Prasenjit Chakravarti
Hi everyone, I’m Prasenjit Chakravarti, M&A and Corporate partner at Khaitan & Co. In today’s episode, we’re discussing something that doesn’t often make headlines — but often decides the headline valuation in deals. Joining me is my colleague and friend, Harsh Walia, Partner in our Data Privacy and TMT practice.
Harsh Walia
Thanks, Prasenjit. Great to be here.
And you're absolutely right. The idea that “compliance pays” is no longer theoretical. It’s tangible, and we see it getting priced into transactions every day. Today, especially in cross-border deals, investors are scrutinising companies more closely than ever before on both legal hygiene and digital infrastructure. We’ve seen several instances of deals where a company with a clean compliance history — which means clear IP ownership, updated filings, proper employment contracts, was valued nearly 15–20% higher than a peer with strong financials but messy documentation. It’s not just about avoiding penalties anymore. A company that is compliance-ready signals maturity, credibility, and execution discipline. These are all traits that investors reward.
Prasenjit Chakravarti
Completely echo your thoughts, Harsh. In fact, I recall a transaction where a mid-sized SaaS business was up for a strategic acquisition. On paper, everything looked great. The company showed strong revenues, had a recurring customer base and a great product-market fit. But during the pre-investment diligence phase, the buyer discovered that the company had not properly documented ESOPs for close to 30% of its team. Some grant letters were unsigned, and others were inconsistent with the board resolutions. What did that trigger? A request for an escrow of 10% of the purchase price and a demand for warranties backed by personal guarantees. That pushed negotiations back by six weeks. And eventually, the seller had to agree to a lower upfront payout.
Incidents like these aren’t isolated. In another case, a company had used inter-company loans for intra-group cash flow. Now this is completely legal, but they hadn’t papered them properly. That alone caused a three-month delay in closing a cross-border transaction.
Harsh Walia
Yes absolutely. And while legal hygiene is one half of the equation, digital hygiene is fast becoming the other half.
Investors are asking very different questions now. For example, where is customer data hosted? Are cloud contracts watertight? Have proper consents been taken under the latest data protection laws? Is cyber risk insurance aligned with threat profiles?
Let me explain these with an example. We advised a European acquirer on a consumer tech deal. The target had 12 million users but no granular consent logs or audit trails. From a user standpoint, everything looked fine. But the acquirer flagged a class-action exposure in Europe and cut down the valuation by close to 60 crores Indian rupees.
In another fintech transaction, the seller couldn’t confirm whether critical user data was being stored in India or backed up overseas. And this was after the Indian Digital Personal Data Protection Act was enacted. It almost killed the deal.
Prasenjit Chakravarti
And this is where many founders go wrong. They think that they will be able to fix any loose ends during the diligence process. But most seasoned buyers don’t want to fix issues post-signing. They want sellers to walk in with clean documentation.
Given the potential pitfalls, companies should ideally start preparing anywhere between 6 to 12 months before a transaction. Think of it like training for a marathon. You can’t start conditioning your body on race day.
Harsh Walia
Couldn’t agree more. Compliance should not be an afterthought but should be considered as a core enterprise risk and value issue. On the digital side, this means mapping data flows, understanding third-party dependencies and setting up robust incident response protocols.
I remember one deal in the edtech space where the target had outsourced its customer analytics to a third-party SaaS provider. This was great in theory but the provider was routing user data through multiple jurisdictions without any proper data transfer assessment. That was a major cause of concern with the buyer’s global compliance team. Eventually, they ringfenced the India operations and brought in new data handling protocols. But it was not without negotiating a lower base valuation and conditional earnouts tied to implementation of compliance milestones.
Prasenjit Chakravarti
And let’s also touch on something founders often ignore — internal governance.
A lot of young companies grow fast, scale teams, onboard investors. But they don’t pause to ensure that board resolutions, shareholder consents, and cap table updates are aligned and consistent. There was one transaction where a Series A investor had special veto rights on exit. However, the clause was inadvertently deleted in the most recent shareholder agreement. That led to a last-minute deadlock with the buyer and nearly derailed the exit.
These are avoidable issues. And they often cost time, money, and goodwill.
Harsh Walia
I would wrap up our conversation with an important takeaway. So, whether you're running a start-up or a large enterprise, it is absolutely crucial to think of legal and digital compliance as a growth enabler, and not a constraint.
Ultimately, it’s about building resilience and ensuring business operations can stand up to scrutiny at any stage. Founders must be investor-ready — not just pitch-deck ready. And in a market where buyers have options, the best prepared companies will always command a premium.
Prasenjit Chakravarti
Thanks, Harsh. That was a fitting end to our chat today. To our listeners — if you're planning to raise capital, are exploring acquisitions, or eyeing strategic partnerships, don’t wait for diligence to tell you what’s wrong.
Proactively investing in legal and digital hygiene is one of the most strategic business decisions you can make!
