A lender approves a working capital line to a company that checks out on paper. The entity is active in good standing, the registered agent is current, the corporate filings are clean. Eighteen months later, something surfaces about the operating principal that should have been findable before the deal closed. The business background check verified the business. Nobody verified the people behind it.
This is the gap a complete business background check is supposed to close. It shows up across our work with commercial lenders, deal teams, and vendor managers. Verifying a company exists, is registered, and is in good standing answers an important question. It does not answer the most important one: who are you actually doing business with?
Entity-level screening starts by confirming a company is real and in good standing with the jurisdiction where it was formed. Done well, it extends through business credit, entity-level litigation, liens and judgments filed against the business, sanctions and watchlist screening, and adverse media on the company itself. Together, those layers establish the legitimacy and financial stability of the business itself. The basic version of business verification services covers registration, registered agent, legal name and address, and filing history. This is what providers usually mean by business identity verification.
That output is useful for a defined set of questions. Is this company a real legal entity? Is it operating in the jurisdiction it claims to be operating in? Does the corporate record match the documents the counterparty handed over? For routine vendor onboarding, low-stakes credit decisions, or basic compliance attestations, that may be all the diligence the deal warrants.
Entity verification does not tell you whether the people running the company have been sued, are on a sanctions list, have a history of failed prior ventures, or have personal liens and bankruptcies that may affect their ability to perform on the deal.
A clean entity record means the structure is verified. It does not mean the operator is.
The legal distinction between a business and the people who run it is real and useful. In practice, the risk profile of the operator often carries the deal as much as the structure of the entity does. A business incorporated three years ago has three years of corporate record. The principal running it may have a twenty-year track record of forming and dissolving entities, with litigation, regulatory actions, and prior business outcomes attached to the person. The entity record can be clean while the operator's record is not. That is why a complete approach to executive-level diligence treats the entity and the operator as separate but linked subjects, each warranting its own diligence layer.
The split shows up in how regulators, lenders, and investors actually work. Know Your Business (KYB) and Know Your Customer (KYC) frameworks were built for different ends of this question. KYB was originally designed to confirm an entity exists and is what it says it is. KYC was designed to verify the identity of the people behind the business. The two work together. Confirming a legal entity exists is only useful if you also know who controls it, who signs for it, and who is responsible if the relationship goes wrong.
In private credit, the personal guarantee is the contractual proof of this. A guarantor is on the hook in a way the entity is not. Underwriting the entity without diligence on the guarantor is underwriting half the deal. The same logic applies in Mergers and Acquisitions (M&A) on key principals, in marketplace platforms on listed sellers and operators, and in licensed industries on the named individual whose certification carries the work.
Most of what makes a principal a higher or lower risk lives in records tied to the person, not the business. A meaningful executive background check covers several layers.
Criminal history. Federal, state, and county criminal records on the principal belong in any serious counterparty review, with attention to the jurisdictions where the person has actually lived and worked. National database lookups are useful as a first pass, but criminal records are filed at the county level in most states, and county records take time to surface in aggregated databases. For higher-stakes deals, an investigator-verified criminal layer pulls live from the counties most likely to have records.
Civil litigation. The pattern of civil litigation involving a principal is often more revealing than the criminal layer. A civil records check covers lawsuits, judgments, and the principal's history as both a defendant and a plaintiff. Repeat litigation with vendors, partners, or prior employers is a pattern. Dismissed cases are not necessarily dispositive, but the volume and shape of the litigation history adds context that entity records do not provide.
Sanctions, watchlist, and PEP exposure. A sanctions screening layer on the principal checks against Office of Foreign Assets Control (OFAC) lists, international sanctions bodies, and Politically Exposed Person (PEP) databases. For business entities, sanctions screening is often run on the company name. For principals, it has to be run on the person, with identifiers strong enough to resolve common-name collisions. False positives in this layer are common; the work is in the verification, not the initial hit.
Adverse media on the individual. A reputation and media search on a principal often finds public coverage that does not surface in any structured database: prior business failures with press coverage, regulatory actions, or news that affects reputation. The signal-to-noise problem is real here. Many adverse media hits are false positives on common names or aged information that no longer matters. The point of the layer is not to flag every reference but to find the ones that change the picture.
Personal financial pressure. Business credit and entity-level liens describe the company. Personal liens, bankruptcies, and judgments against the principal describe the person funding or guaranteeing the deal. A financial risk assessment at the principal level is part of the picture, especially when a personal guarantee is in play.
Associated businesses. A principal who runs one entity has often run several. Mapping the principal's prior and current business interests surfaces history that the current entity record cannot show. Failed prior ventures and patterns of forming and dissolving entities live in records keyed to the person, not to today's company.
Principal-level work like this sits within a non-FCRA framework, which is how we operate. We're investigating the people behind a business deal, not screening individuals for employment, housing, or personal credit. Our FCRA vs Non-FCRA breakdown covers what that means in practice.
Not every deal needs every layer of screening. Right-sizing the diligence to the actual risk of the transaction is part of doing this well. A $5,000 net-30 line to a vendor with strong references and a long operating history does not warrant the same scrutiny as a $5 million acquisition of a single-owner operating company. The point of principal-level diligence is to apply it where it changes outcomes, not to default to maximum coverage on every check.
Some patterns make principal-level diligence the higher-value layer:
The inverse is also true. For volume vendor onboarding on routine, low-stakes goods or services, entity-level verification is often the right answer, and adding investigator-verified principal diligence to every check would be paying for diligence that does not change the decision. The right-sizing question stays the same: would a finding on the principal actually affect what you do next? If yes, the layer is worth running. If no, save the spend for the deals where it matters.
A complete approach to due diligence on a company starts at the entity and moves outward to the people, layered to the actual stakes of the deal. The standard structure for corporate due diligence investigations on a higher-stakes engagement looks something like this:
The depth of each layer should match the deal. Higher exposure justifies deeper layers; lower exposure justifies a lighter touch.
If you have a counterparty in front of you and you are deciding what depth of background check the deal warrants, schedule a call to scope it with us and we'll walk through the deal together.
2.png)
.png)
