Standard corporate due diligence does not capture the regulatory risks specific to telecoms, payments and technology businesses. Authorisation conditions, spectrum obligations, numbering allocations, safeguarding requirements and compliance histories require sector-specialist analysis that generalist diligence teams cannot provide. Bratby Law delivers regulatory due diligence for investors, acquirers and transaction teams, producing decision-useful analysis that informs deal valuation, structuring and post-completion planning.

Who this is for

Regulatory due diligence is designed for transaction teams that need sector-specialist analysis of telecoms, payments or data protection regulatory risks. Typical clients include PE sponsors and their legal advisers conducting regulatory diligence on target businesses; corporate law firms leading acquisitions of operators, payment service providers or technology platforms; in-house M&A and legal teams at strategic acquirers; lenders needing regulatory risk assessments for financing decisions; and founders preparing vendor due diligence in advance of a sale process.

When sector diligence matters

Regulatory due diligence is needed when the target business holds Ofcom authorisations, numbering allocations, spectrum rights or other regulatory assets under the Communications Act 2003. When the target is a payment service provider or electronic money institution authorised or registered with the FCA under the Payment Services Regulations 2017 or Electronic Money Regulations 2011. When the target processes personal data at scale and compliance with UK GDPR and the Data Protection Act 2018 is material to deal value. When the transaction involves a change of control that triggers regulatory notification or approval requirements. When the business model depends on regulatory permissions that could be lost, restricted or made more onerous post-completion.

Scope of review

Our regulatory due diligence covers authorisation and licensing status, including the scope, conditions and currency of all regulatory permissions. Compliance history, including enforcement actions, complaints, regulatory correspondence and remediation programmes. Regulatory change exposure, including pending consultations, legislative programmes and policy developments that could affect the target’s business model. Post-completion obligations, including change-of-control notifications, licence transfers, numbering assignments and any conditions that attach to the transaction. Regulatory risk quantification, mapping identified issues to deal value, integration cost and timeline impact.

Outputs

Typical deliverables include a regulatory due diligence report covering all identified regulatory risks with severity and likelihood ratings; a regulatory risk matrix suitable for inclusion in the deal committee or investment committee papers; drafting input for regulatory warranties, indemnities and conditions precedent; a post-completion regulatory integration plan; and, for sell-side processes, vendor regulatory due diligence reports and management presentation input.

Integration with wider diligence

We work within the lead adviser’s diligence framework, contributing the regulatory workstream alongside financial, commercial, tax and legal diligence. Our reports are produced in the format the transaction team requires and are designed to integrate with the wider diligence package. We attend deal team calls, contribute to data room reviews, and provide real-time regulatory input as issues emerge during the diligence process. Rob Bratby has over 30 years’ experience spanning Oftel, COLT, international law firms, and current fractional GC appointments at UK Payments Initiative Limited, TelXL, Core and The One Touch Switching Company.

Why sector-specialist diligence

Generalist due diligence teams routinely miss regulatory risks in telecoms and payments targets because they do not know what to look for. A target may hold hundreds of Ofcom numbering allocations, each with specific conditions of use. A payments business may be operating under transitional provisions whose expiry creates a renewal or re-authorisation requirement. Spectrum rights may carry coverage obligations with financial penalties for non-compliance. These risks are invisible to a generalist review but can materially affect deal value and post-completion integration cost.

Sector-specialist diligence also produces more useful outputs. A generalist may produce a list of regulatory licences; a specialist will assess whether those licences cover the target’s current activities, whether there are permissions gaps, and how the regulatory framework is likely to evolve post-completion. This analysis is decision-useful for the investment committee or deal team in a way that a licence list is not.

For sell-side processes, specialist vendor due diligence reports demonstrate to buyers that the regulatory position has been professionally assessed, which can accelerate the transaction and reduce the scope for price adjustments based on perceived regulatory risk.

Related practice areas

For the telecoms regulatory framework, see Telecoms Regulation. For FCA and PSR authorisation and payments compliance, see Payments Regulation. For the full range of transactions, see Transactions.

Related engagement models

See also: Transactions Co-counsel for embedded regulatory support throughout the deal, and Regulatory Perimeter and Market Entry for post-acquisition authorisation questions. For an overview, see Direct Legal Advice.

Diligence across multiple regulatory regimes

Many targets operate across telecoms, payments and data protection simultaneously. A communications provider that also offers payment services, or a fintech that processes telecoms data, requires integrated diligence across multiple regulatory regimes. We provide this integrated assessment from a single team, which is more efficient and more consistent than instructing separate specialists for each regime. The integrated approach also identifies cross-regime risks that siloed reviews miss, such as the interaction between FCA conduct requirements and ICO data protection obligations, or the overlap between Ofcom security obligations and UK GDPR data breach notification requirements.

Frequently asked questions

Book a call

If your transaction needs sector-specialist regulatory diligence, contact us.