Everyone likes to talk about the importance of due diligence. A whole new due diligence industry has grown, starting with initial anti-money laundering requirements and stretching into corruption and sanctions issues.

Do not misunderstand me – due diligence procedures are critical for a company, especially when it comes to third parties. The focus, or perhaps even the obsession, has been with third parties. Once you add vendors/suppliers –which is a totally different kind of risk – “third party” due diligence quickly absorbs compliance professionals.

What surprises me, however, is the fact that while companies have quickly developed and implemented important third-party due diligence risk programs, they have ignored an equally important area for due diligence procedures – mergers & acquisitions.

We all have heard (or experienced) the same story – days before the financial due diligence process for a tightly held acquisition is about to be completed, someone remembers that it might be a good idea to bring in the chief compliance officer. Hopefully, this is happening less frequently these days.

For companies that tend to grow through acquisitions, this is a dangerous risk to ignore. It is the same as taking a group of third parties – e.g. 30 or more – and simply deciding not to conduct any due diligence.

It is always good to plan in advance. Companies should put in place a specific due diligence policy that covers acquisitions. In the same way that third parties have to be screened, so do potential acquisitions. To put it another way, the company is acquiring another business that has its own culture and its own set of compliance risks and challenged – the sooner those are identified and assessed, the better a transaction may proceed.

A target company has its own set of risks – government interactions, use of third parties, joint ventures, and payments made for gifts, meals, entertainment and charities. It is hard to conduct a risk assessment on the company quickly and efficiently, but that is what has to be done. Once the risk assessment is conducted, the acquiring company has to drill down to make sure they are not purchasing an “FCPA violation” because of successor liability risks.

Aside from this process, the risks from acquiring companies continue even after getting past the closing. An acquiring company has to integrate the target company into its culture of compliance, financial system and set of internal controls.

Companies have to move in quickly and take over the acquired company. It is not something to delay or put off so that the transition is “easier” at the new company. Change has to be quick and efficient. Any prolonged delay will make it harder to integrate in the future and could create risks that acquired company could veer off course.

I have emphasized to companies that planning for integration of the acquired company has to begin well in advance of the closing. Senior management has to back the process and make sure it is completed. Often, it is hard to get the attention of senior management when they are focused on closing a deal, last-minute negotiations, and keeping a deal on track.

In many respects, the due diligence process for mergers and acquisitions is much more complex and difficult than third-party due diligence. It involves multiple risks, assessment in short time frames and extensive planning for integration of an acquired company.