Anatomy of open source intelligence-driven due diligence

Related: What is due diligence?

It is important to understand that the role that open source intelligence plays in due diligence is supportive, as most of the work still falls on the accounting and legal side. However, open source intelligence can still provide value in gaining powerful insights that can help companies make informed decisions. Here's how open source intelligence fits into each sector:


The role of financial information in the due diligence process cannot be underestimated. All of a company's account activity, including revenue streams, transactions, investments or expense records, always tells a very vivid story and is a great source for accurate risk assessment during the audit process.

Open source intelligence tools allow analysts to quickly find public financial information (equity or balance sheet) and revenue information (analytical reports of previous transactions) about a company's trading history. In addition, the ability to track cryptocurrency transactions makes it possible to identify potentially high-risk payments and reveal a lack of transparency in the subject's accounts, thus pointing to areas that require further investigation. As a result, the ongoing transaction process may change in a timely manner.


Having a written record that proves a company's actions can be a lifesaver for a successful M&A transaction. "Legal" is used as a general term to cover any official documents and records of accounts. Collecting all contracts, real estate records, patents, tax receipts and other required documents can support or debunk claims made by individuals and companies.

However, any company can accumulate a large amount of disparate paperwork that can be difficult to organize and form into a coherent picture. Scanning and analyzing news stories about lawsuits, sanctions lists, and non-governmental investigative reports (such as OCCRP) is easy with open source intelligence solutions. In addition, visualization tools allow analysts to map out how all this disparate paperwork fits together and can help see the full picture of a company's internal processes.


All positive or negative examples of policy compliance, such as ESG (environmental, social, governance) or CSR (corporate social responsibility), can play an important role in an M&A transaction. If a company does not live up to its word, its reputation can suffer catastrophic consequences and it can risk being fined.

Compliance-related issues are often discussed on online social platforms, providing a valuable opportunity to examine public sentiment and uncover data covering these topics, particularly ESG and CSR violations. Open source intelligence tools allow for effective tracking of such discussions on social media channels. In addition, geospatial and image analysis capabilities can provide much-needed insight into potential ESG violations.

Company Structure, Policy, and Staff

By describing the organization of a company's internal processes, an organization's structure, policies and corporate culture can often provide a broader picture of how it operates. In addition, since many companies have embraced remote work, it is important to be able to check that employees are where they are supposed to be and doing what they are supposed to be doing.

Take LinkedIn, for example. This social network can provide a wealth of data about a company's corporate structure, management, personnel changes, etc. At the same time, users are constantly leaving indications about their geographic location through social media and other platforms such as fitness trackers.

Open source intelligence tools allow analysts to extract information from a variety of sources to validate data points or inferences about individual company employees, including where they work and their attitudes toward their jobs. They also paint a picture of the company's internal structure and operating model and its effectiveness.

Sanctions and Stop Lists Global sanctions and potential ties to countries and institutions that do not align with the company's values can pose significant problems during due diligence. While individuals with such ties pose risks, the same is true for those on watch lists or involved in politics. These subjects are prime targets for enhanced due diligence because the connections between them are often numerous and complex.

By applying knowledge derived from sanctions databases (such as the one offered by OFAC), open source intelligence solutions can visualize the detailed network of connections that analysts can track and examine. Very often, critical links can be hidden, making them undetectable by ordinary search methods. But with the help of metadata, it is possible to derive a comprehensive context of information and map connections that are likely to be present but have been obfuscated or removed.


With increased competition in social media and all markets, any damage to a company's reputation can trigger a domino effect that will eventually sink the organization. The way companies are presented online through their management profiles, corporate media images, customer reviews and public sentiment is critical to understanding exactly where the subject occupies in the marketplace.

Many open source intelligence solutions are equipped with a suite of text analytics tools that allow for in-depth sentiment analysis around specific companies and related to many issues. NLP models mean that large amounts of online text can be quickly analyzed and summarized to quickly understand public attitudes toward specific companies. Thus, open source intelligence allows one to identify sentiment in greater depth, check its veracity and whether it is artificially generated. This allows analysts to be more accurate in their work.


Data breaches can be extremely damaging and costly for organizations. Not only is the number of victims involved on the rise, but the average cost of a data breach is at an all-time high. In this context, it is easy to see why cyber resilience and data security are key issues in assessing the risk of proposed M&A transactions.

Using open source intelligence tools, analysts can continuously monitor the online space for security breaches and identify various cyber vulnerabilities in a timely manner. In addition, such intelligence solutions are able to search for red flags in the dark web. This is often critical for assessing cyber resilience, as this is where compromised data is most often traded. It is also where malicious tools and services, such as zero-day vulnerabilities and DDoS-as-a-Service, are most often propagated.