How to prepare your company for acquisition: the compliance readiness playbook

Sellers who prepare 18 months before the process starts close 40% faster at higher valuations. Here is exactly what to prepare.

Why sellers leave value on the table

Most sellers enter an M&A process believing their job is to respond to buyer requests as quickly as possible. This is the wrong mental model. The seller who waits for the buyer's due diligence questionnaire before thinking about compliance is the seller who will face a price reduction on Week 8 of a 12-week process — when it is too late to remediate and too early to walk away.

Compliance deficiencies are not deal-killers. They are price chips. Every open guardrail at the point of SPA negotiation is an argument for a lower price, an escrow, or a warranty claim. The seller who has closed those deficiencies before the process begins removes those chips from the table.

The 18-month runway

Eighteen months is the minimum window to address the most material compliance deficiencies before an acquisition process. The timeline is driven primarily by the AML audit cycle: an independent AML audit takes 60–90 days to complete, and the results must be demonstrably implemented — not just received — before an acquirer will accept the audit as clearing GR-008.

If you commission an AML audit, receive findings, and implement recommendations, you need at least six months between implementation and sale process initiation for an acquirer to conclude that the programme has been operating effectively under the new design.

The eight things to prepare

1. Independent AML audit

Commission an independent AML audit from a qualified firm. Ensure the scope covers BSA/AML Programme, OFAC compliance, CIP adequacy, SAR filing programme, and transaction monitoring system calibration. Implement all findings. Keep the engagement letter, findings report, and implementation evidence in a single folder in your document management system.

2. BSA Officer compensation review

Compare your BSA Officer's total compensation (base + bonus + equity) against current market data. If there is a gap, close it now. A BSA Officer who is underpaid relative to market will create a GR-009 finding in every buyer's due diligence. The acquirer will model a retention escrow into the price. You will pay that escrow — funded from the sale proceeds — to retain someone you could have retained for the cost of a salary adjustment.

3. MTL register

Document every state in which you hold a Money Transmitter Licence. For each licence, confirm whether it is transferable or requires a new application on change of control. Engage local counsel in non-transferable states to confirm the application timeline and the nature of the interim exposure. Have this analysis in writing before the process starts.

4. Change-of-control contract review

Review every material contract for change-of-control clauses. Prioritise payment processor agreements (VisaNet, Mastercard, acquirer agreements), BIN sponsorship agreements, core banking licences, and enterprise software. For contracts where consent is required, identify the counterparty's consent process and timeline.

5. Data protection posture

Confirm DPO appointment, GDPR Article 30 records of processing activities, and Data Processing Agreements with all sub-processors. In Kenya, confirm ODPC registration. In India, confirm compliance with PDPB 2023 requirements. Acquirers will ask for this documentation in the first week of due diligence.

6. Regulated role documentation

Document every regulated role in the business: BSA Officer, MLRO, DPO, FCA Approved Persons, RBI-regulated executives. For each, confirm their continued employment intention, their current compensation vs market, and whether their role scope will survive the acquisition unchanged.

7. VDR structure

Organise your document archive before the data room opens. Acquirers evaluate data room quality as a proxy for operational maturity. A well-organised, indexed, and complete data room accelerates due diligence and signals that the business is run with institutional discipline.

8. Board minutes and corporate governance

Ensure board minutes from the past three years are complete, signed, and archived. Acquirers and their counsel will review these for evidence of governance quality, material decisions, and prior disclosures.