Cross-border M&A looks clean on a teaser: a licensed entity, a bank account, a known regulator, and a buyer ready to close. In regulated industries, the real work starts when you translate that commercial intent into a transaction structure that survives change-of-control approvals, bank/PSP re-underwriting, and post-closing compliance continuity.
This article explains the legal structuring decisions that usually decide whether a regulated business sale closes smoothly or turns into months of renegotiation. If you are planning a sale or acquisition of a regulated business, working with specialists in international M&A consulting like Legasset Law Firm can help you map the regulatory and operational constraints early, before they become deal-breakers.
Why Regulated Business Sales Behave Differently
A normal operating company can often close with a standard share purchase agreement (SPA), a disclosure letter, and a funds flow. A regulated company carries a second layer of “invisible stakeholders” who can stop the deal or slow it down:
- the regulator assessing controllers, governance, fitness and propriety
- the bank or EMI reassessing risk appetite, UBOs, flows, and counterparties
- key vendors (core banking, PSP, KYC providers, platform providers) enforcing consent or termination rights
- auditors and compliance functions demanding evidence continuity
The purchase price and valuation matter, but regulated deals often fail on sequencing and evidence: who approves what, when, and based on which documentation.
The First Structuring Decision: Asset Sale or Share Sale
Most regulated licences are not “assets” you can freely transfer. The legal perimeter usually sits with the entity that holds the authorisation, meaning buyers typically prefer a share deal (acquiring the company) rather than an asset deal (buying customer lists, IP, or contracts).
Share Sale: Common Benefits and Hidden Risk
A share sale preserves the regulatory perimeter and the licence continuity. But it introduces a hard risk: controller change approvals and the buyer’s ability to pass prudential, AML, and governance scrutiny.
Typical pain points in share sales:
- unclear controller structure after closing (especially with layered holding companies)
- directors and key function holders not confirmed early
- historical compliance gaps that do not show in the teaser
- banking and vendor consents treated as “after closing” items
Asset Sale: When It Makes Sense
Asset sales can work when:
- the buyer wants technology, IP, or a team, but not the regulated permissions
- the existing licence is too burdened or not aligned to the buyer’s intended activity
- the buyer plans a fresh licence application and needs an operational jump-start
Asset sales still require careful structuring around data, customer transfers, and outsourcing, but they can reduce the “controller approval” dependency if the buyer is not acquiring the regulated entity.
The Second Structuring Decision: Signing vs Closing
In regulated deals, signing and closing are often separated.
- Signing: parties commit contractually, subject to conditions precedent
- Closing: shares transfer and the buyer takes control after conditions are met
This is not “legal over-engineering.” It is the simplest way to avoid a situation where:
- the buyer becomes the controller before approval, or
- the deal collapses after funds move because approvals were assumed rather than obtained
Conditions Precedent That Actually Matter
Common conditions precedent in regulated sales include:
- regulatory approval for change of control (or confirmation no approval is required)
- banking continuity confirmation (or replacement rails agreed)
- key vendor consents obtained (core banking, PSP, platform, KYC/AML tooling)
- governance set confirmed: directors, MLRO/compliance officer, local substance plan
- “no material adverse change” wording tailored to regulatory status and enforcement risk
A generic “subject to regulatory approvals” clause is not enough. It needs scope, timing logic, and evidence requirements.
Change of Control: Structuring Around the Approval Gate
Many regulators require prior notification or approval before someone acquires or increases control. If you are dealing with a UK-regulated firm, the FCA outlines (← NOFOLLOW) when firms must notify it for a change in control and how the process works. This type of framework exists in many jurisdictions, even if the forms and thresholds differ.
The deal implications are consistent across markets:
- approval timelines can be uncertain
- the regulator will assess the buyer’s suitability and governance plan
- incomplete submissions trigger stop-the-clock requests
- firms can’t safely “operate as usual” if governance is in limbo
Practical Tip: Treat the Change-of-Control Pack as a Mini-Prospectus
If the buyer treats regulatory submissions as an afterthought, the deal will drift. The strongest transactions treat the approval pack as a first-class workstream with a clear owner, timeline, and evidence folder.
A good pack usually includes:
- controller org chart and ownership narrative
- funding source documentation and rationale
- governance plan and biographies for key persons
- compliance and risk framework overview
- operational model: products, markets, outsourcing, client funds handling
Banking and PSP Continuity: The Deal’s Silent Condition
A regulated company can be “clean” legally and still become commercially unusable if the bank or payment partner exits post-change-of-control. In practice, a large share of deal risk sits here.
What Banks and PSPs Re-Underwrite After a Sale
After a controller change, banks often reassess:
- ultimate beneficial ownership and control
- transaction flows, jurisdictions, and customer types
- sanctions exposure and high-risk counterparties
- compliance evidence quality (not just policies)
This is why the best deals include a banking workstream in the SPA timeline, not as a post-closing surprise.
Deal Structuring Tactic: Split the Price Into “Control Achieved” and “Rails Stable”
A common pattern is:
- a portion paid at closing
- a holdback paid when banking is confirmed stable (or after a defined period)
- an additional earn-out tied to operational continuity milestones
This aligns incentives and prevents disputes about “the buyer didn’t do onboarding properly” vs “the seller misrepresented the real risk appetite.”
Transitional Services: Don’t Leave It Vague
Even in a “ready to operate” deal, buyers often need a transition period where the seller supports:
- regulator interactions
- banking relationship management
- vendor introductions and handovers
- operational runbooks and evidence transfer
A good transitional services clause is specific:
- who provides what
- response time SLAs
- what costs are included
- what is excluded
- how long the support lasts
The worst version is “seller to assist as reasonably required.” That’s where disagreements start.
Governance Continuity: Who Signs Off on Day Two
Regulators and banks care less about your SPA and more about who runs the business after closing. “We will appoint someone” is not a plan.
Roles That Must Be Decided Early
Depending on the regulated perimeter, buyers usually need clarity on:
- directors with relevant experience
- compliance officer / MLRO (where applicable)
- risk owner and reporting lines
- local substance and accountability structure
Practical Tip: Document the First 90 Days
A short “Day 1–90 plan” is one of the most useful deal documents in regulated M&A. It reduces friction with regulators, banks, and vendors because it shows operational intent, not just legal change.
Due Diligence in Regulated Sales
Standard DD is necessary. Regulated DD is different: you’re checking whether the business can pass scrutiny during and after a controller change.
What Buyers Should Request From Sellers
A practical request list typically includes:
- licence/authorisation proof and regulator correspondence
- corporate governance documents and key policies
- AML/CTF framework evidence (not just the policy file)
- audit reports, compliance reviews, and remediation trackers
- banking and PSP agreements plus recent onboarding or review history
- outsourcing register and vendor contracts
- complaints log, incident log, and any regulator notifications
Common DD Gaps That Turn Into Post-Closing Problems
- “paper compliance” without evidence logs
- unclear funds flow or safeguarding approach
- vendors without audit rights or log access
- mis-scoped permissions versus real product activity
- regulator interactions not disclosed because “it was informal”
A Simple Structuring Blueprint That Works
If you want a quick mental model, these steps are a solid starting point:
- Confirm whether you need regulatory approval and build the timeline around it
- Split signing and closing, using conditions precedent that are operationally specific
- Build the controller change pack early and treat it as a deliverable
- Run banking/PSP continuity as a parallel track with defined evidence requirements
- Use holdbacks tied to milestones that reflect real risk: approvals, rails, vendor consents
- Define transition support in detail, including what happens if delays occur
- Lock governance early and document the first 90 days of operations
This approach reduces “surprise risk,” which is the most expensive risk in regulated transactions.
Closing Note and Practical Next Step
If you are planning to acquire or sell a regulated business, the “legal structuring” phase is where you prevent most downstream failures. It is cheaper to build a realistic sequencing plan and evidence pack now than to renegotiate price, timelines, or liability after a regulator, bank, or vendor introduces a new condition.
