Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Lindsay Columbo: How did due diligence become so complicated?

Over the past several years, concepts that once served as basic elements to an appropriate customer due diligence program and that had simple definitions have morphed into requirements that are completely decentralized and that vary, based on factors such as geographical location, risk level, industry and business activity.

For example, under Bermuda’s due diligence requirements, a customer review should include both a sanctions screening and an internet search on the customer, as well as due diligence on other relevant parties including beneficiaries and controllers on the account.

In comparison, U.S. legal requirements issued by FinCEN specify that a customer review must include a sanctions screening against the OFAC list only.

Disparate due diligence requirements impact both industry professionals and compliance technology providers. The demand for specific due diligence measures based on a variety of factors and assessed risks have forced compliance teams to develop, and re-develop, processes that are able to address all legal requirements from a global perspective while also accounting for specific rules in jurisdictions with more stringent laws.

It is difficult for a compliance team to establish a practical process and procedure for due diligence when faced with constant changes to how we define and think about basic concepts like KYC and CIP. Effective implementation, training and communication of appropriate procedures to other non-compliance professionals also inherently become challenges when required procedures are continuously being re-defined due to regulatory developments and changes to internal processes.

Regulatory changes and inconsistencies in due diligence requirements have also greatly impacted compliance technology providers. Providers are forced to turn technology that was originally developed, designed and relied upon to assist companies in meeting high-level due diligence requirements under basic due diligence concepts into a solution that is incredibly sophisticated, robust and most importantly, flexible. Only then do the providers stand a chance in meeting the demands generated by the waves of regulatory changes we have witnessed over the past several years.

Moreover, as due diligence requirements become more complex and decentralized across jurisdictions and subject matter areas, technology providers are faced with pressure to provide a “one-stop-shop” where customers can effectively cover and conduct all required due diligence in one place. While the concept sounds like a dream to compliance professionals, going down this path to meet a one-stop-shop demand can result in a provider spreading itself too thin or advertising services that truly do not fall within the provider’s expertise or capability.

On top of the pressure from customers to provide more robust platforms, providers face additional heat from regulators who have specifically promoted and encouraged customers to review and adopt new compliance technology to meet new or more robust legal requirements.

Under the AML regulations for the Isle of Man, for example, a relevant individual is required to assess and document the use of developing technologies for both old and new products, which include data and transaction screening systems and electronic verification of documentation. This sends a message to providers that they need to have technology that will satisfy and survive reviews and audits now required by customers under certain laws.

Further, both compliance professionals and technology providers are expected to put a program or system in place that can capture exactly what a given company or institution needs based on those specific laws that are applicable to the business while also ensuring effectiveness from both a productivity and cost perspective.

Fortunately, some countries are adopting consistent regulations to fit a global due diligence standard across certain compliance areas, such as AML. This could take due diligence requirements full circle and bring us back to simple concepts that can be understood and addressed regardless of jurisdiction or any other factor.


Lindsay Columbo, Esq. is a founder of eSpear LLC, a developer of due diligence and screening solutions, where she serves as the Global VP of Compliance & Support Services. She previously served as Associate Corporate Counsel, Global Ethics & Compliance for Brightstar Corp. a SoftBank company headquartered in Miami, Florida. She can be contacted here.

Share this post


1 Comment

  1. Do you also see a concern that heightened privacy regulation will conflict with increasing expectations for due diligence? Where specific diligence steps are required by law, as is the case in AML, there may be a different standard than where the diligence steps are appropriate, but discretionary. Do you think privacy regulators are attentive to these compliance program concerns? Regards, Joe Murphy

Comments are closed for this article!