HomeServicesCorporate FinanceCommercial, Operational & Legal Due Diligence

Corporate Finance · Due Diligence

Commercial, Operational & Legal Due Diligence

Financial due diligence tells you what a target's numbers say.

Chartered Accountants · Chennai · Hyderabad · Bangalore · Dubai · Since 1986

2,000+Clients since 1986
42 yrsCA practice
4Offices · India & UAE
24 hrsResponse time

Financial due diligence tells you what a target's numbers say. Commercial, Operational & Legal Due Diligence tells you whether those numbers can survive contact with the real world — the customers, the market, the supply chain, the people, and the contracts behind them. At PNPC Global, we pair Chartered Accountants with sector specialists and legal counsel coordination to pressure-test a target's revenue durability, cost structure, operational resilience, and legal exposure before you commit capital. We are not the deal broker with an incentive to get a transaction signed — we are the advisor whose job is to tell you, plainly, what you are actually buying.

What it costs

Govt. feesGovernment & statutory fees as applicable to your case
Professional feeFixed professional fee — confirmed in writing before we start

No hidden charges. The exact figure is set in your engagement letter.

What Commercial, Operational & Legal Due Diligence is

Commercial, Operational & Legal Due Diligence (often shortened to CDD/ODD/LDD, or collectively "non-financial diligence") is the structured investigation of a target company's business fundamentals that sit outside the accounting records — its market position, customer concentration and retention, competitive dynamics, operating model, supply chain and vendor dependencies, human capital, IT and process infrastructure, and the legal and contractual framework that governs its relationships with customers, suppliers, employees, landlords, and regulators. Where Financial & Tax Due Diligence answers "are the numbers real and sustainable," Commercial, Operational & Legal Due Diligence answers a different and equally decisive question: "will this business keep performing after the deal closes, and what legal exposures come attached to it." A target can show clean, audited financials and still be a poor acquisition if its revenue rests on three customers who can walk away, its key operating processes depend on a founder who is exiting, or its material contracts contain change-of-control clauses that terminate on the very transaction being contemplated.

Commercial due diligence examines the target's market — total addressable market size and growth trajectory, competitive positioning, pricing power, customer concentration (typically measured by revenue share of the top 5 and top 10 customers), customer churn and retention trends, sales pipeline quality, and the durability of any claimed competitive moat. Operational due diligence examines how the business actually runs day to day — production or service delivery capacity and utilisation, supply chain and vendor concentration risk, quality control and regulatory compliance in operations, IT systems and cybersecurity posture, key-person dependency, organisational structure, and employee attrition patterns, particularly among revenue-critical or technically specialised staff. Legal due diligence examines the target's contractual and regulatory standing — corporate structure and shareholding chain, material contracts and whether they contain assignment or change-of-control restrictions that could be triggered by the transaction, litigation and regulatory proceedings (pending, threatened, or historical), intellectual property ownership and registration status, licences and statutory approvals required for the business to operate, employment and labour law compliance, real estate title and lease terms, and environmental or sector-specific regulatory exposure.

In the Indian legal and regulatory environment, this diligence carries specific statutory texture that a generic checklist misses. Material contracts must be reviewed against the Indian Contract Act 1872 and, where relevant, sector regulations (RBI for NBFCs and payment companies, IRDAI for insurance intermediaries, SEBI for market-linked businesses, FSSAI for food businesses, and so on). Employment diligence must cover Provident Fund and ESI compliance history, gratuity liability adequacy, POSH Act (Prevention of Sexual Harassment) policy and Internal Complaints Committee compliance, and the classification risk of contractors who may be deemed employees under labour law tests. IP diligence must confirm that patents, trademarks, copyrights, and trade secrets are actually registered in the target company's name — not in a founder's personal name or an affiliated entity — a gap we find with striking regularity in founder-led businesses being acquired for the first time. Litigation review must extend beyond the target's own name to promoters and key managerial personnel, since undisclosed personal litigation involving founders can surface as reputational or governance risk post-acquisition.

PNPC delivers Commercial, Operational & Legal Due Diligence as a coordinated, single-report workstream that runs alongside — and is cross-referenced with — Financial & Tax Due Diligence, so that a commercial red flag (customer concentration, for instance) is connected to its financial consequence (revenue-at-risk quantification) rather than sitting in a separate silo the deal team has to reconcile manually. Legal review is conducted in close coordination with the client's transaction counsel or our empanelled legal partners; PNPC's role is to ensure the legal findings are translated into commercial and financial impact — a pending litigation is not just flagged, its potential quantum and probability-weighted exposure is estimated and factored into valuation and indemnity discussions. The output is a single management-usable report structured around red flags, amber flags, and confirmations, each tied to a recommended contractual or pricing response — not a 200-page document that restates public information back to a deal team that already has no time to read it.

When Commercial, Operational & Legal Due Diligence is the right engagement

You are acquiring a company, business unit, or controlling stake and need to understand whether the target's revenue, operations, and contracts will hold up post-acquisition — not just whether its financial statements are accurate

The target's revenue is concentrated in a small number of customers or a single product line, and you need customer concentration, churn, and retention risk quantified before finalising price

The transaction will trigger change-of-control provisions in the target's material contracts — leases, customer agreements, vendor contracts, loan covenants — and you need these identified and addressed before signing, not discovered after

The target operates in a regulated sector (NBFC, food processing, pharma, real estate, fintech) where licence transferability, regulatory approvals, and compliance history materially affect deal feasibility and timeline

You are a private equity or venture capital investor evaluating a platform or add-on acquisition and your investment committee requires independent operational and legal risk assessment alongside financial diligence

The target is founder-led or family-owned and you need to assess key-person dependency, IP ownership (personal name versus company name), and related-party arrangements that a purely financial review would not surface

Litigation, labour, IP, or environmental exposure is a known or suspected risk area and you need it investigated, quantified, and reflected in indemnity or price-adjustment negotiations

You are on the sell-side and want a pre-emptive vendor commercial and legal review to surface and remediate issues before a buyer's diligence team finds them and uses them to renegotiate price

When a different engagement may be more appropriate first

You need only the accounting, tax, and financial statement quality review of the target — engage PNPC's dedicated Financial & Tax Due Diligence service, which is scoped and priced separately from commercial and legal review

The transaction is a straightforward related-party group reorganisation with no external counterparty, no material third-party contracts at risk, and no arm's-length negotiation — Group & Family Business Restructuring is the more precisely scoped engagement

You are evaluating an early-stage startup investment where the core diligence questions are founder capability, cap table cleanliness, and IP assignment rather than mature operational and contractual risk — Investor & Startup Due Diligence is built specifically for that profile

You need a standalone valuation report for a statutory purpose without an active acquisition — Business & Share Valuation or the relevant regulatory valuation service is the correct fit

The deal has already closed and you are now managing integration — Transaction Structuring, Negotiation & Post-Merger Integration addresses the post-closing phase directly

You need a lender's or seller's own pre-sale readiness assessment rather than a buyer-side investigation of a third-party target — Transaction Readiness Reviews is scoped for exactly that purpose

Structure Comparison

Commercial, Operational & Legal Due Diligence versus adjacent diligence workstreams

FeatureCommercial, Operational & Legal DDFinancial & Tax DDInvestor & Startup DDTransaction Readiness Review (Vendor DD)
Primary question answeredWill the business keep performing and is it legally clean to acquire?Are the numbers real, sustainable, and tax-clean?Is this startup fundable — team, cap table, IP, traction?Is the seller's own house in order before going to market?
Who typically commissions itBuyer (strategic or financial investor)Buyer (strategic or financial investor)Investor (angel, seed, VC fund)Seller / promoter, pre-sale
Core focus areasMarket position, customer concentration, operations, contracts, litigation, IP, labour, licencesRevenue quality, EBITDA normalisation, working capital, tax exposure across open yearsFounder background, cap table, IP assignment, burn rate, traction metricsFinancial and legal readiness gaps, disclosure schedule preparation
Legal review depthDeep — material contracts, litigation, IP ownership, licences, labour complianceLimited to tax-relevant legal matters (assessments, notices)Moderate — IP assignment and cap table legal cleanlinessDeep — anticipates and remediates what a buyer's legal DD will find
Typical outputRed/amber/green flag report tied to price and indemnity recommendationsQuality-of-earnings report, tax exposure scheduleInvestment memo risk section, cap table and IP summaryData room, disclosure schedule, pre-emptive issue remediation plan
Coordinates withFinancial & Tax DD (cross-referenced), transaction counsel for legal opinionsCommercial, Operational & Legal DD, valuation teamLegal counsel for cap table and IP documentationBuyer's eventual DD team, transaction counsel
Typical duration3–8 weeks depending on target complexity and data access3–6 weeks, often run in parallel2–4 weeks, scaled to startup stage4–10 weeks, ahead of buyer outreach
Best suited forAny acquisition where operational continuity and legal cleanliness materially affect deal valueAny acquisition, always paired with commercial/legal DD for a complete pictureAngel, seed, or venture-stage equity investmentPromoters preparing for a sale process or fundraise

These workstreams are complementary, not substitutes. On most mid-market and larger transactions, PNPC recommends running Commercial, Operational & Legal Due Diligence alongside Financial & Tax Due Diligence as a single coordinated engagement so findings are cross-referenced rather than reconciled after the fact by an already-stretched deal team.

How it works
#Stage & What PNPC DoesWhat Generic Diligence Providers SkipTimeline
1Scoping & Risk-Focus Alignment — Defining what actually matters for this dealWe do not run a generic 200-item checklist against every target. We start by understanding the deal thesis — why is the buyer paying this price, and what has to be true for that price to be justified? Diligence scope is built around testing that thesis: if the deal depends on customer retention, concentration and churn get forensic attention; if it depends on a licence transferring cleanly, regulatory transferability is investigated first, not last.Week 1
2Data Room Access & Management Interview Planning — Structured information requestWe issue a tailored information request list mapped to the risk-focus areas identified in scoping, not a boilerplate diligence checklist copied across every engagement. Management interviews are scheduled with specific personnel — not just the CEO or CFO — including sales leadership, operations heads, and HR, because commercial and operational risk lives with the people who run those functions day to day.Week 1–2
3Market & Competitive Position AssessmentWe independently size the addressable market and assess the target's actual competitive position — not simply accepting the management deck's TAM slide. Where possible, we speak with a sample of customers (with target management's consent, carefully managed for confidentiality) and review third-party market data to validate management's growth and market-share claims.Week 2–4
4Customer Concentration & Revenue Durability AnalysisWe compute top-5 and top-10 customer revenue concentration, contract tenure and renewal history, historical churn rate, and — critically — whether major customer contracts contain change-of-control clauses that could be triggered by this specific transaction. A target's largest customer walking away in month two of new ownership is the single most common cause of post-acquisition underperformance we see, and it is knowable in advance if diligence asks the right question.Week 2–5
5Operational Capacity & Key-Person Dependency ReviewWe assess production or service delivery capacity against growth assumptions in the deal model, review quality and regulatory compliance in operations, and — for founder-led businesses in particular — map exactly which revenue-generating relationships, technical capabilities, or vendor relationships depend on a specific individual who may or may not be staying post-acquisition. This dependency is almost always understated in a seller's own materials.Week 3–5
6Supply Chain & Vendor Concentration AssessmentWe map vendor concentration risk, single-source dependency for critical inputs, and the commercial terms (pricing, exclusivity, termination rights) of material supply agreements. A target with a healthy customer base can still be operationally fragile if a single vendor relationship — easily overlooked in a financial-only review — can be disrupted or renegotiated unfavourably after the deal is known publicly.Week 3–5
7Material Contract Review — Change-of-control, assignment, and termination riskWorking alongside transaction counsel or our empanelled legal partners, we review the target's material customer, vendor, lease, financing, and licensing agreements specifically for assignment restrictions, change-of-control triggers, and termination-for-convenience clauses that a transaction of this specific structure (share purchase versus asset purchase versus merger) could activate. This is where many deals discover, too late, that a key contract simply does not survive the transaction as structured.Week 4–6
8Litigation, Regulatory & Compliance History ReviewWe review pending and historical litigation involving the target company and, where relevant, its promoters and key managerial personnel — civil, criminal, tax, labour, and consumer disputes. We assess regulatory compliance history (show-cause notices, penalties, licence suspensions) and pending regulatory applications. Litigation quantum and probability of adverse outcome are estimated, not just listed, so the deal team can factor real exposure into price or indemnity negotiation.Week 4–6
9Intellectual Property Ownership VerificationWe verify that patents, trademarks, copyrights, domain names, and material trade secrets are actually registered in the target company's name on the relevant government registers (IP India, domain registrars) — not in a founder's personal name, a co-founder who has since exited, or an affiliated group entity. This gap is common enough in founder-led businesses that we treat it as a standing checklist item on every mandate, not an exception-based check.Week 4–6
10Employment, Labour & POSH Compliance ReviewWe review PF, ESI, gratuity, and bonus compliance history and adequacy of accrued liability provisioning; POSH Act policy existence and Internal Complaints Committee functioning; contractor classification risk (whether long-term "contractors" could be deemed employees under labour law tests, with attendant statutory liability); and key employment agreement terms including non-compete and IP assignment clauses for critical technical staff.Week 4–6
11IT Systems, Cybersecurity & Process Infrastructure ReviewWe assess the maturity of core IT systems the business depends on, cybersecurity posture and any history of breach or data incident, data privacy compliance relevant to the sectors involved (including, where applicable, the Digital Personal Data Protection Act 2023 framework as it comes into force), and whether critical business processes are documented and transferable or exist only as institutional knowledge in a small team.Week 5–7
12Red Flag / Amber Flag Consolidation & Deal Impact TranslationEvery finding is categorised — red flag (deal-threatening or requires resolution before signing), amber flag (manageable via price adjustment, indemnity, or condition precedent), or confirmation (no material issue found) — and each is translated into a specific, actionable recommendation: a price adjustment, a specific indemnity clause, a condition precedent requiring pre-closing remediation, or a post-closing covenant. We do not hand over a list of concerns and leave the deal team to work out what to do about them.Week 6–7
13Management Presentation & Negotiation SupportWe present findings directly to the client's deal team and, where engaged for negotiation support, work alongside transaction counsel to translate diligence findings into specific representations, warranties, indemnity caps and baskets, and closing conditions in the definitive agreement — ensuring what diligence uncovered is actually reflected in the contract the client signs.Week 7–8

Typical duration for a mid-market target: 5–8 weeks from data room access to final report, run in parallel with Financial & Tax Due Diligence where both are commissioned together. Complexity, data room quality, and management responsiveness are the primary drivers of timeline variance — a target with an organised data room and cooperative management can compress this meaningfully; a target with poor records or reluctant disclosure extends it.

Document Checklist
Corporate & Governance

Certificate of Incorporation, Memorandum and Articles of Association, and all amendments to date

Complete shareholding history and current capitalisation table with supporting share allotment and transfer filings

Board and shareholder meeting minutes for the past 3–5 years

Statutory registers — members, directors, charges — and RoC filing history (annual returns, event-based filings)

Organisation chart showing reporting lines, key managerial personnel, and any group or related-party entity structure

Details of any existing shareholders' agreements, joint venture agreements, or investor rights agreements

Commercial & Customer

Top 20 customers by revenue for the past 3 years with contract start/end dates and renewal history

Standard customer contract templates and copies of all material (top 10–15) customer agreements

Sales pipeline and CRM data, win/loss analysis, and quotation-to-close conversion history

Customer churn data and reasons for churn where recorded, for the past 3 years

Market research, competitive analysis, or third-party industry reports the target relies on for market sizing claims

Pricing history and any pricing concessions, rebates, or non-standard commercial terms granted to major customers

Operational & Supply Chain

List of material vendors and suppliers with contract terms, exclusivity provisions, and concentration by spend

Production or service delivery capacity data and current utilisation rates against the business plan's growth assumptions

Quality certifications, regulatory approvals, and any history of quality-related customer complaints or recalls

Standard operating procedures and process documentation for core revenue-generating and delivery functions

IT systems inventory, software licensing status, and any history of system outages or data incidents

Insurance policies in force — general liability, property, product liability, professional indemnity, cyber — and claims history

Legal & Regulatory

Complete list of pending and historical litigation, arbitration, and regulatory proceedings involving the company, its promoters, and key managerial personnel

All licences, registrations, and regulatory approvals required to operate — GST, FSSAI, environmental, sector-specific (RBI/IRDAI/SEBI where applicable) — with validity and renewal status

Correspondence with any regulator in the past 3 years — show-cause notices, penalty orders, inspection reports

Real estate documents — title deeds or lease agreements for all operating locations, with encumbrance and NOC status

Any consent decrees, settlement agreements, or undertakings given to a court, regulator, or counterparty

Intellectual Property

Register of all patents, trademarks, copyrights, and registered designs with current registration status and ownership name

Assignment deeds confirming IP created by founders, employees, or contractors has been formally assigned to the company

Domain name registration records and ownership verification

Any IP licensing-in or licensing-out agreements, and any history of IP infringement claims made or received

Trade secret and confidential information protection policies, including employee and contractor confidentiality agreements

Human Resources & Labour

Employee headcount by function, tenure, and compensation band; attrition data for the past 2–3 years, particularly for revenue-critical or technical roles

PF, ESI, gratuity, and bonus compliance records and challans for the past 3 years

POSH Act policy document and Internal Complaints Committee constitution and case history, if any

List of consultants and contractors engaged on a long-term basis, with contract terms relevant to employee-classification risk

Key employment agreements for founders, senior management, and technically critical staff, including non-compete, non-solicit, and IP assignment clauses

Any pending labour disputes, union activity, or works committee matters

For the Buy-Side Client — Engagement Setup

Board resolution or founder mandate authorising the diligence engagement and appointment of PNPC

Deal thesis summary — why this acquisition, at this price, and what has to hold true commercially and operationally for the deal to work

Signed engagement letter, non-disclosure agreement (if PNPC will access target's confidential data room), and fee agreement

Copy of any existing term sheet, LOI, or heads of agreement defining the transaction structure being diligenced against

Ongoing obligations
PhaseTriggered ByPNPC CA GuidanceRisk If Ignored
Mandate & Scoping (Week 1)Term sheet or LOI signed, buyer needs diligence before final commitmentDeal thesis review, risk-focus scoping, tailored information request list, management interview planning — not a generic checklist run against every target regardless of deal specifics.Generic checklist diligence misses the risks specific to this deal and this target, producing a report that reads thoroughly but tells the buyer nothing decision-useful.
Data Collection & Investigation (Week 1–6)Data room access granted, management interviews scheduledMarket and competitive assessment, customer concentration and churn analysis, vendor and supply chain mapping, material contract review for change-of-control risk, litigation and IP ownership verification, labour and POSH compliance review.Undetected customer concentration or churn risk, contracts that terminate on change of control, IP registered in a founder's personal name, or undisclosed litigation surface only after closing, when remedies are limited and expensive.
Findings Consolidation & Reporting (Week 6–8)Investigation complete, deal team needs actionable outputRed/amber/green flag categorisation, quantified impact estimates where possible, specific recommendations — price adjustment, indemnity clause, condition precedent, or post-closing covenant — tied to each material finding.A findings list without recommended deal response leaves the buyer's negotiating team to interpret risk severity themselves, often under time pressure, leading to under- or over-reaction at the negotiating table.
Negotiation & Documentation (Week 8–12)Findings inform SPA/BTA negotiationCoordination with transaction counsel to translate diligence findings into specific representations, warranties, indemnity caps and baskets, and closing conditions — ensuring the contract actually reflects what diligence found.Diligence findings that are not reflected in the definitive agreement provide no legal protection — a red flag noted in a report but absent from the SPA's indemnity schedule offers the buyer no recourse post-closing.
Closing & Condition Precedent SatisfactionSigning to closing gap, conditions precedent must be metTracking of any diligence-driven closing conditions — licence transfer confirmation, key contract consent to assignment, remediation of a specific compliance gap — to ensure they are genuinely satisfied, not just represented as satisfied.A closing condition marked satisfied without verification (e.g. a customer consent to assignment that was never actually obtained) can unravel post-closing, sometimes triggering contract termination or indemnity claims against the seller that the buyer must then chase.
Post-Closing Monitoring (First 6–12 Months)Deal closed, integration underwayWhere engaged, PNPC tracks whether the specific risks flagged in diligence (customer retention, key-person dependency, vendor relationships) materialise as anticipated, informing integration priorities and any earn-out or price-adjustment true-up calculations.Risks correctly identified in diligence but not actively monitored post-closing can still cause value erosion if integration teams are not specifically briefed to watch for them — diligence value is lost if the findings are filed away rather than acted upon.
Frequently asked
What is the difference between Commercial, Operational & Legal Due Diligence and Financial & Tax Due Diligence?

Financial & Tax Due Diligence examines whether the target's accounting records, revenue recognition, working capital, and tax positions are accurate and sustainable — it is fundamentally a review of the numbers. Commercial, Operational & Legal Due Diligence examines everything that determines whether those numbers will hold up after the deal closes: customer concentration and churn, competitive position, operational capacity, vendor dependency, material contracts, litigation, IP ownership, and labour compliance. A target can have immaculate financials and still be a poor acquisition if its top three customers can walk away, its key contracts terminate on change of control, or its core IP is registered in a departing founder's personal name.

Practitioner noteWe strongly recommend running both workstreams together and cross-referencing findings. A commercial red flag — say, 60% revenue concentration in two customers — has a direct financial consequence that should feed into the quality-of-earnings adjustment in the financial diligence report, not sit disconnected in a separate document.
How long does Commercial, Operational & Legal Due Diligence typically take?

For a mid-market target with an organised data room and cooperative management, 5–8 weeks from data room access to final report is typical. Complexity, sector (regulated sectors like NBFC, pharma, or food processing generally take longer due to licence and compliance depth), the number of material contracts requiring review, and the quality and speed of management's document production are the main variables. Running this diligence in parallel with Financial & Tax Due Diligence, rather than sequentially, is usually the more time-efficient approach for the deal timeline overall.

Practitioner noteThe single biggest driver of timeline slippage we see is not the diligence work itself but delayed or incomplete data room population by the target. We flag this risk to clients at scoping stage and recommend a firm data room completeness deadline before the diligence clock starts running in earnest.
Why does customer concentration matter so much in this diligence?

Revenue that depends heavily on a small number of customers is inherently more fragile than diversified revenue — a single customer's decision to switch suppliers, renegotiate terms, or simply not renew can materially change the target's trajectory, and that decision is often more likely, not less, immediately after an ownership change becomes known. We compute top-5 and top-10 customer revenue concentration, review contract tenure and renewal history, and specifically check whether major customer contracts contain change-of-control or assignment clauses that this specific transaction structure could trigger.

Practitioner noteWe have seen deals where a target's largest customer relationship was governed by an informal purchase-order arrangement with no long-term contract at all — technically terminable at any time, by either party, for any reason. That is a materially different risk profile than a five-year contract with a change-of-control consent clause, even if both targets show the identical revenue number from that customer today.
What is a change-of-control clause and why does it matter for this transaction?

A change-of-control clause in a contract gives the counterparty (a customer, vendor, landlord, or lender) the right to terminate, renegotiate, or require consent before the contract continues if the company's ownership or control changes — which an acquisition, by definition, does. Depending on how the transaction is structured (share purchase, slump sale, or merger), different contracts may or may not technically trigger these clauses. Identifying every material contract with such a clause before signing — not after — allows the deal team to build consent-seeking into the closing timeline or restructure the deal to avoid the trigger.

Practitioner noteWe review this specifically against the transaction structure actually being used, because the same contract can be triggered under a share purchase and unaffected under an asset carve-out, or vice versa. Generic contract review that does not account for the specific deal structure gives an incomplete answer.
Do you review litigation involving the target's promoters personally, or just the company?

Both. Litigation, regulatory proceedings, or disputes involving a target's promoters and key managerial personnel — even in their personal capacity — can carry reputational, governance, or in some cases financial exposure (personal guarantees, related-party indemnities, promoter pledge of shares) that affects the transaction. We extend litigation and background review to promoters and key managerial personnel, not just the corporate entity being acquired, as a standard part of scope.

Practitioner noteThis is one of the most commonly under-scoped areas in diligence run by generalist providers. A founder facing an unrelated personal litigation may seem irrelevant to the deal at first glance, but if that litigation involves a share pledge, a personal guarantee tied to company debt, or allegations that could affect the company's reputation with its customer base, it becomes directly relevant.
How do you verify that intellectual property is actually owned by the company?

We check the relevant government registers directly — IP India's trademark and patent databases, copyright registries, and domain name registrar records — to confirm registration is in the target company's name, not a founder's personal name, a departed co-founder, or an affiliated group entity. Where IP was created by employees, consultants, or contractors, we review whether formal assignment agreements exist and were properly executed. Trade secrets and unregistered know-how are assessed through confidentiality agreement coverage and internal protection practices rather than a public register.

Practitioner noteThis is one of the highest-frequency findings in founder-led business acquisitions: a trademark or patent filed years ago in the founder's personal name and never formally assigned to the company. It is usually fixable before closing, but it must be found and addressed — an unassigned core trademark is a real deal risk, not a technicality, particularly where the brand itself is a substantial part of the value being paid for.
What happens if you find a serious red flag mid-diligence — does the deal automatically stop?

No. Finding a red flag does not mean the deal cannot proceed — it means the deal team now has the information to decide how to respond: price adjustment, a specific indemnity provision, a condition precedent requiring the issue to be resolved before closing, a post-closing covenant, or, in genuinely serious cases, walking away. We categorise every finding as red, amber, or green and pair each with a specific recommended response, and we communicate serious findings to the client as soon as they are confirmed rather than waiting for the final report.

Practitioner noteWe do not sit on a material red flag until the final report deadline. If something surfaces mid-engagement that could change the client's negotiating position or willingness to proceed, we flag it immediately — a diligence report that arrives after the client has already committed emotionally or contractually to the deal has lost much of its value.
Can you conduct commercial diligence for a target in a regulated sector like NBFC, fintech, or food processing?

Yes. Regulated-sector targets require an additional layer of review: licence and registration validity and transferability under the applicable regulator (RBI for NBFCs and payment companies, FSSAI for food businesses, sector-specific approvals for pharma or healthcare), compliance history with that regulator including any show-cause notices or penalty orders, and whether the transaction itself requires prior regulatory approval or intimation (an RBI-regulated NBFC's change in shareholding, for example, has specific approval requirements under RBI's Master Directions). We scope this specifically for the target's sector rather than applying a generic diligence template.

Practitioner noteLicence transferability is a question that is too often assumed rather than verified. We have seen deals priced and structured on the assumption that a key regulatory licence would simply transfer with the business, only to discover during diligence that the regulator's approval process for a change of control takes months and is not guaranteed — a finding that has to change the deal timeline, not just the price.
How do you handle POSH Act compliance review — is this really material to a deal?

Yes. Under the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act 2013, every organisation with 10 or more employees must constitute an Internal Complaints Committee and maintain a compliant policy. We review whether the ICC is properly constituted, whether the policy meets statutory requirements, and the history and handling of any complaints. Non-compliance carries statutory penalties, but the more material acquisition risk is reputational and cultural — an organisation with a poorly functioning or absent grievance mechanism carries elevated people-risk that a purely financial review would never surface.

Practitioner noteInvestors, particularly institutional and PE buyers, increasingly treat POSH compliance and broader workplace culture indicators as a governance signal in their own right, independent of the immediate legal exposure. We flag this area even when the statutory risk is modest, because it often correlates with broader HR and governance discipline across the organisation.
What is a data room and how should the target prepare one?

A data room is the organised, typically virtual, repository of documents a target makes available to a buyer's diligence team — corporate records, contracts, financial statements, compliance records, and so on, generally organised by category and indexed for navigation. A well-prepared data room, populated completely and organised logically before diligence begins, is the single biggest lever a seller has to keep the process on schedule and avoid unnecessary buyer suspicion caused by information gaps that are actually just organisational gaps.

Practitioner noteWe advise sell-side clients to run a pre-emptive internal review and populate the data room fully before opening it to a buyer's diligence team — an incomplete data room does not just slow the process, it invites a buyer's diligence team to assume the worst about what is missing, even when the underlying reality is benign.
Do you interview target employees as part of this diligence, and how is that managed confidentially?

Yes, where the deal is at a stage where confidentiality with the target's own staff is manageable — typically once an NDA and, often, some level of employee awareness of the process is in place. Interviews with sales leadership, operations heads, and HR provide operational and cultural insight that documents alone cannot. Where confidentiality to the broader employee base must be preserved (a common concern pre-signing), interviews are limited to a small circle of senior management the target has cleared for disclosure, and we plan the interview schedule around the target's confidentiality constraints, not against them.

Practitioner noteWe coordinate interview scheduling and scope directly with the target's management or the seller's advisor to avoid inadvertently signalling the transaction to staff who are not meant to know yet — a leak at this stage can itself become a commercial risk (key employee flight, customer rumour) independent of what the diligence actually finds.
What is the difference between a red flag and an amber flag in your reporting?

A red flag is a finding serious enough that it could materially affect deal viability, valuation, or structure — something that typically needs resolution, a significant price adjustment, or a specific indemnity before the deal should proceed as contemplated. An amber flag is a real but manageable finding — addressable through a standard indemnity clause, a modest price adjustment, or a post-closing covenant — that does not by itself threaten the transaction. We calibrate this categorisation to the specific deal size and buyer's risk appetite, not a one-size-fits-all threshold.

Practitioner noteWe deliberately avoid inflating minor findings into red flags for the sake of appearing thorough — a report where everything is marked red or amber is not useful to a deal team trying to prioritise. Calibration and judgement, not exhaustive listing, is where the real value of an experienced diligence team shows.
How does PNPC coordinate with our transaction lawyers during this diligence?

We work alongside — not instead of — the client's transaction counsel. Legal document review (material contracts, litigation records, IP registrations) is typically conducted jointly, with PNPC's role focused on translating legal findings into commercial and financial impact — quantifying litigation exposure, assessing the revenue-at-risk from a change-of-control clause, or costing out a compliance remediation — while counsel handles the formal legal opinion and drafts the resulting contractual protections. This division keeps each professional working in their area of genuine expertise rather than duplicating effort.

Practitioner noteDeals where the CA and the lawyer work in silos — one producing a diligence report, the other drafting the SPA without close reference to it — routinely produce agreements where the representations and indemnities do not actually match what diligence found. We insist on joint working sessions at the findings-to-contract-language stage specifically to prevent this gap.
Can this diligence be used to renegotiate the purchase price?

Yes, that is one of its primary practical uses. Findings that quantify a real risk — customer concentration that could plausibly reduce forward revenue, a compliance gap requiring remediation spend, an unassigned IP asset requiring legal correction, a litigation exposure with an estimated probability-weighted cost — give the buyer's negotiating team a factual, defensible basis to request a price adjustment, an escrow holdback, or a specific indemnity, rather than a vague "we found some issues" negotiating position that sellers can more easily push back on.

Practitioner noteThe most effective negotiating outcomes come from findings we can attach a number to, even an estimated range, rather than a qualitative concern alone. We push our team to quantify wherever the underlying data allows it — a range with clearly stated assumptions is far more persuasive at the negotiating table than an unquantified red flag.
What if the target refuses to share certain sensitive information during diligence?

This happens, particularly with highly sensitive commercial information like detailed customer pricing or proprietary technical documentation, especially before signing when there is residual deal risk. We work with the seller to find alternative verification approaches — aggregated data instead of granular detail, third-party confirmation, or access restricted to a smaller "clean team" bound by additional confidentiality undertakings — and we clearly flag to our client any area where diligence access was genuinely limited, rather than silently treating an unverified claim as confirmed.

Practitioner noteAn unverifiable claim should never be reported as a confirmed finding. We are explicit in our reports about the difference between 'reviewed and confirmed' and 'management-represented, not independently verified' — that distinction matters enormously if a warranty claim arises later.
Do you assess whether the target's key employees are likely to stay after acquisition?

We assess key-person dependency — which revenue relationships, technical capabilities, or operational processes depend on specific individuals — and review retention-relevant factors like existing employment terms, non-compete coverage, and any retention or earn-out incentive structures already discussed. We do not conduct psychological assessments of individual intent to stay, which is outside our competence and typically outside the scope of a commercial diligence mandate, but we ensure the deal team understands exactly where the dependency risk sits so retention terms can be structured deliberately rather than assumed away.

Practitioner noteWe frequently recommend that buy-side clients build specific retention agreements or earn-out structures tied to key personnel identified during diligence, negotiated and signed alongside the main transaction documents — addressing the risk directly rather than hoping it does not materialise.
How is the cost of this diligence typically structured — fixed fee or hourly?

PNPC generally scopes Commercial, Operational & Legal Due Diligence on a fixed-fee basis once the mandate scope, target size, and sector complexity are understood at the scoping stage, giving the client cost certainty for budgeting purposes. Where scope genuinely cannot be fixed in advance — a target of unknown size or a sector requiring an unusually deep specialist review — we agree a capped fee range with clear triggers for any scope expansion, communicated and agreed with the client before additional work proceeds, not after.

Practitioner noteAsk for a written scope and fee letter before engagement begins. We provide this on every mandate. A diligence provider unwilling to commit scope and fee in writing before starting work is a signal worth noting.
What if commercial or legal red flags are found after the definitive agreement is already signed?

This scenario is best avoided by completing diligence — or at least the highest-risk elements of it — before signing, but where a specific item genuinely cannot be verified pre-signing (a regulatory approval still pending, for instance), it should be addressed through a specific condition precedent to closing or a post-closing indemnity in the definitive agreement, not left unaddressed. If a material issue surfaces after signing but before closing, the definitive agreement's disclosure and bring-down warranty mechanisms typically govern how it is handled — which is exactly why those mechanisms need to be drafted carefully at signing, anticipating this possibility.

Practitioner noteWe push clients hard to complete the highest-risk diligence workstreams before signing rather than after, even if it means a longer pre-signing timeline. A deal structure that defers material diligence to a post-signing period materially weakens the buyer's negotiating leverage if something serious is found — the seller has less incentive to renegotiate once the ink is already on the term sheet.
Does PNPC diligence India-UAE cross-border transactions?

Yes. PNPC has operating offices in Chennai, Bangalore, Hyderabad, and Dubai, and we coordinate cross-border diligence — an Indian buyer acquiring a UAE target, or a UAE-based buyer acquiring an Indian company — as a single engagement rather than splitting the work between unconnected correspondent firms in each jurisdiction. UAE-side considerations include UAE Corporate Tax registration and compliance status, Ultimate Beneficial Owner (UBO) and AML/CFT compliance, any legacy Economic Substance Regulations filings and penalty history for pre-2023 financial years (ESR reporting itself was discontinued for financial years commencing on or after 1 January 2023), trade licence validity and transferability, and WPS (Wage Protection System) payroll compliance, alongside the equivalent India-side review.

Practitioner noteCross-border diligence loses coherence fastest at the handoff between two firms in two countries who are not actually talking to each other. Our single-team structure across both jurisdictions is specifically designed to avoid that failure mode — one findings report, one set of recommendations, informed by both sides of the transaction.
How detailed is the final report — will our investment committee actually be able to use it?

We structure the final report around a management summary of red/amber/green findings and their recommended deal response first, with detailed supporting analysis and evidence in subsequent sections for those who need to go deeper. The goal is a report an investment committee member can genuinely read and act on in the time they realistically have, not a document that is comprehensive but effectively unusable under deal-timeline pressure.

Practitioner noteWe have reviewed diligence reports from other providers running to hundreds of pages with no executive prioritisation — every finding presented with equal visual weight regardless of materiality. That is not diligence serving the client; it is diligence protecting the provider from a future claim that something was not mentioned somewhere in the document. We structure ours to be read and acted on, not just filed.
Can this diligence be commissioned by a seller rather than a buyer?

Yes — this is typically called vendor due diligence, and we recommend it proactively for sell-side clients preparing for a competitive sale process. Running our own commercial, operational, and legal review before going to market lets the seller identify and remediate issues (an unassigned trademark, a missing POSH policy, an ambiguous customer contract) in advance, rather than having a buyer's diligence team find them mid-negotiation and use them as renegotiation leverage.

Practitioner noteVendor due diligence consistently pays for itself in a competitive sale process — sellers who walk into buyer diligence with issues already fixed, or at minimum already disclosed and explained on their own terms, retain far more negotiating leverage than sellers who are reacting defensively to a buyer's findings in real time.
What is the typical fee range for this type of diligence, and does it vary by target size?

Fees vary meaningfully with target size, sector complexity, number of material contracts and locations, and whether legal counsel coordination is bundled into the PNPC engagement or run as a parallel workstream by the client's own lawyers. We do not publish a standard fee card because a straightforward single-location target and a multi-location, multi-sector target genuinely require different levels of effort — we provide a specific, written quote after an initial scoping conversation that costs the client nothing.

Practitioner noteBe cautious of any diligence provider quoting a fixed fee before understanding target size, sector, and geographic spread — that fee is either padded to cover the provider's uncertainty, or the scope will quietly shrink once the real complexity becomes apparent. We scope first, quote second.
How do you assess a target's IT and cybersecurity posture without an in-house technical audit team?

For most mid-market targets, we conduct a structured assessment covering system inventory and criticality, software licensing compliance, backup and business continuity practices, any history of data breach or security incident, and data privacy compliance relevant to the target's sector. Where a deal's scale or the target's technology dependency (a SaaS or data-heavy business, for instance) warrants a deeper technical security audit, we bring in a specialist cybersecurity firm as part of a coordinated engagement rather than presenting a surface-level review as a full technical audit.

Practitioner noteWe are candid with clients about where our own review reaches its natural limit and a specialist technical audit adds genuine value — particularly for technology-heavy or data-intensive targets where cybersecurity risk is a first-order commercial concern, not a checklist item.
What is the risk if we skip commercial and legal diligence and rely only on financial due diligence?

Financial diligence alone tells you the numbers are accurate as of the historical period reviewed — it does not tell you whether those numbers will continue. A target can show three years of clean, growing, audited revenue and still lose 40% of that revenue within a year of new ownership if two customers exit on a change-of-control trigger nobody checked, or if a key technical founder — whose departure was never modelled — leaves within the first six months. Commercial and legal diligence exists specifically to test the forward-looking assumptions embedded in the deal price, which pure financial diligence, by its retrospective nature, cannot do.

Practitioner noteWe have been engaged more than once to diagnose why an acquisition underperformed post-closing, and the answer has consistently traced back to a commercial or operational risk that was knowable at diligence stage but was never investigated because only financial diligence was commissioned. It is a more expensive lesson learned after the fact than the diligence itself would have cost upfront.
Does PNPC provide a formal legal opinion as part of this service?

No. PNPC is a Chartered Accountancy firm; formal legal opinions on matters like contract enforceability, title, or litigation exposure are issued by qualified legal counsel, either the client's own transaction lawyers or PNPC's empanelled legal partners, working alongside our team. Our role in the legal workstream is to coordinate the review, ensure the right questions are asked and the right documents are examined, and translate legal findings into commercial and financial deal impact — not to substitute for independent legal advice on matters requiring it.

Practitioner noteWe are explicit about this boundary with every client at engagement start. Where a finding genuinely requires a formal legal opinion — enforceability of a specific clause, for instance — we flag it and coordinate directly with counsel rather than offering an informal view that could be mistaken for one.
How do you handle diligence on a target with operations across multiple Indian states?

Multi-state targets add a layer of complexity — state-specific labour law variations (Shops and Establishments Act registrations, state-specific professional tax), state stamp duty considerations on any asset or property transfer, and potentially multiple GST registrations that each need independent compliance verification. We map the target's full operational footprint at scoping stage and structure the diligence workplan to cover each material location, rather than reviewing only the headquarters location and assuming other locations mirror it.

Practitioner noteAssuming compliance uniformity across a target's branch locations based on headquarters-level documentation is a common shortcut that generic diligence providers take under timeline pressure. We have found materially different compliance postures between a target's registered office state and its branch operations more than once — this is worth the additional scoping effort.
What role does PNPC play if the deal falls through after diligence is complete?

Our engagement is scoped to deliver the diligence findings and support negotiation through to signing or the decision not to proceed — the fee and deliverable are not contingent on the deal actually closing. If the client decides, based on our findings, not to proceed with the transaction, that is a legitimate and often highly valuable outcome of the diligence process, not a failed engagement. We are structured this way deliberately, because an advisor whose fee depends on a deal closing has a conflict of interest that a genuine risk-assessment engagement cannot carry.

Practitioner noteWe have advised more than one client to walk away from a transaction based on diligence findings, and in every case the client has told us afterward that avoiding that specific deal was worth more than any success fee we might have earned by staying quiet. We consider that outcome a successful engagement, not a missed opportunity.
Can you diligence a target that is itself a holding company with multiple subsidiaries?

Yes. We scope the diligence to cover the holding company and each material operating subsidiary, since commercial, operational, and legal risk typically sits at the operating subsidiary level even though the transaction itself may be structured as a purchase of the holding company's shares. Intercompany arrangements, cross-guarantees, and any subsidiary-level litigation, licensing, or compliance issues are reviewed with the same depth as they would be for a standalone target, adjusted for materiality across the group.

Practitioner noteA common oversight in holding-company acquisitions is treating the holding entity's own clean corporate record as representative of the group, when the actual commercial and legal risk is concentrated three or four levels down in an operating subsidiary that receives far less scrutiny. We deliberately push diligence depth down to the operating level, not just the entity being technically acquired.
How does PNPC's fee compare to a large international consulting firm running the same diligence?

PNPC generally offers a materially more cost-effective engagement than a large international consulting or Big Four advisory firm for mid-market Indian and India-UAE transactions, while providing partner-level attention throughout — clients deal directly with senior CAs, not a large team of juniors overseen remotely. For very large, complex, or multi-jurisdictional transactions beyond mid-market scale, a larger firm's broader bench and specific sector practice depth may be the more appropriate fit, and we say so candidly rather than over-promising on engagements better suited elsewhere.

Practitioner noteWe would rather tell a prospective client honestly that their transaction's scale calls for a larger firm's resources than take on a mandate we cannot serve at the standard we insist on. That candour is, in our experience, exactly what keeps clients returning to us for every subsequent transaction that does fit our scale.
What is the difference between due diligence findings and a formal audit opinion?

A statutory audit provides an opinion on whether financial statements present a true and fair view under the applicable accounting standards, for a defined historical period, addressed generally to shareholders and regulators. Due diligence — commercial, operational, or legal — is a bespoke, forward-looking risk assessment commissioned by a specific buyer for a specific transaction, addressed only to that client, and is not an audit opinion or any form of assurance report under the Standards on Auditing. It does not certify that the target's financials are correct; it assesses risk to inform a decision.

Practitioner noteWe are careful with the language used in diligence reports for exactly this reason — a diligence report should never be worded in a way that could be mistaken for an audit opinion or a formal assurance engagement, since the scope, evidence standard, and legal responsibility attached to each are materially different.
Should minority shareholders or a joint venture partner also commission their own due diligence?

In a joint venture, a minority stake acquisition, or a structured investment where governance and information rights will be shared between parties post-transaction, an incoming minority investor or JV partner has just as much reason to commission independent commercial and legal diligence as a full acquirer would — the fact that they are not buying full control does not reduce their exposure to the same underlying business risks, particularly where they will not have day-to-day operational visibility after closing.

Practitioner noteWe see minority investors skip independent diligence more often than majority acquirers, sometimes relying entirely on the lead investor's diligence in a syndicated round. That can work when the lead investor's report is genuinely shared and its scope matches the minority investor's own risk concerns — but it is worth confirming explicitly rather than assuming, since diligence scoped for one investor's thesis may not cover every risk that matters to another.
How do you diligence a target's environmental compliance and liability exposure?

For manufacturing, chemical, real estate, or other environmentally sensitive targets, we review Consent to Establish and Consent to Operate certificates from the applicable State Pollution Control Board, hazardous waste handling authorisations, any history of environmental show-cause notices or closure orders, and pending environmental litigation. Where the sector or scale of operations warrants deeper technical assessment — soil or groundwater contamination risk on owned industrial land, for instance — we recommend engaging a specialist environmental consultant alongside our review rather than presenting a compliance-document review as a full environmental site assessment.

Practitioner noteEnvironmental liability can attach to land itself and, in some circumstances, survive a change in ownership — this is an area where we are quick to bring in specialist technical input rather than stretching a CA-led review beyond what it can reliably assess.
Why PNPC Global
FeatureGeneric Diligence Checklist ProviderLarge Consulting Firm (Mid-Market Deal)PNPC Global
Scoping ApproachStandard checklist applied regardless of deal thesisThorough but process-heavy, junior-staffedScoped to the specific deal thesis and target risk profile before work begins
Cross-Referencing with Financial DDRun as an entirely separate, disconnected workstreamOften coordinated, but across large siloed teamsSingle coordinated engagement — commercial findings linked directly to financial impact
Legal CoordinationMinimal — a document list, not genuine legal reviewStrong, but at premium fee levelsCoordinated with transaction counsel; findings translated into commercial and financial impact
Report UsabilityExhaustive list, no prioritisation or deal-response guidanceComprehensive but can be dense and slow to produceRed/amber/green flags each tied to a specific, actionable deal recommendation
India-UAE Cross-Border CapabilityTypically India-only, or outsourced to an unconnected correspondentAvailable, at a significant fee premiumSingle team across Chennai, Bangalore, Hyderabad, and Dubai — one engagement, both jurisdictions
Senior AttentionJunior staff with limited partner reviewSenior partner review, but juniors do most direct workDirect senior CA involvement throughout — not a delegated junior team
Fee StructureOften success-fee linked, creating a bias toward closing the dealFixed but premium-priced for mid-market scaleFixed-fee, scoped transparently, not contingent on deal closing
Willingness to Recommend Walking AwayRare — incentive is deal volume or success feeAvailable, but rarely the commercially convenient answerStandard practice — our incentive is client trust for the next transaction, not this one closing

What the PNPC package includes

  1. 01

    Deal-thesis-aligned scoping — risk-focus areas defined before any document request goes out, not a generic checklist applied uniformly

  2. 02

    Market and competitive position assessment, independently validated where possible rather than accepting management's claims at face value

  3. 03

    Customer concentration, churn, and change-of-control contract risk analysis — quantified, not just described

  4. 04

    Operational capacity and key-person dependency mapping, particularly important for founder-led and technically specialised businesses

  5. 05

    Vendor and supply chain concentration risk assessment

  6. 06

    Material contract review coordinated with transaction counsel for assignment and termination risk specific to the actual deal structure

  7. 07

    Litigation and regulatory compliance history review extending to promoters and key managerial personnel, not just the corporate entity

  8. 08

    Intellectual property ownership verification against government registers — trademarks, patents, copyrights, domains

  9. 09

    Labour, PF/ESI, gratuity, and POSH Act compliance review

  10. 10

    IT systems, cybersecurity posture, and data privacy compliance assessment, scaled to the target's technology dependency

  11. 11

    Red/amber/green flag consolidated report with specific, actionable deal-response recommendations for each material finding

  12. 12

    Negotiation support translating findings into representations, warranties, indemnity terms, and closing conditions in the definitive agreement

  13. 13

    India-UAE cross-border coordination from one team across Chennai, Bangalore, Hyderabad, and Dubai

  14. 14

    Direct engagement CA contact throughout — by phone and WhatsApp, not a support queue routed through junior staff

Before you sign, know what you are actually buying. Speak with a PNPC Chartered Accountant who has run commercial, operational, and legal diligence across Indian and India-UAE transactions since 1986 — an advisor whose fee does not depend on your deal closing, only on you having the facts you need to decide.

← Back to Corporate Finance
Talk to a CA