January 26, 2024

The 7 Most Common Legal Mistakes Startups Make During the Investor Due Diligence


Imagine you're an excited startup founder, working hard to get your big idea off the ground. After many pitches and months of non-stop fundraising, you finally receive the email you've been waiting for: a VC investor wants to back your business! You can almost taste the success. But then, during the careful checks that come next, a big problem shows up. You can't prove that all the intellectual property (designs, code) created by the freelancers actually belongs to you. Suddenly, that dream of success feels a lot further away...

It may seem like a fictional story, but it's actually based on true events. Many founders underestimate the importance of the early steps they take and how it might influence the future due diligence processes with investors.

In this guide, we're going to talk about the 7 most common mistakes startups make before beginning their investor due diligence. These mistakes can prolong due diligence by weeks or even months (which can cost your startup a lot in those early stages). Even more concerning is that sometimes these mistakes prevent founders from receiving investment. Each mistake can be avoided and rectified, and at the end of the article, you’ll find a checklist of legal documents that founders should prepare, in advance of investor due diligence.

All the information in this article is based on actual practice and on the cases we have worked on at Legal Nodes while helping startups in multiple markets and fundraising stages pass the investor due diligence process.

Please note, everything contained in this article is for informational purposes only and is not to be considered as legal advice or legal opinion.

This article is brought to you by the Legal Nodes team. Legal Nodes is a legal platform that helps businesses create global legal structures and stay compliant with regulations as they grow. We’ve helped many startups like Datrics, Finmap and Inputsoft with legal structuring and due diligence support. Speak to us to get started

Top 7 mistakes startup founders make during the due diligence

All the mistakes we're going to cover in this guide are related to specific events during the startup’s journey.

Key events during the startup development and common legal mistakes that happen

Your startup may have already passed through some of these stages and made some of these mistakes. Now, as you face due diligence you’re going to have to rectify these errors. In fact, the most common scenario is that the investor will ask founders to fix these mistakes as soon as possible and provide all the necessary legal documents to prove everything is in order.

Before we dive into how to fix all these common mistakes, let's take a quick look at why VC funds will require all these matters to be sorted before they sign the deal.

How the VC business model works and why they need due diligence

The image below shows a simplified version of the VC business model. The goal is to maximize the chance of return on investments at every stage and minimize the risks of failing. Due diligence is aimed at identification and minimization of those risks.

VC business model and their due diligence

During the investment stage, common risks include losing investments due to company collapse, dilution of shares, founder conflicts, potential fines, claims, and lawsuits.

During the growth stage (if all the previous risks were mitigated), the main legal risk is posed by regulatory restrictions on the company's business model. This is particularly relevant for companies operating in highly regulated industries such as finance, healthcare, crypto, social discovery, and AI technologies. For example, an AI company’s system might be considered prohibited under the upcoming EU AI Act.

At the exit stage, the key risk is anything that can limit the cash-out opportunity for the investor. VC funds usually have their own investors, or limited partners, to whom they report on investments made and probability of returns and cash-outs. 

Investors try to mitigate all these possible risks mainly during the due diligence stage, and this is why it's so important to them.

Now that you’ve got a clearer perspective on what motivates your investor to invest in a venture, we can better understand why the due diligence process is so important to VCs. With this in mind, let's go through the most common mistakes and figure out how to avoid them.

How to avoid the most common due diligence mistakes

Mistake #1: unissued founders’ shares

How to fix it: have an up-to-date Stock Ledger (cap table), Founders Agreement, and keep all the Minutes in place.

Any startup is a venture. Often, the early agreements between the founders about their shares in the business are only verbal. If this is the case, it brings many risks for investors:

  • If a conflict between founders happens it may lead to the company's collapse. Doesn’t seem likely? Well, the data backs this up: around 65% of startups fail due to founders’ conflicts.
  • If there are unissued or under issued shares for any of the founders this presents problems with the startup’s capitalization table. If investors see any differences between the company documents and the cap table, it becomes a big red flag for the due diligence process.

In order to mitigate these risks, your startup should have in place and up-to-date the following items:

  • Stock Ledger (or cap table). This document contains information about all the shareholders of the company and their share details.
  • Minutes. These are various internal documents that have approved all the events related to important business decisions and shares. For example, if the startup has issued shares for a new co-founder, this event should be confirmed in detail by a Board resolution. Or if shares have been transferred from one person to another, there should also be a corresponding resolution.
  • Founders (or Shareholders) Agreement. This agreement is a more detailed document that outlines the relations between the founders, voting and decisions-making process, and the resolutions of different conflict scenarios (like “good leaver, bad leaver” clauses).

Mistake #2: the first angel investments were attracted on not-founder friendly terms

How to fix it: study the documents signed with angel investors carefully to detect if you have any provisions which allow the angel investors to request preferences during future rounds and control the business decisions, including when attracting new investors.

Angel investments are usually provided via standard convertible instruments, such as SAFEs, convertible loan agreements etc. However, it is important to check these documents to see that there are no unusual preferences requested by the investor. Examples to be wary of: discounts on future rounds that are not market standard, obligations of the founders to get approval from the investor on the future investors, required board seats, any possible transfers of founders’ shares to the angel investor if any trigger events happen.

It is vital to prevent your early investment from getting in the way of your dream round. Thus, make sure you do not have any uncommon (or disadvantageous) obligations. If you do, these will be a red flag to your new qualified investor. The investor will be reluctant to invest if they see that they need to negotiate on your behalf with a problematic angel to make the next round happen. It is also worth checking all of your investors out, at the very least via a quick Google search. You want to be sure that they have no connections with fraudulent or illegal activities, or any organizations that might be engaged in such behavior. Be careful, because their poor reputation will become yours.  

Mistake #3: unsigned options with employees and advisors

How to fix it: maintain an up-to-date Stock Ledger (cap table) with the option holders' data, sign stock option agreements with all the employees to whom you have promised options before the due diligence, and keep the company valuation up-to-date.

When founders receive a due diligence questionnaire from investors, there is always a question about employee stock options. However, if you have stated that you promised your key employees options and reflected this in the cap table, but there are no stock option plans and stock option agreements in place, that's a red flag for investors. And most certainly, you can expect investors to ask founders to fix this as soon as possible.

So, what's the best way to avoid falling into this scenario?

  • Keep your Stock Ledger up-to-date AND include all the people with options in your cap table. Why is this important? First, besides the legal formalities, it is important for investors to understand whether you will need to make additional share issuance for option pools. Any additional issuance will dilute the shares of existing shareholders (a situation the investors want to avoid for themselves). Second, investors also want to be sure that the team will stay motivated to work on the project. This is why signing all the stock option agreements with key members of the team is needed prior to the due diligence. Even if there are no options promised to the employees yet, the investors usually appreciate it if a certain amount of shares (about 7 –10%) is reserved for this purpose.
  • Keep your options valuation up-to-date. This is a valuation that is conducted by external parties during any significant events like raising new investment rounds. Why is an up-to-date valuation important? First, your employees may wonder about the actual value of their shares according to options at any given time. Second, when you start hiring employees in the country of your company registration (which, for many tech startups, is the US) and offer them options, they will have the obligation to report to local tax authorities about the value gain of their shares. The more global your company becomes, and the more diverse your team becomes, the more important it is to have an up-to-date company valuation.
Startup employee before and after exit meme

Mistake #4: vital intellectual property doesn’t belong to the company

How to fix it: register domains, TMs, patents and inventions in the company’s name, not in the names of separate founders. 

Investors want to be sure that all the value generated by the business’ IP belongs to the company. Even if you’ve registered your domain or TM in your name before you had your company incorporated, it is rather simple to transfer them to the business via the hosting or patent attorney respectively. It is also important to reflect the funds you invest as a founder in your company via IP contribution agreement. This will confirm your commitment and ensure that the business has no outstanding liabilities towards the founders. 

The investors’ goal is to avoid any cases like TWG Tea. Their domain name was registered by one of the co-founders in 2007. But in 2012, when he left the company due to internal conflict, it turned out that the domain name belonged to him personally, and not to the company. Yikes. The story became a lengthy court case, and only in 2019–7 years later! – did the court rule that the domain name should be transferred to the company. Definitely a case that could have been avoided if there was a domain transfer agreement in place.  

Mistake #5: intellectual property created for the company is not protected

How to fix it: ensure that ALL intellectual property is transferred to the company by signing IP assignment agreements and other supporting documents with all contributors to the project.

It is a common occurrence during the intense product development process for startup founders to forget to sign the necessary agreements with all contractors and consultants hired to do the job.

During the due diligence, investors will always inquire about the agreements for the transfer of intellectual property of all the components of the product: codebase, designs, texts, etc. If these agreements were not in place, it’s a red flag. If any past employees or contractors decided to sue the company, the investors’ stake would be at risk.

Let us take a moment to remember the Project Genom game. Long story short, the game was removed from the Steam store after one of the developers filed a DMCA claim for their intellectual property being used in the game. The company developing the game did not sign any IP transfer agreement with the developer. After the two parted ways on not-so-friendly-terms, the developer filed a lawful claim. Again, another situation that could have easily been avoided.

Mistake #6: tax reports not filed

How to fix it: obtain early consultations on tax reporting for your new company to understand your reporting periods and obligations. After filing the reports, keep all the documents to share with investors during due diligence.

Another common mistake founders make during the first year of company operation is forgetting to file tax reports on the first income. Even if the company hasn't received any income in the first year, they should still file a "zero-income" report with tax authorities. In some countries and states (such as Delaware), there's also a franchise tax that should be paid regardless of whether the company has had any income. If investor due diligence uncovers that reports haven't been filed correctly, it will be another red flag and will prolong the process. Warranties and representations requested by investors on the tax part are usually the harshest in investment agreements, because the fines are rather high, and issues with tax authorities affect reputation and good standing significantly.

There's no easy fix if reports haven't been filed on time or haven’t been filed at all, and penalties will have to be paid if there are any. Therefore, our general recommendation is to obtain tax and accounting consultations right after registering the company to understand tax reporting obligations and the timeline for filing reports. 

IRS be like I will hunt you down and take half of this money meme

Mistake #7: no regulatory policies and processes in place

How to fix it: prepare Privacy and Cookie policies, consider other privacy measures that might be relevant in your case (internal policies, Data Protection Officers, etc.), make sure you have all required licenses and permits, AML, KYC policies.

Data protection will definitely be on the list of the due diligence questionnaire that startup founders usually receive from investors. They want to be sure that you have all the necessary processes and policies in place to protect your customers' data and comply with global data protection regulations like GDPR and CCPA.This is especially the case if your startup will operate in the EU market. If you're targeting a global market, you're going to be operating in the EU by default. There are a few reasons why investors will be adamant on ensuring you have the right regulatory policies and processes in place:

  • If your company gets fined by European data authorities for not complying with GDPR, it can cause both financial and reputational harm.
  • Having the right policies and processes will minimize the risks of data breaches and set you up to work more seamlessly with B2B clients.

With this in mind, expect investors to ask:

  • How do you collect and process personal data?
  • Where do you store customer data?
  • What data protection measures do you have in place?
  • Do you have Privacy and Cookie policies, and do they reflect the way you handle personal data of your customers?

It will be also extremely important for investors that your company and business model do not violate any applicable regulations in the operational jurisdictions. If your startup doesn’t hold the required permits, then the company license and good standing might be suspended. This is especially likely if you work in finance, healthcare or other sensitive market areas. 

As for the KYC and AML policies and regulations, these will help you to be in compliance with anti-corruption laws, anti-bribery laws and sanctions regulations. These procedures, if implemented, will ensure that your company isn’t listed in any risky databases, which are automatically checked by potential investors and big partners. 

Make sure you come prepared for these questions and think in advance about privacy compliance measures that might be relevant in your case. The rule of thumb is that the more data you process (or the more sensitive it is), the more important it is to get compliance measures right in the early stages of your startup.

On the Legal Nodes platform, you can find all the legal and privacy services mentioned in this article in different use cases, such as fundraising preparation and product launching.

Legal Nodes also offers privacy-related products, such as GDPR packages, DPO subscriptions, and UK representative subscriptions, to help startups comply with privacy regulations from the ground up and do so in an affordable way.

Investor due diligence checklist of legal documentation

Based on our practice and due diligence processes we have prepared a checklist that should help startup founders prepare for a successful due diligence process.

Please note that this checklist (as well as this guide) focuses only on the legal part of the due diligence. Investors will also ask for other business-related materials, such as a business plan, P&L sheet, and sales and marketing materials. To simplify the guide, we won't cover these documents here.

Investor legal due diligence checklist

  • Company registration documents (Certificate of Incorporation, Statement of Incorporation, Bylaws, etc.) and list of affiliated companies
  • Company cap table (or a Stock Ledger)
  • Contracts with founders, employees, investors, and advisors
  • Tax reports (if the company is over one year old)
  • IP transfer agreements and list of patents, TMs, copyrights
  • Customer contracts (if the contract value is over $10,000)
  • Compliance matters (licenses, personal data policies, etc.)
  • List of lawsuits initiated by and against the company

All these items listed above should be added to a Company data room. This is a single place, often a GDrive or other secure virtual file storage point, containing all the documents.

Legal due diligence checklist for startups

How Legal Nodes helps founders with due diligence

Legal Nodes is a legal platform that helps founders solve cross-border legal tasks and fundraise  with confidence. We have already helped many startups structure their global fundraising and due diligence tasks in a single place: via the platform.

When you prepare for due diligence with Legal Nodes, you will:

  • Get access to a Virtual Legal Officer who manages all communication with lawyers and oversees management of your global tasks for you.
  • Get access to many document templates, such as IP assignment agreements, all available upon request via your Virtual Legal Officer. These documents are crafted using the latest best practices and will help you prepare for due diligence.
  • Handover the searching and hiring of legal professionals like CPA consultants to Legal Nodes. We have a network of 60+ service providers in 20+ tech-friendly countries that work at predetermined prices with us. This way, you can estimate legal costs before any projects begin and have access to all the expertise needed to launch and grow a startup.

To get started, fill out a form on our website, tell us about your request, and we'll get back to you with the next steps.

​​FAQs about startup due diligence

What is legal due diligence in startups?

Legal due diligence in startups is the process of reviewing and verifying a startup's legal and financial information to identify any risks or potential liabilities before an investor makes an investment.

Why is due diligence important for startups?

Due diligence is important for startups because it helps investors understand the risks associated with investing in a particular startup and ensures that the startup has all the necessary legal and financial information in order.

What is the main objective of due diligence?

The main objective of due diligence is to ensure that the startup has no legal or financial surprises that could significantly impact the investor's return on investment.

How long does due diligence take?

The length of due diligence can vary depending on the complexity of the startup and the diligence of the investor, but it typically takes several weeks to several months to complete.

This article was prepared by the Legal Nodes team with the contribution of startup legal expert, Daria Kurishko.

Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice.

Prepare your startup for the due diligence

Get started

Explore popular resources