment |
| Adverse media screening | People DD and reputational intelligence | Screening across 200+ languages with analyst review, full source citation, dated findings |
| Sanctions and PEP screening | Financial crime workstream | OFAC, UN, EU, OFSI consolidated lists, PEP database screening, entity and named individual coverage |
| Ongoing monitoring | Post-close portfolio oversight | Real-time alerts on new sanctions, adverse media or regulatory actions affecting portfolio companies or fund managers |
Neotas is recognised in the Chartis FCC50 as a leading financial crime compliance technology provider. The platform combines structured database screening with open-source intelligence and analyst-led investigation, used by PE firms, venture capital funds, family offices, institutional LPs and the compliance teams at regulated banks, insurers and asset managers.
Close the people DD gap on your next deal
Neotas delivers pre-close enhanced due diligence reports on founders, key management, GPs and UBOs. Source-cited, dated, evidentially structured.
Chartis FCC50 recognised. Used across PE, VC, banking, insurance and family offices.
Schedule a meeting
See enhanced due diligence services
No commitment required. We will confirm availability within 1 working day.
Neotas in practice: investment due diligence engagements
ESG and integrity findings on a global PE target prevented a value-destroying acquisition
A global private equity firm commissioned a Neotas enhanced due diligence assessment on the senior leadership of a prospective portfolio company in a high-risk jurisdiction. The OSINT review surfaced ESG and reputational findings not disclosed in the management presentation. The PE firm restructured the deal with enhanced warranty cover and post-close monitoring obligations. Read the full case study.
UBO verification identified a sanctioned individual in the ownership chain of a co-investment
A family office requested UBO verification on a co-investment opportunity routed through a holding structure across three jurisdictions. Neotas traced the chain to the natural person level and identified a UBO with an OFAC designation. The client withdrew from the deal before signing. See all case studies.
Adverse media in non-English sources surfaced regulatory criticism missed by the lead bank
An institutional investor running parallel diligence on a target asked Neotas to screen the founders across 200+ languages. Adverse media in a regional language identified prior regulatory criticism that English-only checks had missed. The finding informed a revised price chip and additional warranty cover. See all case studies.
Glossary: key investment due diligence terms
Adjusted EBITDA: Earnings before interest, tax, depreciation and amortisation, normalised for one-off, non-recurring or owner-related items. The benchmark figure used to determine the purchase price multiple.
Adverse media: Negative news, regulatory enforcement notices, litigation records or reputational findings about an entity or individual published in press or public sources.
Carried interest: The share of fund profits paid to the general partner (typically 20%) above a hurdle rate. The primary economic incentive in the GP-LP alignment.
Data room: Secure document repository through which the seller provides documents to the buyer. Modern data rooms are virtual (VDRs) and offer permission controls and audit trails.
Enhanced due diligence (EDD): Deeper-than-standard investigation triggered by elevated risk indicators. Covers OSINT, UBO verification, adverse media in multiple languages, and source of funds analysis. See enhanced due diligence services.
IRR (Internal Rate of Return): Annualised effective rate of return on a fund or investment. The primary capital-weighted performance measure for PE and VC funds.
MOIC (Multiple of Invested Capital): Total cash returned to investors divided by capital invested. The headline value-creation measure for fund performance.
OSINT (Open-Source Intelligence): Investigation methodology using publicly available data sources. In DD, covers adverse media, court records, social media and regulatory press. See OSINT explained.
PEP (Politically Exposed Person): An individual entrusted with a prominent public function. PEP screening is a regulatory expectation under AML rules.
PME (Public Market Equivalent): Performance measure comparing private capital fund returns to a public market index. Identifies whether the manager added value above passive exposure.
Quality of earnings (QoE): Financial DD analysis that adjusts reported EBITDA to a normalised figure, identifying one-off items, owner adjustments and accounting policy changes.
UBO (Ultimate Beneficial Owner): The natural person who ultimately owns or controls an entity. UBO verification traces ownership through every intermediary to the individual. See UBO and source of funds explained.
Frequently asked questions on investment due diligence checklist
Covering the questions most commonly raised by PE deal teams, VC investors, family offices and institutional LPs running buyer-side investment due diligence.
Download the Neotas Due Diligence Report
A practitioner’s reference report covering the seven-workstream framework, the four pillars, the people DD layer most teams miss, and the OSINT methodology that surfaces non-English adverse media. Used by PE deal teams, family offices and institutional LPs running cross-border diligence.
Download the Due Diligence Report
Complete reference covering all seven workstreams of an investment due diligence file, the document inventory, and the people screening layer.
Used by PE deal teams, VC investors, family offices and institutional LPs. No sales call required.
Related reading
Further resources for compliance leads, deal teams and investors running buyer-side due diligence across PE, VC, M&A and direct investments.
Private Equity Due Diligence Checklist 2026 →
Buyout-side checklist covering financial QoE, debt schedule, working capital, management screening and operational workstreams. Used by PE deal teams running mid-market and upper-mid-market transactions.
Enhanced Due Diligence Services →
OSINT-enhanced reports covering founders, C-suite, UBOs and key personnel. Source-cited, dated and structured to meet the documentation expectations of SEC Rule 206(4)-7 and FCA SYSC 8.
Enhanced Due Diligence Checklist →
Structured EDD checklist covering adverse media, sanctions, PEPs, beneficial ownership and source of funds. Designed for deal teams running diligence on high-risk jurisdiction or complex ownership structure targets.
Management Due Diligence Explained →
Deep dive on the people pillar of investment due diligence, including methodology for screening founders, C-suite and GP teams, the role of OSINT, and how management findings feed into deal pricing and warranty cover.
How open-source intelligence has become the differentiator between standard background screening and the kind of diligence that surfaces undisclosed risks. Covers methodology, cross-border application and the institutional investor use case.
ESG Due Diligence Checklist for M&A →
Structured ESG diligence framework covering environmental liabilities, modern slavery and supply chain integrity, governance quality and climate exposure. Designed for transactions where LP mandates require ESG screening.
Private Equity Risk: What You Don’t Know Can Hurt You →
Field-level briefing on the recurring risk patterns Neotas has identified across PE engagements: undisclosed UBOs, founder integrity findings, jurisdictional exposure and cross-border ownership opacity.
Financial Crime Compliance Services →
Sanctions screening across OFAC, UN, EU and OFSI lists, adverse media monitoring and PEP identification. Integrated into investment due diligence workflows for pre-close screening and post-close portfolio monitoring.
Social Media Due Diligence for Investment Decisions →
How social media and OSINT signals feed into the people workstream of investment diligence, particularly for VC and growth-stage targets where founder reputation and digital footprint drive a measurable share of post-close risk.
