Blog Banner SVG

Don't Let Paperwork Slow You Down

Register Your Business Online in Just 7 days

Blog Banner
HomeBlogDue Diligence Checklist for Startups: Financial, Legal & Compliance
Business ManagementLicenses and Government Registrations

Due Diligence Checklist for Startups: Financial, Legal & Compliance

Sidharth Ravichandran
Updated:
12 min read
due diligence checklist for startups

The due diligence process includes a careful review of financial statements, legal documents, and business operations to ensure there are no hidden risks. Before you buy a company, invest in a startup, or enter a partnership, a thorough due diligence check in reference to the Companies Act, 2013, the MCA/ROC, GST, and FEMA tells you exactly what you are getting into. 

Performing due diligence minimizes the risk of future financial loss or reputational damage, ensuring that all stakeholders can make informed decisions.

This guide gives you a ready-to-use due diligence checklist covering finance, legal, operations, tax, and compliance, written for Indian businesses. 

What is a Due Diligence Checklist?

A due diligence checklist is a structured list of documents and areas a buyer or investor reviews while performing different operations like investment, merger & acquisition, audit, strategic partnerships, lending, etc. Rather than solely relying on the information provided by the party, it is imperative to independently verify each detail, analyzing every account, scrutinizing each contract, and examining every filing.

A clear list of due diligence items keeps the review organized, ensures nothing goes amiss, and gives you leverage to renegotiate if a problem is identified.

Why Due Diligence Matters

The value of due diligence is simple: it replaces assumptions with facts before capital is transferred in different scenarios. If performed as advised, it:

  • Reduces risk by surfacing financial, legal, and operational problems early.
  • Confirms compliance with applicable laws and regulations.
  • Improves decisions by showing the true value of a business, not the advertised one.
  • Strengthens negotiation by finding a problem that allows you to renegotiate in your favour.

Due Diligence Checklist: What to Verify Before a Deal

Below is a complete business due diligence checklist, grouped by area. For larger deals, it is advisable to refer to the last three years of records; for a small business, one to two years is often enough.

1. Financial Due Diligence Checklist

This is what to verify in a financial due diligence checklist (India-specific items included):

  • Audited financial statements for the last 3 years
  • Profit and loss statements and cash flow reports
  • Balance sheet and notes to accounts
  • Accounts receivable and payable ageing
  • Outstanding loans, debts, guarantees, and contingent liabilities
  • Bank statements and reconciliations
  • Income tax returns and assessment orders
  • GST returns (GSTR-1, GSTR-3B, GSTR-9) and reconciliation with books
  • TDS returns, Form 26AS, Annual Information Statement (AIS)
  • Working capital position and major one-off or related-party transactions
  • Annual Information Statement (AIS)
  • Related-party transactions review
  • Revenue recognition policies
  • Contingent liabilities review

A financial due diligence checklist usually identifies undisclosed debt, inflated revenue, unpaid taxes, and cash-flow problems.

A legal due diligence checklist verifies that the company owns what it claims to own and is not carrying legal risk. You can treat the list below as a legal due diligence checklist template and adapt it to the transaction:

  • Certificate of Incorporation, MOA, and AOA
  • Statutory registers, board and shareholder resolutions, and minutes
  • All material contracts, customer and supplier agreements, and leases
  • Shareholders’ agreement, founders’ agreement, and any term sheets
  • Pending, threatened, or past litigation and notices
  • Intellectual property registrations (trademarks, patents, copyrights, designs)
  • Property title documents and rent/lease deeds
  • Loan and security documents, charges, and guarantees
  • Regulatory licences, permits, and approvals relevant to the business
  • Significant Beneficial Owner (SBO) disclosures
  • Ultimate Beneficial Ownership verification

3. Operational Due Diligence Checklist

Operational due diligence checks whether the business actually runs the way it looks on paper:

  • Organizational chart and key-employee contracts
  • Employee headcount, attrition, and HR policies
  • Supplier and customer concentration (who you depend on most)
  • Licences, permits, and regulatory approvals for operations
  • IT systems, software licences, and data-security policies
  • Insurance policies and coverage
  • Standard operating procedures and quality records

4. Tax Due Diligence Checklist

A Tax Due Diligence Checklist is a structured list of tax-related documents, records, and compliance areas reviewed to identify potential tax risks, liabilities, and exposures.

  • Corporate income tax returns and computation
  • Outstanding tax demands, appeals, or assessments
  • GST registration, filings, and input tax credit position
  • TDS/TCS compliance
  • Transfer pricing documentation (if applicable)
  • Professional tax, PF, and ESI tax compliance

5. Compliance Due Diligence Checklist

A compliance due diligence checklist confirms the company has met its statutory obligations under Indian law:

  • ROC/MCA filings — annual returns (MGT-7) and financial statements (AOC-4)
  • Director KYC (DIR-3 KYC) and director disqualification status
  • Labour law compliance — PF, ESI, gratuity, and Shops & Establishment
  • Environmental clearances and pollution-control consents (if applicable)
  • FEMA and RBI compliance for any foreign investment (FC-GPR filings)
  • Industry-specific regulatory compliance (RBI, SEBI, FSSAI, etc.)
  • Secretarial records and event-based filings

Tip: Treat this as your due diligence requirements checklist. Request documents through a single, dated information request, and keep a shared folder so every reviewer works from the same set.

Who Conducts Due Diligence, and How Long Does It Take?

Due diligence is usually carried out by the buyer or investor, supported by specialists such as: 

  • Chartered accountants for the financial and tax review, 
  • Lawyers or company secretaries for legal and compliance, and 
  • Industry experts for commercial checks. 

A due diligence audit checklist works best when each specialist owns their section and reports to one lead.

Timelines depend on the size of the business and how well its records are kept. A small business with clean books can be reviewed in one to two weeks; a larger company, or one with messy records, can take four to six weeks or more. Cost varies with scope and the professionals involved, so agree on the scope before work begins.

Step-by-Step Process to Comply With Due Diligence 

Here is how the due diligence process usually runs from start to finish:

1. Define the scope and objectives: Decide which areas to review (financial, legal, operational, tax, compliance) and the specific risks tied to this deal.

2. Gather information: Collect contracts, financial statements, tax records, and IP documents, and set up interviews with management and advisors.

3. Review financial records: Analyze statements, cash flow, and liabilities; flag anything outstanding or unexplained.

4. Run the legal and compliance review: Examine litigation, contracts, IP, ROC/MCA filings, and regulatory status.

5. Check operations: Evaluate processes, supply chain, employee contracts, and IT systems.

6. Identify red flags: Highlight inconsistencies and risks, and note a mitigation approach for each.

7. Prepare the due diligence report: Summarize findings, quantify risks where possible, and give a clear recommendation on how to proceed.

Due Diligence Checklist for a Private Limited Company

The core due diligence process remains similar across business structures, although the documents reviewed and compliance requirements may differ. For a due diligence checklist for a private limited company, pay particular attention to the company-specific records: 

  • Certificate of Incorporation
  • MOA and AOA, 
  • Share capital structure and shareholding pattern, 
  • Statutory registers, 
  • Board and shareholder resolutions, 
  • ROC filings (AOC-4 and MGT-7), 
  • Director KYC, and any registered charges. 

These confirm the company is properly constituted and current on its MCA compliance.

Due Diligence Checklist for a Startup

Likewise, a startup investment due diligence checklist looks a little different from a mature business. Alongside the financial and legal items listed above, investors focus on: 

  • The cap table and ESOP pool,
  • Founders’ agreement and vesting, 
  • IP assignment from founders and contractors, 
  • Key customer and revenue traction, 
  • Product and technology ownership, and 
  • Regulatory fit. 

Because early-stage records can be thin, a due diligence checklist for a startup leans more on contracts, IP ownership, and founder commitments than on years of audited accounts.

Due Diligence Checklist for Small Businesses

For a due diligence checklist for a small business, keep it proportionate. Focus on the essentials: 

  • One to two years of financials and tax filings, 
  • GST and TDS compliance, 
  • Key contracts and leases, 
  • Licences and registrations, and 
  • Any outstanding loans or disputes. 

A focused due diligence checklist for India-based small businesses should always include GST returns, income tax filings, and Shops & Establishment or trade licenses, since these are the most common gaps.

Due Diligence Red Flags to Watch For

While reviewing financial, legal, tax, and compliance records, it is important to identify potential red flags that could affect the value of the transaction or expose the buyer to future liabilities. The following issues often require deeper investigation before proceeding with a deal:

1. Pending Tax Notices and Assessments

Review whether the company has received any notices, demands, assessments, or ongoing proceedings from the Income Tax Department, GST authorities, customs authorities, or other tax regulators. Unresolved tax disputes can result in significant financial liabilities after the transaction is completed.

Red Flag Indicators:

  • Outstanding income tax demands
  • Pending GST audits or investigations
  • Frequent tax notices
  • Unpaid interest or penalties
  • Significant differences between tax filings and financial statements

2. Director Disqualification or Governance Issues

Verify the status of directors through MCA records and ensure none of the directors have been disqualified under the Companies Act, 2013. Director disqualification can affect the company’s governance structure and create regulatory complications.

Red Flag Indicators:

  • Director disqualification under Section 164 of the Companies Act, 2013
  • Failure to file annual returns or financial statements
  • Frequent changes in directors without clear justification
  • Incomplete statutory registers or board records

3. GST Mismatches and Compliance Gaps

Differences between GST returns, books of accounts, and e-invoicing records may indicate reporting errors or potential tax exposure.

Red Flag Indicators:

  • Mismatch between GSTR-1 and GSTR-3B
  • Reversal of substantial input tax credits
  • Delayed GST return filings
  • Unreconciled GST liabilities
  • Vendor non-compliance affecting input tax credit claims

4. Intellectual Property Ownership Issues

A company’s intellectual property may represent a significant portion of its value, particularly for startups and technology-driven businesses. Ensure that trademarks, copyrights, patents, software code, and other intellectual property assets are properly registered and legally owned by the business.

Red Flag Indicators:

  • Unregistered trademarks or patents
  • Intellectual property registered in a founder’s personal name
  • Missing IP assignment agreements
  • Ongoing intellectual property disputes
  • Lack of protection for key brand assets

Review transactions involving promoters, directors, shareholders, group companies, and related entities. Excessive or poorly documented related-party transactions may distort the company’s financial position and raise governance concerns.

Red Flag Indicators:

  • Large transactions with promoter-owned entities
  • Non-arm’s-length pricing arrangements
  • Undisclosed loans or advances to related parties
  • Dependence on related entities for revenue or procurement
  • Missing approvals for related-party transactions

6. FEMA and Foreign Investment Non-Compliance

For companies that have received foreign investment or conduct cross-border transactions, compliance with the Foreign Exchange Management Act (FEMA) is critical. Non-compliance may attract penalties and regulatory scrutiny.

Red Flag Indicators:

  • Delayed or non-filed FC-GPR or FC-TRS forms
  • Non-compliance with sectoral foreign investment limits
  • Improper valuation reports for share issuances or transfers
  • Missing RBI reporting requirements
  • Unauthorized overseas transactions

7. Ongoing Litigation and Regulatory Investigations

Pending litigation does not always prevent a transaction, but it can significantly affect valuation and future business operations. Assess the financial and operational impact of all ongoing disputes.

Red Flag Indicators:

  • High-value commercial disputes
  • Labour law proceedings
  • Consumer complaints and regulatory actions
  • Environmental compliance violations
  • Criminal proceedings involving promoters or key management personnel

8. Customer and Revenue Concentration Risk

A business that depends heavily on a single customer, supplier, or contract may face significant operational risk if that relationship ends.

Red Flag Indicators:

  • More than 40–50% of revenue from one customer
  • Heavy dependence on a single supplier
  • Short-term contracts with major customers
  • Declining customer retention rates

9. Data Privacy and Cybersecurity Risks

With increasing regulatory focus on data protection, businesses handling customer or employee data should maintain appropriate privacy and cybersecurity controls.

Red Flag Indicators:

  • Absence of data protection policies
  • Previous data breaches or security incidents
  • Lack of employee access controls
  • Non-compliance with applicable data protection requirements
  • Unlicensed software or outdated IT systems

Common Challenges While Managing Due Diligence (and How to Handle Them)

Due diligence handling isn’t everyone’s cup of tea. Even if you have the required educational background, there are certain expertise needed which come with years of practice. If not met, the following issues often arise:

a. Limited access to information: Sellers may hold back sensitive data due to confidentiality or uneven finances. 

Solution: Sign a confidentiality agreement and request only what the review needs.

b. Time pressure: The process to follow through every step of due diligence can be slow. 

Solution: Prioritize high-risk areas and run workstreams in parallel with a team.

c. Complex regulations: Some compliance issues are hard to interpret. 

Solution: Involve professionals who specialise in compliance due diligence.

d. Inconsistent financial records: Poorly kept books slow everything down. 

Solution: Engage forensic accountants or third-party auditors to verify the numbers.

A due diligence checklist turns a risky leap into an informed decision. It does not make any transaction risk-free, as no review can, but it makes most risks visible before you commit.

Need help running due diligence on a business? RegisterKaro connects you with chartered accountants and legal professionals who can carry out financial, legal, and compliance checks for your transaction. Contact us today to scope the right review for your deal.