1. What's at Stake in 2026 B2B Due Diligence
Three forces converged in the past 24 months to make business due diligence both more important and more accessible. First, FinCEN's Beneficial Ownership Information regime under 31 U.S.C. §5336 finally turned U.S. shell-company opacity into a federal reporting question, even as the March 2025 interim rule narrowed the reach. Second, OFAC, OIG, and SAM.gov have aggressively expanded designations — the SDN list grew roughly 14% in 2024 alone after Russia, Iran, Hamas, and fentanyl-supply-chain designations. Third, state Secretary-of-State portals are now free, fully digital, and indexed in ways that did not exist a decade ago, which means a small buyer can produce a credible legal-existence file in 30 minutes for $25.
What has not changed is the underlying truth: corporate counterparties commit fraud, become insolvent, get sanctioned, and abandon licenses, and the public record almost always shows the warning signs before the wire actually leaves. The job is to know where to look, what to read, and how to weigh contradictions.
2. The Four Legal Regimes That Govern Business Vetting
One of the most expensive misconceptions in B2B due diligence is the assumption that the Fair Credit Reporting Act (15 U.S.C. §1681) governs business reports. It does not — FCRA covers consumer reports on natural persons. The legal framework around entity vetting is built from a different set of statutes, and each one carries its own permissible-purpose, disclosure, and penalty architecture.
| Statute / Regulator | Coverage | What it actually requires |
|---|---|---|
| Corporate Transparency Act — 31 U.S.C. §5336; 31 CFR 1010.380 (FinCEN) | Most U.S. corporations, LLCs, similar entities (current focus: foreign reporting companies after the March 2025 interim rule) | BOI report identifying 25%-or-more owners and substantial controllers; ongoing updates within 30 days of change. |
| OFAC sanctions — 50 U.S.C. §1701 (IEEPA); 31 CFR Parts 500–599 | All U.S. persons and entities (strict liability) | Pre-transaction screening against SDN and consolidated sanctions lists; license required for any otherwise prohibited dealing. |
| Securities Exchange Act — 15 U.S.C. §78m | Public reporting companies, investment advisers, broker-dealers | Periodic disclosure (10-K/10-Q/8-K) via EDGAR; material misstatements are actionable under Rule 10b-5. |
| Equal Credit Opportunity Act — 15 U.S.C. §1691 | Any creditor extending business credit | No discrimination by protected class; adverse-action notice when business credit is denied based on a report. |
| Foreign Corrupt Practices Act — 15 U.S.C. §78dd-1 | U.S. issuers and any U.S. person dealing with foreign officials | Anti-bribery and books-and-records requirements; due-diligence files on foreign intermediaries are functionally mandatory above material thresholds. |
The practical effect is that there is no single “disclosure and consent” statute the way FCRA structures employment screening. Instead, the obligation is layered: you screen sanctions because you are a U.S. person, you read EDGAR because the law makes a public company file there, you document FCPA review because the contract crosses a border, and you respect ECOA because you are extending credit.
3. Layer 1 — Legal Existence and Standing
Every U.S. business background check starts in the same place: confirm the entity legally exists, in the state it claims, with the people it claims, in the form it claims. Each state's Secretary of State (or equivalent agency) maintains a free entity-search portal indexed by exact name, entity number, registered agent, and (in most states) officer/manager name. The single artifact you want is a Certificate of Good Standing (sometimes called Certificate of Existence or Status Certificate) — an official, time-stamped statement that the entity is current on franchise tax, annual reports, and registered-agent requirements.
The five-question intake
- Exact legal name. “ABC Logistics Inc.” and “ABC Logistics, LLC” are different entities; contracts get voided when the wrong name signs.
- State of formation. Delaware is the most common because more than 60% of Fortune 500 companies are domiciled there per the Delaware Division of Corporations. But Nevada, Wyoming, and Texas are the ones to look at twice.
- Entity number. Each state issues a unique file/charter number. Always verify it back from the certificate, never from a salesperson’s deck.
- Status. Active, in good standing, current, or pending dissolution? Forfeited, revoked, or administratively dissolved entities may still be transacting but their contracts can be voidable and their principals can lose the corporate liability shield.
- Registered agent and address. A non-physical address in a known mass-incorporator (Northwest Registered Agent, Cogency, CT Corporation generic suite numbers) is normal in Delaware; a residential street address with seven shell entities listed at the same number is a flag worth a phone call.
Cross-state matrix and pricing
| State | Free entity search? | Good Standing certificate fee | Portal URL |
|---|---|---|---|
| Delaware | Free (status only) | $50 short form / $175 long form | DE Division of Corporations |
| California | Yes | $5 certified | CA bizfile |
| New York | Yes | $25 | NY DOS |
| Texas | Limited (paid SOSDirect for officers) | $15 certificate | TX SOS |
| Florida | Yes | $8.75 | FL Sunbiz |
| Nevada | Yes | $50 | NV SOS |
| Wyoming | Yes | $10 | WY SOS |
4. Layer 2 — Beneficial Ownership and Control
For nearly a century, U.S. law allowed a person to form a corporation or LLC without ever disclosing who actually owned or controlled it. The Corporate Transparency Act ended that for most domestic entities effective January 1, 2024 — but the regulatory map shifted again in March 2025. Today the right question is not “did the company file a BOI?” but “under the current rule, is this entity even required to file, and if so, can I confirm the filing?”
What the rule actually says (2026 posture)
- The FinCEN Beneficial Ownership Information rule at 31 CFR 1010.380 requires “reporting companies” to identify each beneficial owner — defined as any individual who exercises substantial control or owns at least 25% of the entity — and each “company applicant” who filed the formation paperwork.
- The March 2025 interim final rule (90 FR 13688) narrowed the rule’s reach: the present focus of mandatory reporting is on foreign reporting companies, while most domestic entities are no longer required to file. This is one of the most fluid corners of U.S. regulatory law right now — always read the current FinCEN guidance before relying on the framework.
- The BOI database itself is not a public-search tool. Access is limited to authorized federal, state, local, and tribal officials, and to financial institutions for customer-due-diligence purposes with the reporting company’s consent.
What a private vetter can still do
- Ask for a copy. Reporting companies retain a FinCEN ID number (FinCEN ID) for the entity and for each beneficial owner. Counterparties signing a material contract should be willing to share the entity FinCEN ID and the BOI confirmation in escrow.
- Cross-reference open sources. Public DUNS records, SEC filings (if a public parent exists), state business filings naming officers, court filings, and prior press releases will usually surface the ultimate owners even when BOI is unavailable.
- Treat refusal as a signal. A counterparty insisting on opacity above the BOI regime’s threshold is, by itself, a flag — not because BOI is the only valid disclosure, but because every legitimate reason a buyer has to know the beneficial owners (sanctions screening, FCPA, anti-money-laundering) is independent of the CTA.
5. Layer 3 — SEC EDGAR and Public-Company Disclosure
If the counterparty is a U.S. public company, a registered investment adviser, a broker-dealer, or has issued securities under Regulation A or Regulation Crowdfunding, the most valuable single resource on the open web is SEC EDGAR. Section 13 of the Securities Exchange Act (15 U.S.C. §78m) makes the periodic filings mandatory; SEC Rule 10b-5 makes lying in them a federal securities violation. The cost is zero and the latency is hours.
The filings that actually matter
- Form 10-K — the annual report. Read Item 1A (Risk Factors), Item 3 (Legal Proceedings), Item 7 (MD&A), and the tax footnote.
- Form 10-Q — quarterly update. Focus on changes in legal proceedings and any new debt covenants.
- Form 8-K — current report for material events. Items 1.01 (material agreement), 2.04 (acceleration of obligation), 4.02 (non-reliance on prior financials), and 5.02 (departure of officers) are the four most useful for vetting purposes.
- Schedule DEF 14A — proxy. Discloses related-party transactions, executive compensation, and any “clawback” events under Dodd-Frank.
- Form D — private placement notice; useful when the counterparty is a private fund or a startup that has raised under Reg D.
For investment advisers, the parallel resource is SEC Investment Adviser Public Disclosure (Form ADV Parts 1 and 2). For broker-dealers and registered representatives, use FINRA BrokerCheck, which discloses regulatory actions, customer complaints, criminal history, and employment separations. FINRA Rule 3110 (supervision) and Rule 4530 (reporting) drive what shows up there.
6. Layer 4 — Federal Exclusion and Sanctions Lists
The strictest piece of business due diligence in the U.S. is sanctions and exclusion screening. There is no negligence threshold — under the International Emergency Economic Powers Act (50 U.S.C. §1701) and OFAC regulations, transacting with a designated party is a violation whether or not you knew. Four lists carry direct legal force; a fifth and sixth carry contractual force in most federal procurement and healthcare contexts.
| List | Maintained by | Why it matters | Where to search (free) |
|---|---|---|---|
| SDN — Specially Designated Nationals | U.S. Treasury OFAC | Strict liability under IEEPA; up to $377,700 or 2x transaction value (31 CFR §510.701) | OFAC Sanctions Search |
| Consolidated Sanctions List | U.S. Treasury OFAC | Covers sectoral, non-SDN Iran, Palestinian, and other lists | OFAC Consolidated List |
| LEIE — List of Excluded Individuals/Entities | HHS Office of Inspector General | Bars participation in Medicare/Medicaid; CMP up to $10,000 per item plus treble damages | OIG LEIE |
| SAM.gov Exclusions | GSA / SAM.gov | Disqualifies from federal contracts, grants, loans | SAM.gov Exclusions |
| DDTC Debarred List (ITAR) | U.S. State Department | Bars defense-trade activity | DDTC Debarred List |
| BIS Entity List | U.S. Commerce / BIS | Export-control restrictions under EAR | BIS Entity List |
The minimum credible workflow is to screen the entity legal name, every d/b/a or assumed name, the registered agent, and every named principal against OFAC SDN + Consolidated and against SAM.gov exclusions. If federal healthcare dollars are involved, OIG-LEIE is mandatory. If export-controlled technology or defense articles are involved, BIS Entity List and DDTC Debarred List are mandatory.
7. Layer 5 — Court Records, UCC Liens, and Judgments
The court layer answers two operational questions: has anyone sued this company, and has it pledged its assets to anyone else? Federal cases live in PACER ($0.10 per page, capped at $3 per document). State commercial cases live in the trial-court system of each state — coverage varies, with about 65% of state systems offering free name searches per the National Center for State Courts. UCC-1 financing statements live at the Secretary of State of the company’s state of formation, with most states offering free or near-free online lookup under UCC Article 9.
What to actually pull
- PACER federal civil — breach of contract, intellectual-property, trade-secret, antitrust, and False Claims Act qui tam complaints.
- PACER federal bankruptcy — any Chapter 7, 11, or 15 case in any district nationwide.
- PACER federal criminal — SEC parallel prosecutions, FCPA cases, federal fraud.
- State trial courts — commercial disputes, employment, judgments, restraining orders, foreclosure.
- UCC-1 filings — secured liens, factoring arrangements, merchant cash advances (MCAs).
- Tax liens — federal IRS tax liens (filed in county where property sits) and state tax liens (filed in state lien index).
Reading UCC filings
A UCC-1 financing statement names a debtor, a secured party, and a collateral description. The patterns matter more than the individual filings. Two patterns are especially worth attention:
- Multiple recent UCC-1s with MCA lenders (CFG Merchant Solutions, Yellowstone Capital, Kapitus, Mantis Funding) typically indicate that the company has run through bank credit and is paying double-digit effective annualized rates for cash flow. Lenders willing to extend credit junior to a merchant cash advance are rare.
- UCC-1s naming “all assets, accounts receivable, inventory, equipment, and general intangibles” as collateral mean the senior lender has a blanket lien. Any new financing or asset sale almost certainly requires that lender’s consent.
8. Layer 6 — Tax Status, Liens, and Compliance
There is no public IRS account for a private business, which means buyers cannot simply “pull the company’s tax returns.” What does exist are three indirect proxies that, together, give a reliable view of whether the entity is current on its tax obligations.
State certificate of tax clearance / good standing
Every state department of revenue (or Franchise Tax Board, Comptroller, etc.) will issue, on request, a Certificate of Tax Clearance — an official statement that the entity is current (or not) on sales tax, withholding tax, unemployment insurance, and franchise tax. Fees range from free to about $50; turnaround is days to weeks depending on the state. In M&A transactions, the Certificate is functionally required before a buyer accepts an assignment of contracts or assumes a payroll. The Federation of Tax Administrators maintains a directory of state revenue agencies.
Federal and state tax liens
The IRS files a Notice of Federal Tax Lien in the county where the taxpayer’s property sits when a tax assessment goes unpaid (IRS guidance). These show up in the county recorder’s index and in commercial lien aggregators. State tax liens follow a parallel process at the state level. Active liens always signal that the company is in unresolved dispute with a taxing authority; chains of liens that get withdrawn and refiled often signal a long-running collection negotiation.
EIN and TIN matching
The Employer Identification Number is the federal tax ID. The IRS does not run a public lookup, but a Form W-9 from the counterparty plus a free TIN-match through the IRS e-Services portal will confirm whether the name and EIN agree with the IRS file. A mismatch is one of the strongest single indicators of either fraud or a recently re-named/sold entity.
9. Layer 7 — Professional Licensing and Regulatory Standing
If the counterparty performs licensed work — finance, healthcare, construction, real estate, professional services — the license itself is part of the background check. Revoked, surrendered, or expired licenses are public records, almost always free to search, and they sit upstream of the operational risk: a contractor without a current license cannot legally collect on a contract in many states.
Federal license rosters
- NMLS Consumer Access — mortgage and consumer-finance company and individual licensure across all 50 states.
- FINRA BrokerCheck — broker-dealers and registered representatives, under FINRA Rule 3110.
- SEC IAPD — SEC- and state-registered investment advisers.
- National Practitioner Data Bank — healthcare malpractice and adverse-action database (limited public access).
- Nursys — multi-state nurse-licensure verification.
- HHS OIG LEIE — Medicare/Medicaid exclusion (already covered in Layer 4).
State license rosters worth knowing
- California Contractors State License Board (CSLB) — verifies license, bond, workers’ comp, and disciplinary history.
- New York Department of State Division of Licensing Services — real-estate brokers, security guards, notaries.
- Texas Department of Licensing and Regulation — broad coverage across 39 occupations.
- State medical and dental boards — check the Federation of State Medical Boards (FSMB) for a directory.
- State bar associations — attorney license, public discipline, and good-standing records.
10. International Counterparties and the FCPA Overlay
Foreign counterparties multiply the workload because no single jurisdiction’s public record is comparable to the U.S. system. The framework that anchors the work is the Foreign Corrupt Practices Act anti-bribery and books-and-records provisions at 15 U.S.C. §78dd-1, which makes inadequate vetting of foreign intermediaries actionable for U.S. issuers and U.S. persons. The DOJ FCPA Resource Guide outlines the expected diligence depth as a function of country risk, transaction size, and government touchpoint.
The six-layer foreign workflow
- Legal existence in the home jurisdiction. UK Companies House (free), Hong Kong Companies Registry (paid), Singapore ACRA Bizfile, Canada Corporations Canada, Mexico SAT.
- Multi-jurisdictional sanctions screening. OFAC SDN + EU Consolidated List + UK HM Treasury OFSI + UN Security Council Consolidated.
- Multilateral debarment. World Bank Listing of Ineligible Firms + Asian Development Bank, African Development Bank, Inter-American Development Bank, EBRD sanctions lists.
- Adverse-media in local language. Native-language news search is non-negotiable; English-only searches miss most local enforcement and reputational issues.
- Politically exposed person (PEP) screening. Owners, directors, and senior managers screened against PEP databases (Dow Jones Risk & Compliance, World-Check, OpenSanctions.org open-source).
- Document authentication. Apostille under the 1961 Hague Convention for signature authority, certificate of incorporation, and power of attorney where the counterparty country is a signatory; consular legalization where it is not.
11. OSINT, Red Flags, and the Reputation Layer
The last layer is the one that does not have a clean URL: open-source intelligence, the adverse-media review, and the pattern-recognition that separates a competent vetter from a checklist-runner. The goal is not to catalog every negative mention — it is to identify the small number of signals that have historically correlated with counterparty failure.
The ten persistent red flags
- Entity is forfeited, revoked, or administratively dissolved in its state of formation.
- Principal or beneficial owner appears on OFAC SDN, OIG-LEIE, or SAM.gov exclusions.
- Three or more UCC-1 financing statements with merchant-cash-advance lenders in the trailing 18 months.
- Federal criminal indictment, SEC enforcement action, or DOJ False Claims Act intervention against any current officer or director.
- Chain of name changes — entity renamed three or more times in 36 months, or a series of formed-and-dissolved sibling LLCs at the same registered-agent address.
- Registered agent is a generic mass-incorporator and the entity has no verifiable street address, phone, or web presence.
- State tax liens or franchise-tax forfeiture within the last 24 months.
- Principals’ professional licenses revoked, suspended, or surrendered — especially in finance, healthcare, or law.
- Bankruptcy filing (Chapter 7, 11, or 15) by the entity or a controlled affiliate within 24 months.
- Sustained adverse-media in the home jurisdiction — especially anything tied to fraud, embezzlement, or self-dealing.
Adverse-media workflow
A defensible adverse-media check covers three search rings: (1) the entity legal name and every prior name; (2) each current officer, director, and beneficial owner by full name plus city of residence; (3) the registered-agent street address. Use both Google and Bing because they index different sources, and use the country’s native-language press for foreign counterparties. OpenCorporates is useful as a global cross-jurisdictional index of entities; OpenSanctions consolidates global sanctions and PEP lists with an open-data license.
12. Decision Framework and the $75–$400 Self-Service Package
The closing question is always the same: given a deal of size X with country risk Y and sector risk Z, what depth of background check is proportionate? A useful framework is the four-tier escalation model that mirrors how most compliance functions size their diligence.
| Tier | Trigger | Typical scope | Realistic cost (self-service) |
|---|---|---|---|
| Tier 1 — Light | Contracts under $25,000; recurring vendors with established relationship | Secretary of State Good Standing; OFAC SDN + SAM.gov; one PACER name search | $25–$75 |
| Tier 2 — Standard | Contracts $25,000–$500,000; new vendors; new lenders/borrowers | Tier 1 + state UCC search; state court name searches in HQ state; D&B or Experian Business credit; professional-license verification | $75–$400 |
| Tier 3 — Enhanced | Contracts above $500,000; M&A targets; cross-border deals; politically exposed counterparties | Tier 2 + multi-state UCC; federal and state tax liens; principals individual searches; adverse media (English + local language); FCPA pre-clearance memo | $400–$2,500 |
| Tier 4 — Investigative | Material acquisitions; foreign joint ventures in high-risk geographies; SEC-registered transactions | Tier 3 + retained PI firm (Kroll, Mintz, K2 Integrity, Berkeley Research); on-the-ground reference checks; site visit; forensic accounting review | $3,000–$25,000+ |
The 12-step self-service workflow
- Confirm exact legal name, state of formation, entity number, and current status (Secretary of State).
- Pull a Certificate of Good Standing.
- Screen entity + every d/b/a + every principal against OFAC SDN and Consolidated, OIG-LEIE, SAM.gov exclusions, DDTC Debarred, BIS Entity List.
- Pull SEC EDGAR (if public) or FINRA BrokerCheck / IAPD (if regulated).
- Pull UCC filings in state of formation and state of headquarters.
- Pull PACER federal civil, criminal, and bankruptcy across all districts.
- Pull state trial-court records in HQ state and every state of major operations.
- Verify professional licenses across all relevant rosters.
- Pull state Certificate of Tax Clearance.
- Pull Dun & Bradstreet or Experian Business credit report.
- Run adverse-media in English (and local language for foreign counterparties).
- Document the file, timestamp the screenshots, and store with the contract.
13. Frequently Asked Questions
Is a 'business background check' the same as a personal background check?
No. A personal background check (FCRA-governed) pulls a consumer report on an individual. A business background check is a due-diligence workflow that pulls public-record artifacts about an entity — Secretary of State filings, beneficial ownership data, SEC disclosures, UCC liens, court judgments, tax-status records, sanctions lists, and license rosters. There is no single 'business credit FCRA' equivalent; what regulates the work is contract law, the Equal Credit Opportunity Act (15 U.S.C. §1691) for business credit decisions, and the FCPA (15 U.S.C. §78dd-1) for international touchpoints.
What does the Corporate Transparency Act actually require in 2026?
The Corporate Transparency Act (31 U.S.C. §5336) and FinCEN's implementing rule at 31 CFR 1010.380 require most U.S. corporations, LLCs, and similar entities to file a Beneficial Ownership Information (BOI) report identifying every individual who owns 25% or more or exercises substantial control. After the March 2025 interim rule (90 FR 13688), enforcement now focuses on foreign reporting companies; many domestic small entities are no longer required to file. Always check the current FinCEN guidance before assuming a vendor is or is not a reporting company.
How do I confirm a company legally exists?
Pull a Certificate of Good Standing from the Secretary of State in the company's state of formation. Every state offers a free entity-search portal — Delaware's Division of Corporations is the most-used because more than 60% of Fortune 500 companies are Delaware-domiciled. Compare the entity number, registered agent, formation date, and current status against what the counterparty puts in writing. A status of 'forfeited,' 'revoked,' or 'inactive' means contracts may be voidable and the principals may have personal liability.
What is SEC EDGAR and when should I use it?
EDGAR is the Securities and Exchange Commission's free filings database. If your counterparty is a U.S. public company, a registered investment adviser, or has issued securities under Regulation A/Crowdfunding, its filings are here — 10-K (annual report), 10-Q (quarterly), 8-K (material events), DEF 14A (proxy), and Form D for private placements. Section 13 of the Securities Exchange Act (15 U.S.C. §78m) is what makes these filings mandatory. Always read the most recent 10-K Risk Factors and any 8-K in the last 12 months.
Which federal exclusion lists do I have to check before doing business?
Four are non-optional for most B2B engagements: OFAC's Specially Designated Nationals (SDN) list under 50 U.S.C. §1701 — strict liability if you trade with a listed party; HHS-OIG's List of Excluded Individuals/Entities (LEIE) — required if any federal healthcare dollars are involved; the General Services Administration's SAM.gov exclusions — required for any federal contracting; and FBI/FinCEN sanctions advisories for crypto and high-risk industries. A single OFAC violation can run up to the greater of roughly $377,700 (2025 inflation-adjusted) or twice the value of the underlying transaction, under 31 CFR §510.701.
How do I find UCC liens against a business?
Search the UCC filing index at the Secretary of State in the company's state of formation (Article 9 of the Uniform Commercial Code requires filings to perfect security interests in personal property). A UCC-1 financing statement tells you the company has pledged specific collateral to a creditor; multiple stale UCC-1s with the same lender often indicate factoring or merchant cash advance arrangements that signal cash-flow stress. Free portals in Delaware, California, Texas, New York; most states are $5–$25 per certified search.
What court records should I pull on a potential business partner?
PACER (https://pacer.uscourts.gov/) for federal civil, criminal, and bankruptcy — $0.10 per page capped at $3 per document, and recent SEC enforcement and DOJ False Claims Act matters typically live there. State trial courts cover commercial disputes, breach of contract, judgments, restraining orders, and employment cases — coverage and cost vary, with about 65% of state systems offering free name searches. The National Center for State Courts maintains a free portal directory.
How do I check whether a company has paid its taxes?
There is no public 'IRS account' for a private business, but three proxies work. (1) Pull a Certificate of Tax Clearance / Tax Status from the state department of revenue — most states issue these for a small fee and they disclose whether sales tax, withholding, or franchise tax are delinquent. (2) Pull federal tax liens through the IRS Automated Lien System or PACER public records (federal tax liens are filed in the county where the property sits). (3) For public companies, the 10-K tax footnote discloses unrecognized tax benefits and audit reserves.
What is a 'good' EIN verification and why does it matter?
The Employer Identification Number is the company's federal taxpayer ID. The IRS does not run a public EIN lookup, but you can verify by requesting Form W-9 from the counterparty, then cross-checking the name + EIN with the IRS TIN-matching service (free for filers of 1099s). A name/EIN mismatch is the single most common indicator of either a fraudulent vendor or a recently re-named entity that re-used the old EIN — both are red flags worth a phone call.
Are professional licenses worth checking on a business?
Always, when the business performs licensed work — contractors, electricians, plumbers, mortgage brokers, insurance agents, securities advisers, attorneys, CPAs, medical providers, real-estate brokers. NMLS Consumer Access (https://www.nmlsconsumeraccess.org/) for mortgage and consumer-finance; FINRA BrokerCheck for securities; CSLB for California contractors; state medical boards for healthcare. A revoked or surrendered license that the company does not disclose voluntarily is, in itself, a finding.
How do I assess a foreign supplier or distributor?
Six layers. (1) Confirm legal existence in the home jurisdiction (UK Companies House, Hong Kong Companies Registry, Singapore ACRA, etc.). (2) Run OFAC SDN, EU Consolidated List, and UK HM Treasury sanctions. (3) Run World Bank debarment and Asian Development Bank sanctions if any multilateral financing is involved. (4) Run adverse-media checks in the local language. (5) If the contract value crosses Foreign Corrupt Practices Act materiality, document an FCPA compliance review under 15 U.S.C. §78dd-1. (6) Confirm the apostille or consular legalization on signature authority documents.
What is the realistic budget for a small-business background check?
For a U.S. counterparty in a $10,000–$500,000 transaction, a competent self-service due-diligence package is roughly $75–$400 — state Good Standing certificate ($25–$75), UCC lien search ($15–$25), federal PACER searches ($30–$100), SAM.gov / OFAC / OIG-LEIE checks (free), and one or two state-court name searches ($0–$50). Add an Equifax or Experian Business credit report ($40–$200) if commercial credit is being extended. Comprehensive third-party due diligence reports from Kroll, Mintz Group, or LexisNexis range from $3,000 to $25,000+.
How current is the data in commercial business background databases?
Less current than vendors imply. Secretary-of-State filings refresh within 24–48 hours. OFAC and SAM.gov publish daily. UCC indexes update weekly in most states. Commercial aggregators like Dun & Bradstreet refresh their core file quarterly for small firms and monthly for higher-tier subscribers. Court-record databases vary wildly — federal PACER is real-time, state-court aggregators can be 30–180 days behind. Always re-run the primary-source check immediately before signing rather than relying on a stale aggregator pull.
What are the biggest red flags in a business background report?
In order of severity: (1) the entity is forfeited, revoked, or never legally formed; (2) the principals appear on OFAC SDN or OIG-LEIE; (3) multiple recent UCC-1s with merchant cash advance lenders; (4) federal criminal cases or SEC enforcement against principals; (5) chain of name changes (entity renamed three or more times in 36 months); (6) registered agent is a generic mass-incorporator with no physical address; (7) state tax liens or franchise tax forfeitures within the last 24 months; (8) principals' professional licenses revoked, suspended, or surrendered; (9) bankruptcy filing within 24 months; (10) adverse-media hits in the home jurisdiction. Any single hit is not necessarily disqualifying; clusters are.
Authoritative sources cited
- FinCEN — Beneficial Ownership Information (BOI) reporting
- 31 CFR 1010.380 — Beneficial Ownership rule (eCFR)
- 31 U.S.C. §5336 — Corporate Transparency Act
- U.S. Treasury OFAC — Sanctions List Search
- OFAC — Consolidated Sanctions List
- 50 U.S.C. §1701 — International Emergency Economic Powers Act
- HHS OIG — List of Excluded Individuals/Entities (LEIE)
- GSA SAM.gov — Exclusions search
- SEC EDGAR — Company filings search
- SEC — Investment Adviser Public Disclosure (IAPD)
- FINRA BrokerCheck — broker-dealer disclosure
- 15 U.S.C. §78m — Securities Exchange Act periodic reporting
- 15 U.S.C. §78dd-1 — Foreign Corrupt Practices Act anti-bribery
- 15 U.S.C. §1691 — Equal Credit Opportunity Act
- DOJ — FCPA Resource Guide
- PACER — federal court records
- National Center for State Courts
- UCC Article 9 — Secured Transactions (Cornell LII)
- NMLS Consumer Access — mortgage license verification
- National Practitioner Data Bank (HRSA)
- U.S. Commerce BIS — Entity List
- World Bank — Listing of Ineligible Firms
- Federation of Tax Administrators — state tax agency directory
- IRS — Understanding a Federal Tax Lien
- OpenCorporates — global company data