The 47-point M&A compliance checklist for fintech acquisitions
Every material compliance question to answer before advancing from due diligence to regulatory approvals.
47
questions mapped to guardrail IDs, regulatory basis, and SPA mechanics.
Written for
Buyer
Legal
How to use this checklist
Each of the 47 items maps to a guardrail ID, a regulatory basis, and a recommended SPA mechanism if the item cannot be resolved before signing. The checklist is organised by phase gate.
A "No" or "Unknown" answer is not a reason to stop the deal — it is a reason to open a specific remediation track or draft a corresponding SPA mechanism.
Phase 3 → Phase 4: AML programme
| GR | Question | If No / Unknown |
|---|---|---|
| GR-008 | Independent AML audit completed within 18 months? | Price reduction + audit escrow |
| GR-009 | BSA Officer has signed retention agreement? | Retention escrow (18-month cliff) |
| GR-003 | CIP meets acquiring entity standard? | Remediation escrow, 12-month cure |
| GR-002 | OFAC screening current and comprehensive? | Warranty + indemnity |
| GR-004 | SAR filing cadence consistent with risk profile? | Representations + indemnity |
| GR-005 | No material SARs filed in last 24 months? | Disclose to R&W insurer |
| GR-006 | Transaction monitoring system calibrated? | 30-day post-close review requirement |
Phase 3 → Phase 4: payment licensing
| GR | Question | If No / Unknown |
|---|---|---|
| GR-011 | All MTLs transferable to acquiring entity? | R&W escrow covering interim period |
| GR-012 | BIN sponsorship agreements assignable? | Consent required pre-close |
| GR-013 | Network membership agreements transfer? | Scheme notification letter required |
| GR-014 | Change-of-control consent obtained from scheme? | Block close until obtained |
Phase 3 → Phase 4: regulated roles
| GR | Question | If No / Unknown |
|---|---|---|
| GR-026 | All regulated role holders identified and confirmed? | Role register required |
| GR-027 | FCA Approved Persons confirmed for new entity? | FCA application required |
| GR-028 | CAMS-certified team density adequate? | Hiring plan required as CP |
Phase 4 → Phase 5: regulatory approvals
| GR | Question | If No / Unknown |
|---|---|---|
| GR-020 | FCA change-of-control notification filed? | Block SPA until filed and acknowledged |
| GR-021 | CBK prior approval received (Kenya)? | Block SPA; 60-day minimum notice |
| GR-022 | RBI prior approval received (India)? | Block SPA; prior approval mandatory |
| GR-025 | KDPA cross-border data transfer agreements executed? | Data processing addendum required |
| GR-026 | GDPR Art. 37 DPO confirmed post-close? | DPO retention agreement required |
See exactly what DealSafi would find on your next deal.
No demo request required. Request access and the platform is live the same day.