The seven-phase model, 32 guardrails, role-based access control, and the immutable audit chain — explained for buyers, sellers, and the deal teams that serve them.
In a standard M&A process, financial due diligence runs for weeks before compliance due diligence begins. By the time the compliance team discovers the AML audit lapsed 27 months ago, or the BSA Officer is underpaid by $28K and talking to recruiters, or the Money Transmitter Licence in Texas is non-transferable — the SPA negotiation has already begun at a price that did not account for any of it.
DealSafi makes compliance due diligence run from Day 1, in parallel with everything else. 32 guardrails fire automatically when the VDR is synced. Phase gates prevent the deal from advancing until material conditions are met. Every finding, every override, every exception is logged permanently to an immutable audit chain.
32 guardrails fire the moment the VDR is synced — not when the compliance team gets around to reading the documents. The compliance workstream runs in parallel with financial and legal due diligence from Day 1. The median time saving in our dataset: 47 days.
Both buyer and seller have access to the same compliance data in real time, with role-appropriate visibility. Sellers see their own gaps before the buyer asks. Buyers see seller responses in real time. Information asymmetry — the primary cause of price disputes — is eliminated.
Every open guardrail at SPA signing has a quantified exposure range and a recommended SPA mechanism. The buyer arrives at the negotiating table with a documented compliance risk register — not a qualitative assessment. The average compliance price adjustment in DealSafi deals: 1.8% vs industry median of 8.3%.
Phase gates prevent advancement when material conditions are unmet. The deal cannot advance from Phase 3 to Phase 4 if GR-008 (AML audit lapse), GR-009 (BSA Officer continuity), or GR-011 (MTL non-transferability) are open — unless a documented 2-person override is granted and permanently logged.
When both sides use DealSafi, compliance gaps are identified and resolved in real time rather than discovered during negotiation. This is the structural change that produces the 83% reduction in post-close disputes.
Information that is visible to the wrong person is a privilege violation, a data protection breach, or a competitive intelligence risk. DealSafi enforces access at the infrastructure level — not as a UI setting.
Every document view, upload, permission change, guardrail firing, phase advance, and override is written to an SHA-256 hash-chained log stored in AWS S3 Object Lock WORM. No user — including system administrators — can edit or delete any entry. Override events require 2-person authorisation and permanent justification logging.
Compliance risks that cannot be resolved before SPA signing are not deal-killers — they are price mechanics. DealSafi maps each open guardrail to the appropriate SPA mechanism and models the financial impact.
| Guardrail | Regulatory basis | Low exposure | High exposure | SPA mechanism |
|---|---|---|---|---|
| GR-008 — AML audit lapse | 31 CFR § 1020.210 | $8,000,000 | $47,000,000 | Price reduction |
| GR-009 — BSA Officer continuity | FinCEN guidance | $2,000,000 | $12,000,000 | Retention escrow (18m cliff) |
| GR-011 — MTL non-transferable | State MTL law | $10,000,000 | $15,000,000 | R&W escrow |
| GR-020 — FCA CoC notification | FCA Handbook SUP 11 | FCA investigation | Authorisation withdrawal | Block SPA until obtained |
| GR-021 — CBK prior approval | Kenya National Payment Systems Act | Licence revocation | Transaction void | Block SPA until obtained |
| GR-025 — KDPA cross-border | KDPA 2019 s.48 | KES 3,000,000 | Criminal liability | DPA addendum + remediation CP |
No demo request. No sales call. The full DealSafi platform — all 11 RBAC roles, all 32 guardrails, all seven phases — is visible on the platform-screens page.
Open platform →Request access and your deal workspace is live the same day. Per deal, not per seat. The platform is ready for your next process from Day 1.
Request access →