Start where the regulator's record starts
Dimension one is the register match: legal entity, registration or licence number, instrument type, recorded services and current status, reconciled between the seller's file and the regulator's live public record. Any difference becomes a defined finding to resolve: an inactive service line, a condition on the licence or a pending variation.
Dimension two is instrument quality. Identify the exact registration, membership, authorisation or distribution status and test whether it permits the buyer's intended business at the intended scale - including the services the buyer plans to add, which may require a variation the regulator has to approve.
Dimension three is the cross-border layer. For EU entities, passport notifications per service and state; for groups, the map of which entity carries which corridor. The notification and register schedule in force defines the usable footprint.
Follow the money, then the people
Dimension four is safeguarding and client funds: named accounts, designation evidence, reconciliation records, breaks and their resolution. Dimension five is banking and infrastructure continuity - the relationships most exposed to a control change. Banks, scheme memberships, processors and principal issuers can all re-run due diligence on new owners; written continuity positions belong in the closing conditions, not the assumptions.
Dimension six is the financial crime file: AML programme quality, reporting history, regulator correspondence, inspections, findings and remediation. Transaction volumes and operating history provide the context. Dimension seven is people and substance: key-function holders, their regulatory approvals, contracts, retention and whether real decision-making sits where the licence says it does.
Technology, structure and the deal itself
Dimension eight is technology and data: platform ownership or licences, source escrow, security testing, incident history, outsourcing register and exit plans. In multi-entity groups, add the intercompany layer - who owns the platform, who bears the costs, and whether service agreements survive separation of any entity from the group.
Dimension nine is the change-of-control plan itself: which approvals, notifications and assessments each jurisdiction requires, in what sequence, with what evidence on the acquirers, funding and business plan. Dimension ten is transaction terms: closing conditions tied to regulatory and continuity outcomes, warranties matched to the findings, and a continuity plan for each key relationship.
The ten dimensions at a glance
-
1. Register match
Entity, number, instrument, services and status reconciled to the live regulator record.
-
2. Instrument quality
What the permission actually allows at the buyer's intended scale and scope.
-
3. Cross-border schedule
Passports, notifications and host registrations actually in force.
-
4. Safeguarding and client funds
Accounts, designation, reconciliations and breaks history.
-
5. Banking and infrastructure continuity
Written positions from banks, schemes, processors and principals for the control change.
-
6. Financial crime file
AML programme, reporting history, inspections, findings and remediation.
-
7. People and substance
Approved key functions, contracts, retention and real decision-making location.
-
8. Technology and intercompany
Platform rights, security, outsourcing, exits - and group service agreements.
-
9. Change-of-control plan
Per-jurisdiction approvals and sequencing, with the acquirer file ready.
-
10. Transaction terms
Conditions, warranties and continuity plans tied to what diligence actually found.
The data room index that saves a month
-
Corporate and ownership
Articles, extracts, cap table, UBO chain, group structure chart and intercompany agreements.
-
Regulatory file
Licence decisions, register extracts, permission schedules, conditions, variations and regulator correspondence.
-
Funds flow and safeguarding
Account map, safeguarding agreements, designations, reconciliations and breaks log.
-
Financial crime
AML policies, risk assessment, monitoring rules, reporting history, training and audit findings.
-
Banking and partners
Bank and scheme agreements, processor contracts, principal-issuer arrangements and termination clauses.
-
People
Key-function approvals, contracts, organisation chart, capacity analysis and retention terms.
-
Technology
Platform rights, architecture, security testing, incident log, outsourcing register and exit plans.
-
Financials and clients
Statements, management accounts, client concentration, complaints and litigation.
Sequencing diligence with the filing
The checklist is not a phase that ends before the regulatory process begins; run them as parallel tracks that feed each other. Register reconciliation and instrument-quality findings shape the acquisition structure - what is bought, in what order, with what conditions - and that structure is exactly what the change-of-control file describes to each regulator. Discovering a scope mismatch after the filing is drafted means re-drafting the filing.
Continuity findings drive the closing conditions. If the bank's position on the new ownership is unknown at signing, the agreement should define the available continuity routes, including confirmation, an alternative provider or a commercial adjustment. The same logic applies to principal issuers behind distributor statuses and to scheme memberships - every relationship diligence flags as control-sensitive earns a condition, a warranty or both.
In multi-jurisdiction groups, sequence the filings deliberately: regulators talk to each other, and a submission narrative that differs between authorities creates a consistency issue. One acquirer file, one funding story, one business plan, adapted per regime - prepared once, filed consistently everywhere.
Findings that shape the deal early
-
Register and pitch disagree
Reconcile any difference in recorded services, status or conditions before structuring the acquisition.
-
Status terminology
Use the regulator's exact registration, authorisation, membership, distributor or issuer status throughout the file.
-
Safeguarding evidence
Confirm named accounts, designations, reconciliations and the operating history behind the arrangement.
-
Bank continuity
Obtain the clearest available written position from the main banking or principal relationship.
-
Operating history
Reconcile the narrative with regulator correspondence, audit records, transaction data and complaints files.
FAQ
Frequently asked questions
01 How long does diligence on a licensed company take?
It scales with the instrument count and the state of the seller's file. A single-entity target with a clean data room moves quickly; a multi-jurisdiction group adds a register, funds-flow and continuity workstream per entity. The scope and estimate should follow an initial review of the available file.
02 Who runs the process - buyer, seller or advisor?
The buyer owns the decisions; SKY7 structures the workstreams: register reconciliation, data-room priorities, counterparty continuity, the regulatory filings and the closing sequence. Regulators own their approvals throughout.
03 Which points most often shape a licensed-company deal?
Scope mismatch discovered late - the permission does not cover the buyer's model - and continuity issues involving a bank or principal. Both can be identified during diligence and reflected in conditions, price or sequencing.
Keep reading