The due diligence process: Step-by-step guide

When you are facing a major business decision like buying a company, taking on new investors, launching a joint venture, or signing a franchise deal, the difference between a win and a disaster often comes down to one thing: due diligence.

Here is your clear, step-by-step guide to running due diligence in Malaysia, so you never sign blind.

When does the due diligence process take place and who is involved?

Timing: When does due diligence happen?

For Malaysian companies, due diligence usually begins after both sides show genuine interest but before a final contract is signed. In practical terms, due diligence is triggered:

• After a Letter of Intent (LOI): This is a non-binding document stating that both sides are interested in a deal, subject to further checks.

• During negotiations: When parties are exploring an acquisition, investment, joint venture, franchise, or other major transaction, due diligence begins before any commitment is locked in.

Who is involved?

Due diligence is not a solo mission. It involves a coordinated team, including:

• Business owners: The founder or major shareholders of the company.

• Board of directors: Those responsible for oversight and strategy.

• Buyers and sellers: The parties on both sides of the transaction.

• Investors: Venture capital, private equity, or angel investors who want to know what they are buying.

• Due diligence lawyers: Legal experts who run checks, review documents, and identify legal risks.

• Accountants and consultants: Handle financial, operational, or specialist due diligence areas.

Key context: Due diligence in Malaysia is always a collaborative process. Both the buyer and the seller must cooperate—providing documents, answering questions, and meeting legal, regulatory, and commercial requirements.

Preparation, information access, and assembling your due diligence team

Laying the groundwork

A successful due diligence process starts with solid preparation:

• Set clear objectives: Define what you want to achieve—what information or assurances do you need before committing?

• Scope and timelines: Outline exactly what will be covered (legal, financial, operational, compliance) and how long the process will take.

Building your due diligence team

You need the right people to spot the right risks:

• Internal stakeholders: Business owners, directors, and relevant managers.

• External advisors: Appoint experienced due diligence lawyers, accountants, and specialist consultants familiar with Malaysian law and industry norms.

The document request and checklist

• Issue a due diligence checklist: This is a tailored list of all required documents—company constitution, statutory records, financial statements, contracts, licences, permits, litigation history, regulatory filings, and more.

• Request the documents: Officially ask the target business to provide these items.

Secure information access

• Virtual data room (VDR): Set up a secure online space where documents can be shared and reviewed safely.

• Physical delivery: For sensitive files or where technology is limited, arrange controlled, in-person document access.

Physical site visits and meetings

• On-site verification: Plan visits to the company’s premises, factories, or warehouses as needed.

• Face-to-face meetings: Conduct interviews and walkthroughs for a clearer picture of operations.

Keep it confidential and controlled

• Confidentiality agreements: All parties should sign NDAs before any information is shared.

• Controlled access: Limit who can see sensitive information.

• Role clarity: Every team member must understand their responsibilities and reporting lines.

Bottom line: Skipping these steps puts your deal—and your business—at unnecessary risk.

How to perform due diligence on a Malaysian company: Step-by-step guide

Ready to start? Here is how to do it right in Malaysia:

Step 1: Systematic document review

• Corporate files: Check company constitution, statutory registers, shareholding structure.

• Legal documents: Review contracts (customer, supplier, employment), licences, intellectual property, litigation.

• Financial records: Analyse audited accounts, tax filings, debts, and contingent liabilities.

• Operational records: Examine business processes, key personnel, IT systems, inventory, and assets.

• Compliance files: Ensure all statutory and regulatory requirements are met.

Step 2: Management and staff interviews

• Clarification: Meet with directors and key managers to explain documents, address gaps, and clarify business practices.

• Probe issues: Ask about ongoing disputes, hidden liabilities, or operational bottlenecks.

Step 3: Physical site visits and asset inspections

• Asset verification: Physically inspect property, equipment, or inventory to confirm existence and condition.

• Operational walkthroughs: Observe business in action to validate operational claims.

Step 4: Review for Malaysian legal and regulatory compliance

• Companies Act 2016: Check that the business is properly incorporated, maintained, and meets statutory obligations.

• Sector regulations: Verify industry-specific compliance, permits, and environmental requirements.

Step 5: Document and assess risks

• Risk matrix: List any discrepancies, missing documents, or red flags.

• Assess impact: Rate the seriousness of each risk and suggest actions or deal adjustments.

Expert tip: Keep records of everything. A systematic, well-documented process stands up to scrutiny and reduces the risk of post-deal disputes.

Reporting process, clarifications with the target, and decision-making

How due diligence reports are prepared

• Executive summary: Concise overview of key findings and risks.

• Detailed sections: Break down findings by area—legal, financial, operational, compliance.

• Risk matrix: Table highlighting critical, moderate, and minor risks, with recommendations.

• Actionable findings: Clear next steps or required protections.

Clarifying outstanding issues

• Queries: Send written questions or follow-up requests to clarify missing or unclear items.

• Supplementary requests: Ask for further documents or explanations where gaps appear.

• In-person discussions: Sometimes a phone call or meeting resolves issues faster than paperwork alone.

Communication of findings

• Business-focused advice: Your due diligence lawyer or advisor will communicate results in clear, actionable language—not legal jargon—so you can make informed decisions.

• Client meetings: Reports are presented to buyers, the board, or management teams, often as part of deal negotiation sessions.

Turning findings into decisions

• Go/no-go: Decide whether to proceed, walk away, or renegotiate terms based on risks and findings.

• Negotiation: Use the report’s findings to strengthen your position—adjusting price, asking for warranties, or requiring problem areas to be resolved.

• Deal protection: Recommend extra contract terms or post-completion safeguards for high-risk issues.

Why transparent, timely reporting matters

The best reports do more than highlight problems—they enable you to act with confidence, speed, and clarity. In Malaysia’s business landscape, timely and strategic due diligence reporting separates successful deals from costly mistakes.

Conclusion: Own the outcome. Protect your ambition.

The most successful business leaders do not leave deals to luck. They insist on clear, decisive due diligence, supported by a trusted Legal Growth Partner™ who delivers speed, structure, and absolute clarity at every stage. In Malaysia’s fast-paced business environment, those who master due diligence move faster, negotiate better, and build stronger businesses for the future.