Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
Buying an existing business can be an exciting shortcut to revenue, customers, systems and staff. But it can also be one of the fastest ways to inherit someone else’s problems if you don’t do proper checks before you sign.
That’s where a due diligence checklist for buying a business comes in. Due diligence is the process of verifying what you’re buying (and what risks come with it), so you can make a confident decision, negotiate the right price, and put protections into your sale documents.
Below is a practical, NZ-focused due diligence checklist designed for small businesses, founders and growing teams. Think of it as the key legal steps you’ll want to tick off before you commit to the deal.
What Is Due Diligence When Buying A Business (And Why It Matters)?
Due diligence is essentially “trust, but verify”. The seller will usually provide information about the business, but it’s your job as the buyer to confirm the facts and understand what you’re taking on.
In a typical SME or startup acquisition, due diligence helps you:
- Confirm what you’re actually buying (assets, goodwill, IP, customer lists, stock, equipment, leases, online accounts).
- Identify deal-breakers early (unpayable debt, an expiring lease, regulatory breaches, disputed IP ownership).
- Price the risk properly (you might renegotiate price, payment terms, holdbacks, or vendor warranties).
- Draft better sale protections (conditions precedent, warranties, indemnities, restraints, and settlement adjustments).
In NZ, due diligence often sits alongside (and feeds into) the Asset Sale Agreement or share sale documents. If you find issues during due diligence, you can either walk away (if your deal is conditional) or negotiate stronger terms.
If you’re unsure where to start, the safest approach is to treat due diligence as a structured checklist rather than an informal “look around” process.
Step 1: Get Clear On The Deal Structure (Asset Sale Vs Share Sale)
Before you even start collecting documents, you need to confirm what kind of transaction you’re doing, because the due diligence focus changes depending on the structure.
Buying Assets (Asset Sale)
In an asset sale, you buy specific business assets (and usually goodwill). While an asset sale can help you avoid taking on some liabilities by default, the final risk profile depends on what the contract says you’re assuming, and what liabilities may still affect the business operations after completion.
Even in an asset sale, you still need to check key liabilities and exposures that can “follow the business”, such as:
- leases and guarantees tied to the premises
- employee transfer and entitlements issues (which can vary depending on whether staff are taken on, what you agree in the sale documents, and whether any special employment transfer rules apply)
- customer refunds/complaints exposure
- tax risks and hidden debts affecting stock, equipment, or supplier relationships
Buying Shares (Share Sale)
In a share sale, you buy the company itself (by purchasing shares). The company continues to own its assets and remains responsible for its existing liabilities - which means those liabilities can still affect the value of what you’re buying, even if they don’t show up clearly day-to-day.
This is why share-sale due diligence is usually deeper. You’ll want to scrutinise:
- historic contracts and compliance
- any pending disputes
- director/shareholder decisions
- tax filings and company governance
If you’re doing a share deal, it’s common to have a clear process for how to transfer shares and to understand whether the company’s internal rules (like a constitution and shareholder arrangements) affect the sale.
Practical tip: If you’re not sure which structure makes sense for your risk profile, this is a great point to get legal advice early. The “right” structure depends on what you’re buying, the liabilities you can tolerate, and how the business operates day-to-day.
Step 2: The Core Due Diligence Checklist (Legal Documents You Should Review)
When people search for a due diligence checklist for buying a business, they’re usually looking for a concrete list of what to request and what to read. Here are the key legal buckets to work through.
1) Business Sale Documents And The Deal Terms
- Heads of agreement / term sheet (if any)
- draft sale and purchase agreement (asset or share)
- settlement requirements and completion checklist
- any vendor finance terms (if the seller is funding part of the purchase)
You should understand what is included and excluded, how adjustments work (stock, work-in-progress, deposits, prepaid expenses), and what happens if something is wrong after settlement.
2) Ownership Of Key Assets (Including IP And Digital Assets)
Make sure the seller can actually sell what they say they’re selling. This often includes:
- equipment lists and proof of ownership (and whether anything is leased/financed)
- stock ownership and stock valuation method
- domain names, websites, social media accounts, software licences
- trade marks, brand names and logos (and whether they’re registered or owned personally)
- copyright in content (website copy, photography, designs, code)
If the value of the business is heavily tied to branding, software, or content, don’t treat IP as an afterthought. You may need an IP assignment or licence documented properly as part of the sale.
3) Material Contracts (Customers, Suppliers, Partners)
Ask for the key contracts that keep the business running. Common examples include:
- supplier agreements and distribution terms
- major customer contracts (especially recurring revenue)
- affiliate or referral arrangements
- software/SaaS subscriptions and third-party platforms
- standard customer terms and conditions
What you’re checking for:
- change-of-control clauses (the contract may terminate or require consent if the business is sold)
- exclusivity (limits the business from using alternative suppliers)
- termination rights (can key customers leave easily after you buy?)
- liability and indemnities (are there uncapped risks?)
4) Premises: Lease, Assignment, Outgoings And Fit-Out
If the business operates from physical premises, the lease can be one of the biggest deal factors.
- commercial lease document (including any variations)
- options to renew and notice dates
- rent review clauses and outgoings
- make-good obligations at the end of the lease
- requirements for landlord consent and Deed of Assignment of Lease (or a new lease)
A lease that looks “fine” at a glance can still be a problem if there’s a looming rent review, no renewal rights, or expensive make-good obligations. Getting the lease reviewed before settlement is usually time and money well spent.
5) Employment: Staff, Contractors And Transfer Issues
If staff are staying on, you’re not just buying a business - you’re buying a team, payroll obligations, and operational knowledge.
Request and review:
- list of employees, roles, hours, and remuneration
- copies of Employment Contract documents and any variations
- contractor agreements (and whether contractors might be “employees” in disguise)
- leave balances and any disputed entitlements
- commission/bonus arrangements
- restraint/confidentiality terms for key staff
You should also check whether any employees are on work visas, whether there are active performance issues, and whether there are workplace investigations or complaints on foot.
Why this matters: staffing issues can become expensive quickly, and employee entitlements can impact your settlement adjustments and cashflow from day one.
6) Privacy And Customer Data
If the business collects customer data (emails, delivery addresses, health info, payment details, loyalty memberships), you’ll need to understand how that data is collected, stored, and transferred.
Under the Privacy Act 2020, you generally need to handle personal information in a transparent, secure way. During due diligence, check:
- what personal information is held and why
- where it is stored (CRM, spreadsheets, email platforms, cloud tools)
- who has access
- whether there is a Privacy Policy and whether it matches actual practices
- whether the business has had any privacy incidents or complaints
Data is often a key asset in SMEs - but it’s also a key compliance risk if it hasn’t been handled properly.
Step 3: Financial, Tax And Liability Checks (The Stuff That Can Hurt Later)
Legal due diligence isn’t only about reading contracts. It’s about understanding liabilities that could affect the price you pay and the risk you inherit.
While your accountant will typically take the lead on financial and tax due diligence, you should still understand the major risk areas and how they connect to the sale agreement. (This article is general information only and isn’t financial or tax advice.)
Financial Information To Request
- financial statements for the last 2–3 years
- management accounts (recent months/quarter)
- cashflow reports and forecasts (if available)
- major debtors/creditors listing
- details of any loans, securities, guarantees, or hire purchase arrangements
Tax And Compliance Checks
- GST filings and whether GST is included in the purchase price
- PAYE and payroll compliance (if the business has employees)
- income tax filings and any IRD disputes
- confirmation of any tax arrears or payment plans
In practice, tax issues often show up in the “warranties” section of a sale agreement, where the seller promises there are no undisclosed liabilities. If something is off during due diligence, that’s your signal to negotiate stronger protections (or reconsider the deal).
Disputes, Claims And “Hidden Problems”
Ask about (and request evidence of):
- current or threatened disputes with customers, suppliers, employees, contractors, or competitors
- insurance claims history
- product or service complaints, refunds, chargebacks
- any disputes involving misleading advertising or representations
Consumer-facing businesses should be particularly careful about compliance with the Fair Trading Act 1986 (misleading conduct, false representations) and the Consumer Guarantees Act 1993 (consumer rights around faulty goods/services).
It’s not about expecting perfection - it’s about knowing what you’re walking into and making sure the contract reflects it.
Step 4: Regulatory And Operational Compliance Checks (Industry-Specific Risks)
This is the section many buyers skip because it feels “too hard” or too detailed. But regulatory non-compliance can quickly become your problem after settlement - especially if you’re buying a business in a regulated industry.
Your compliance checklist will depend on the type of business, but here are common areas to check:
Licences, Permits And Registrations
- any required local council approvals or consents
- industry licences (where applicable)
- food-related registrations and processes (if relevant)
- alcohol licensing status (if relevant)
If you’re buying a business where licensing is essential to operate, you should confirm:
- the licence is current
- it can be transferred, or you can apply in time
- there are no outstanding compliance issues that put renewal at risk
Health And Safety Systems
Under the Health and Safety at Work Act 2015, businesses have duties to ensure (so far as is reasonably practicable) the health and safety of workers and others.
During due diligence, request:
- health and safety policies and procedures
- incident and hazard registers
- training records
- any WorkSafe correspondence (if any)
Even for a small business, strong safety systems can be a sign of good management. Weak systems can indicate bigger operational issues.
Online Business And E-Commerce Compliance
If the business sells online, you’ll want to review website and sales practices. This can include:
- online terms and conditions
- refunds/returns policies
- subscription billing practices (if relevant)
- email marketing compliance and consent practices
These aren’t just “nice-to-haves”. Poorly drafted website terms can lead to disputes, chargebacks, and consumer complaints, especially when the business scales.
Step 5: Turn Due Diligence Findings Into Contract Protections
Due diligence isn’t only about finding problems - it’s about deciding what to do with what you find.
Once you’ve reviewed documents and identified risks, the next step is to reflect that in the deal terms. Common legal tools include:
Conditions (So You Don’t Get Locked In Too Early)
You may want the sale to be conditional on things like:
- finance approval
- landlord consent to lease assignment
- third-party contract consents
- satisfactory due diligence (broad or specific)
This is where understanding what an unconditional contract means is critical. If you go unconditional too early, your ability to walk away or renegotiate can be severely limited.
Warranties (Promises About The Business)
Warranties are statements the seller makes about the business (for example, that financial statements are accurate, there are no undisclosed liabilities, employees are correctly paid, and IP is owned by the business).
If a warranty turns out to be false, you may have a claim - but only if the agreement is drafted properly and the warranty is clear.
Indemnities (Who Pays If A Specific Risk Happens)
Indemnities are often used when there is a known risk discovered during due diligence, such as a particular dispute or a tax issue, and you want the seller to cover that exposure.
Restraints And Transition Support
For many SMEs, the “value” you’re buying is goodwill and relationships. It’s common to include:
- restraint of trade clauses (so the seller doesn’t open up next door)
- handover support obligations (training, introductions, system access)
- assignment of key accounts and logins
One simple rule: if a risk matters enough to worry you during due diligence, it matters enough to address in writing.
Key Takeaways
- A proper due diligence checklist for buying a business helps you confirm what you’re buying, uncover liabilities, and negotiate safer sale terms before you sign.
- Start by clarifying whether the deal is an asset sale or share sale, because your legal risk (and your due diligence focus) changes significantly.
- Your due diligence should cover ownership of assets and IP, key customer and supplier contracts, premises and lease terms, employee arrangements, and how customer data is handled under the Privacy Act 2020.
- Don’t overlook financial, tax and dispute checks - hidden liabilities can directly impact purchase price, settlement adjustments, and your cashflow after takeover.
- Industry-specific compliance (licences, health and safety, online selling rules) can be the difference between a smooth transition and a costly operational shutdown.
- Use what you find in due diligence to negotiate conditions, warranties, indemnities, restraints, and practical handover obligations in the sale documents.
If you’d like help with due diligence, reviewing a sale agreement, or making sure you’re protected from day one, you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.
