Due Diligence In Mergers And Acquisitions: What To Look For

Thinking about buying another business or selling your own? Due diligence in mergers and acquisitions (M&A) is the research phase that protects you from nasty surprises and sets the deal up for success.

If you’re a small business owner, you don’t need an investment bank-sized team to do this well. With a structured checklist, the right documents, and targeted expert help, you can run a thorough process and negotiate with confidence.

Below, we break down what M&A due diligence involves under UK law, what to check, how long it should take, the documents you’ll need, and the common red flags to watch for.

What Is M&A Due Diligence (And Why It Matters)?

Due diligence is the buyer’s opportunity to verify what’s being bought, uncover risks, and test the assumptions behind the price. For sellers, it’s your chance to present a clean, well-organised business that justifies value and avoids last‑minute price chips.

In practice, due diligence covers four pillars:

• Legal – contracts, corporate structure, compliance, disputes, IP, employment, data protection and more.
• Financial – revenue quality, margins, working capital, debt, cash, and forecasts.
• Tax – corporation tax, VAT, PAYE/NIC, historic filings, HMRC enquiries.
• Commercial/Operational – customers, competition, supply chain, systems, and key people.

Done well, due diligence will help you:

• Confirm the deal structure (asset purchase or share purchase) and the price you’re willing to pay.
• Negotiate targeted warranties, indemnities and purchase price adjustments to cover specific risks.
• Plan the handover and integration so you hit day one without disruption.

Even for smaller acquisitions, a light but disciplined process can save you significant time and money later. It also keeps you compliant with UK laws like the Companies Act 2006, the Data Protection Act 2018/UK GDPR, the Bribery Act 2010 and the Transfer of Undertakings (Protection of Employment) Regulations 2006 (TUPE).

Asset Purchase Vs Share Purchase: How Due Diligence Differs

Before you dive into document requests, decide how the deal will be structured – it changes what you need to check and transfer.

Share Purchase

You buy the company’s shares, so you inherit all assets and liabilities (known and unknown) unless excluded in the contract.

Due diligence focus:

• Corporate records at Companies House (articles, share register, charges, historic filings).
• All liabilities including tax, HR, litigation, contracts, and compliance exposure.
• Change of control provisions in key customer/supplier contracts and licences.

The main contract is typically a Share Purchase Agreement (SPA). It’s common to use a tailored Share Sale Agreement to set out the price, warranties and completion mechanics.

Asset Purchase

You buy selected assets (for example, equipment, stock, IP, the brand, and certain contracts) and usually leave liabilities behind unless you agree to take them.

Due diligence focus:

• Clear title to each asset and whether consents are needed to transfer them.
• Contracts that need a novation or assignment to you.
• Any leases (you may need consent; read up on assigning a lease).

Many third‑party contracts require a Deed of Novation or assignment to legally transfer rights and obligations to the buyer. Where you’re acquiring the brand and other intangible assets, an IP Assignment should be part of the completion pack.

Important: even in an asset deal, TUPE may transfer employees automatically with their existing rights and continuity of service. That needs careful planning and consultation.

A Practical M&A Due Diligence Checklist For Small Businesses

Start with a targeted, risk‑based checklist. If a business is simple and small, you don’t need hundreds of requests – just the right ones. Here’s a practical list you can adapt:

Corporate And Governance

• Certificate of incorporation, articles of association, share register, shareholders’ agreements, options.
• Board and shareholder minutes/resolutions, outstanding authorities or guarantees.
• Companies House filings (confirmation statements, accounts, charges).

Contracts And Customers

• Top 10–20 customer contracts (terms, pricing, termination, change of control, exclusivity, auto‑renewals).
• Supplier and distributor agreements, price lists, rebates, MFN clauses.
• Any franchising, licensing, agency or reseller arrangements.
• Material standard terms used with customers (e.g., Terms of Sale or a master services agreement).

Employment And People

• Organisation chart, key staff, contractors, compensation and bonus schemes.
• Template and signed contracts, handbooks, grievance/disciplinary records.
• Holiday accruals, overtime, working time compliance, right‑to‑work checks.
• Redundancy or TUPE exposure on integration (under TUPE 2006).

Intellectual Property And Brand

• Trade marks, domain names, copyright (including software code), designs, know‑how.
• Evidence of ownership (especially for work created by contractors or agencies).
• Licences in or out and any open‑source software use policies.

Data Protection And Cyber

• Privacy notices, cookie policies, records of processing, retention schedules.
• Data processing/sharing agreements, international transfers.
• Security policies, breach logs, DPIAs, and any ICO correspondence.

Regulatory And Compliance

• Health and safety policies and incident logs (Health and Safety at Work etc. Act 1974).
• Consumer compliance (Consumer Rights Act 2015), advertising standards, pricing.
• Bribery and corruption (Bribery Act 2010), anti‑facilitation of tax evasion.
• Sector licences (for example, FCA permissions) or environmental permits.

Financial And Tax (High Level For Owners)

• Management accounts, statutory accounts and cash flow for last 2–3 years.
• Revenue by product/customer, margins, recurring vs one‑off revenue.
• Tax filings and HMRC correspondence for VAT, corporation tax, PAYE/NIC.

If you’re selling, prepping these upfront is “vendor due diligence”. It speeds up the process and reduces the risk of a buyer chipping the price late in the day.

How To Run A Smooth Due Diligence Process

Approach due diligence like a mini‑project. A clear scope, timelines and consistent communication keep momentum and protect relationships.

1) Lock Down Confidentiality First

Before you share anything sensitive, put a robust Non‑Disclosure Agreement in place. It should cover permitted use, who can access the data, retention/deletion, and non‑solicitation of staff or customers.

2) Decide Your Scope And Priorities

What could break the deal or materially impact value? Focus there first. For most SMEs, that’s usually customer concentration, contract transferability, IP ownership, employee liabilities (including TUPE), data protection compliance, and tax exposure.

3) Set Up A Simple Data Room

You don’t need expensive software. A well‑organised cloud folder with restricted access, versioning and clear naming conventions does the job. Keep an index and Q&A log so both sides can track what’s been answered.

4) Build A Realistic Timeline

For small deals, two to four weeks of legal/commercial due diligence is common, with financial/tax work running in parallel. Timebox responses (for example, weekly drops), and schedule regular check‑ins to keep decisions moving.

5) Use Specialists Where It Counts

You can cover the basics yourself, but targeted legal support pays for itself when negotiating warranties, indemnities, and risk allocation. A fixed‑fee legal due diligence package keeps costs predictable while ensuring nothing critical is missed.

Key UK Legal Areas To Review In M&A Due Diligence

Here’s a closer look at the legal hotspots we see most often in small business deals.

1) Corporate Housekeeping

Check the company’s constitutional documents, share history and any outstanding rights (options, convertibles, or investor vetoes). Confirm all filings at Companies House are up to date and that there are no undisclosed charges or security interests.

2) Contracts And Change Of Control

Scan top customer and supplier agreements for clauses that allow termination or price renegotiation on a change of control. For asset deals, flag contracts that can’t be assigned without consent so you can plan novations or replacements. Where you need to transfer third‑party agreements, a Deed of Novation is often the cleanest route.

3) Employment And TUPE Risk

Map employees vs genuine contractors, check right‑to‑work and minimum wage compliance, and review grievances or tribunal claims. If the acquisition involves transferring a business or part of a business, TUPE can transfer employees automatically with their rights intact and restrict changes to terms. Understanding when TUPE applies (and what you can and can’t change) is essential – our plain‑English TUPE guide on salary changes gives useful context: TUPE.

4) Intellectual Property Ownership

Make sure the target actually owns the IP it relies on. Work created by freelancers or agencies isn’t automatically owned by the business – you’ll want signed IP assignments. If IP is a key value driver, plan to complete a formal IP Assignment at completion and verify any registered trade marks match the trading name and logo used.

5) Data Protection (UK GDPR) And Cyber

If the business handles personal data (staff, customers or prospects), verify UK GDPR compliance: a lawful basis for processing, data minimisation, security measures, processor agreements and international transfers. A clear, accurate Privacy Policy helps demonstrate compliance, but look beyond the policy to day‑to‑day practices and breach history.

6) Consumer, Marketing And Pricing

Consumer‑facing businesses must comply with the Consumer Rights Act 2015 and related trading standards on refunds, replacements, and fair terms. Check website terms, returns policies, and marketing claims (including online reviews, promotions and “auto‑renewals”) for compliance.

7) Bribery, Modern Slavery And Health & Safety

Even small businesses should have proportionate controls under the Bribery Act 2010 and, where relevant, the Modern Slavery Act 2015. Health and safety policies, risk assessments and incident logs should align with the Health and Safety at Work etc. Act 1974.

8) Real Estate And Leases

Review heads of terms, repair and service charge obligations, break clauses and rent reviews. For an asset sale, you’ll likely need landlord consent to assign any lease – plan the timing alongside completion.

9) Tax And HMRC

Confirm VAT registration, PAYE/NIC compliance and corporation tax filings. Ask about HMRC enquiries, R&D claims and any time‑to‑pay arrangements. These can affect completion accounts and cash at completion.

From Findings To Protections: How Due Diligence Shapes Your Deal

Due diligence isn’t just about spotting issues – it’s about deciding how to handle them so both sides can still get the deal done. Common tools include:

• Price adjustments – reduce the price or retain part of it until a risk is resolved.
• Specific indemnities – the seller covers a defined risk (for example, a known tax or HR issue).
• Warranties – the seller confirms certain facts; if untrue, you can claim damages.
• Earn‑out – a portion of the price depends on future performance, aligning interests post‑completion.
• Completion deliverables – for example, landlord consents, novations, IP assignments and updated corporate records.

Your sale and purchase agreement is where these protections live. In a share deal, a well‑drafted Share Sale Agreement will set out warranties, indemnities, limits on liability and the mechanics for completion and post‑completion adjustments.

Common Red Flags (And What To Do About Them)

Here are the issues that most often move price, change structure or delay completion – and practical ways to respond.

Unassignable Contracts Or Licence Restrictions

If key contracts can’t be assigned or need counterparty consent, build a plan: approach top accounts early, use conditional completion, or include a temporary sub‑contract/transition arrangement until novations are signed.

Weak IP Ownership

Where brand, content or software is core, require historic assignments from contractors and employees and ensure new IP Assignment deeds complete at closing. If gaps can’t be fixed, consider escrows or price adjustments.

Employment Liabilities Or TUPE Constraints

Budget for accrued holiday, unpaid bonuses and any equal pay or National Minimum Wage exposure. If TUPE applies, factor in consultation timelines and recognise that unilateral post‑deal changes to terms may not be allowed.

Data Protection Non‑Compliance

Missing processor agreements, unclear cookie consent or poor security controls increase regulatory and reputational risk. Require remediation pre‑completion, limit liability or hold back part of the price until fixes are verified. Updating the Privacy Policy is often just the start – make sure the operational practices match.

Landlord Or Lender Consents

These can take time. Start early, set realistic long‑stop dates, and consider split exchange/completion so you can secure consents without stalling the whole deal.

What Documents Will I Need For M&A Due Diligence?

Every deal is different, but most small business acquisitions will involve:

• A strong NDA to protect the data room and discussions.
• Heads of terms or a term sheet to capture the commercial deal and exclusivity.
• A share or asset purchase agreement (with warranties, indemnities and limitations).
• Ancillaries: board/shareholder resolutions, stock transfer forms, completion certificates, and filings.
• Transfers: Deeds of Novation for third‑party contracts, deeds of assignment for IP, and landlord consents for leases.
• Post‑deal updates: new policies, customer terms, and (if relevant) updates to the target’s website and Privacy Policy.

If you’re selling, preparing your contracts and records now will make diligence quicker and cleaner. For instance, if your website T&Cs, data protection documents or standard customer terms are outdated, getting them refreshed before a buyer arrives can preserve value.

How Long Should Due Diligence Take?

For a straightforward small business acquisition, two to four weeks of legal and commercial diligence is typical, with financial/tax diligence in parallel. Add time if you need third‑party consents, FCA or landlord approvals, or if the business is multi‑site or regulated.

Set a realistic long‑stop date in your heads of terms to avoid drift. Weekly status check‑ins keep everyone aligned and surface blockers early.

Key Takeaways

• Due diligence in mergers and acquisitions is your chance to verify value, uncover risks and shape protections – even for smaller deals, a light but thorough process pays dividends.
• Decide early between an asset purchase and a share purchase. The structure drives what you check, how liabilities transfer, and which documents you’ll need (for example, novations, IP assignments, or a tailored Share Sale Agreement).
• Focus your M&A due diligence on the big value drivers: top contracts, IP ownership, employees (including TUPE), data protection, leases and tax. Don’t get lost in low‑impact details.
• Protect confidentiality from day one with an NDA, organise a simple data room, and timebox the process with clear Q&A and weekly check‑ins.
• Use your findings to negotiate price, warranties and indemnities, and to plan completion deliverables (consents, novations, IP assignments, updated filings).
• Targeted legal help makes a difference. A fixed‑fee legal due diligence review can catch issues early and keep your deal moving while you stay focused on the commercial outcomes.

If you’d like help planning or running due diligence for an acquisition or sale, our team is here to make it simple. You can reach us on 08081347754 or at team@sprintlaw.co.uk for a free, no‑obligations chat.