Fintech M&A showed strength in 2016, despite the wider global M&A market facing challenges as a result of political uncertainty. Total volume of Fintech deals, for example, was higher than any single year in the decade. With governments increasingly recognising the value of Fintech innovation and exponential growth in ‘hot’ subsectors such as Insurtech, we set out here our view of the fundamental legal issues underpinning a successful acquisition.

In our experience, three aspects make Fintech M&A distinctive: life cycle, business model and regulation.

While not relevant for every transaction, frequently the start-up life cycle is a major factor and discipline is crucial: there is a natural tension between innovation, agility and attention to key legal areas, to ensure the business is both robust and scalable. IP and data-rich business models are key to value creation, but any transaction in this sector must also be implemented in the context of a changing regulatory landscape.

Click here to view image.


1. FS regulation – Not all Fintech businesses carry on activities which require regulatory authorisation. Instead they may provide services to regulated entities. For some early stage Fintechs, the intended operating model may require permission that has yet to be secured – there will be a degree of risk associated with this that any buyer will need to assess. Some regulators have a ‘lite’ regulatory regime to allow start-ups to test innovations (e.g. the FCA and the Monetary Authority of Singapore regulatory “sandboxes”). These, however, offer limited exposure to potential clients of the Fintech and are an interim measure with the risk that the Fintech may fail to “graduate” with authorisation once it has passed through the sandbox.

Other key regulatory risks for Fintechs which any buyer will need to consider include the difficulty in ensuring technologies or processes will comply with regulatory requirements, the move towards strict liability for the users of financial technology (which may be applicable to the clients of the Fintech, such as, for instance, a regulated large financial institution which buys and uses the financial technology developed by the Fintech without undertaking proper due diligence or without properly understanding it), the risk that the law will change so that currently unregulated financial technology businesses become regulated or the law becomes stricter in its requirements, and the requirement to apply forthcoming regulation, such as the Fourth Anti-Money Laundering and Second Payment Services Directives, to Fintechs.

The UK’s withdrawal from the EU raises the risk that UK regulated Fintech businesses will lose the right to offer their services or establish branches in other EU Member States, without the need to become regulated in those Member States, under the so-called Single Financial Market Passports, which nine Directives, including the Payment Services Directive and the Markets in Financial Instruments Directives provide. The question for these businesses is whether they will still be able to provide services under a delegation from a regulated firm, which a UK business establishes in the Continuing-EU.

2. Regulatory change of control– If the target carries on regulated activities, one question is whether the parties to the transaction are ready and able to seek and obtain regulatory change of control consent. This can have a significant impact on timing depending on the jurisdiction and will require split exchange and completion – for example, FCA consent timescales can be up to 60 days. In addition, where the transaction will result in the buyer undertaking new regulated activities, its regulatory permissions may need to be reviewed. Contact and familiarity with regulators are important to expedite this process. If any personnel have individual regulatory approvals, and will be acting for another regulated business following the acquisition, this change will also need to be approved.

Valuation considerations

3. Valuation – A key issue a potential buyer needs to consider is how it calculates the price it is prepared to pay. In some instances, particularly with fairly early stage Fintechs where more standard valuation methodologies may not be appropriate (given the relative immaturity of the business), but there is a ‘buzz’ about the technology / product in question, interested parties may be prepared to pay a premium and are less likely to adhere to a strict valuation methodology. One mitigation against over-paying may be to make the price more explicitly linked to specific performance criteria based on information provided by the target during disclosure – if this turns out to be incorrect, potentially an adjustment can be made. Alternatively, deferred consideration mechanisms might be used.

4. Tax - Generous tax incentives can be available to businesses that develop new technology such as research and development tax credits and enhanced capital allowances. Fintech businesses looking for investment or sale opportunities will want to maximise these incentives to drive value, while buyers will want to ensure the benefit of such incentives are protected and carried into the new ownership. In addition, there are often generous tax reliefs and exemptions available to shareholders looking to exit such businesses (for example, participation exemptions such as SSE, exemptions for tax-incentivised investment structures such as EIS and reduced tax rates for entrepreneurs). Although highly beneficial, the conditions associated with these reliefs can be complex and shareholders considering exit options should give early consideration to their availability. 

Due diligence

5. IP rights and access to business critical data – Although many Fintechs need to operate in a lean and efficient manner if they are to survive their earlier years, future investment and/or sale of the business can be undermined during this period if key legal rights are not put on a sound footing. IP, data and software are central to the value of many Fintech businesses. Buyers and investors need to check that care has been taken to protect IP rights, secure future access to business-critical data, and ensure that use of third-party and open source code does not undermine the value of the company’s software.

6. Data protection – This is a central aspect of the due diligence for many Fintech acquisitions or investments. For instance, consideration will need to be given as to whether there have been any historical data protection breaches by the Fintech; whether appropriate consents (e.g. in Europe, to the GDPR standard – which is more prescribed than under the current European data protection regime) have been obtained to process the data; whether (in the absence of consent) alternative lawful reasons apply under the relevant data protection regime (e.g. GDPR) to justify the processing; whether fairness and transparency is satisfied; and how liability will be allocated between the buyer and seller (in particular bearing in mind any percentage of worldwide annual turnover fines that may be applicable e.g. under GDPR). A buyer may also be interested in whether the Fintech’s systems benefit from appropriate protection against cybercrime and the regulatory and reputational impact that may flow from any breach.


7. Warranty protection – Typically a Fintech will have been through multiple funding rounds and, as a result, may have a disparate investment base. Consideration needs to be given to who the sellers are, and whether they are able to provide recourse for warranty breaches – for example, individual shareholders and VC investors may be averse to providing warranty protection. There are a range of alternative options available to mitigate this issue (e.g. deferred consideration, escrow arrangements or W&I insurance).

8. Management – Where management will continue with the business post-acquisition, are they incentivised to continue to deliver value for the buyer, for example through earn-outs, equity roll-over, new service agreements or other more tax-efficient incentives (i.e. EMI)? Any such incentives will need to be aligned not only with the buyer’s internal policies, but also with legal and regulatory requirements. A smaller Fintech business which is integrated post-sale into a buyer’s regulated business may become subject to more stringent remuneration regulation (e.g. remuneration codes requiring that effective risk management is not undermined can impose mandatory deferral on incentives and clawback requirements). Badly structured integration can weaken incentives e.g. if revenue is the measure, decisions taken elsewhere in the buyer’s business (e.g. around allocation of resource) can serve as an impediment to target revenue growth. The impact of Brexit on the location of the Fintech and access to talent will also need to be assessed by the buyer.

Pre-sale reorganisation

9. Structuring – Many Fintech targets have relatively complex shareholder structures, deriving from earlier rounds of fundraising (via friends and family, high net worth individuals, angel investors etc.). Such structures can often have multiple share classes and verification of title may be more complicated. Drag rights or squeeze out mechanisms may need to be triggered to obtain 100% control, if that is the desired outcome.

Post-acquisition integration

10.Culture clash – If the buyer plans to integrate the target into its business, what is the degree of similarity/difference in their respective organisational culture? A typical example would be an agile founder-owned Fintech business and a large, traditional FS company (e.g. a major bank). Options could include reduced, or staged integration; or integration with a subsidiary of the buyer where the culture gap is less pronounced – a number of major FS organisations now have their own Fintech-focused subsidiaries.