SMB acquisitions in the $5M–$50M range fail for predictable reasons. The price almost never kills them — most buyers are willing to flex on price if the underlying business is what was advertised. The deal-killer is almost always something the diligence didn't catch in time: a customer concentration nobody asked about, a key employee who's quietly planning to leave, a software license that doesn't transfer with the asset sale.
After 12 years of running diligence on SMB transactions, I've grouped the common deal-killers into six categories. Get all six right and the deal usually closes. Miss one badly and the deal either dies or closes on terms that nobody likes a year later.
Bucket 1: Financial diligence
The standard book. Three things matter more than the rest:
- Quality of earnings (QoE). Engage a QoE provider to validate the EBITDA the seller is presenting. SMB sellers routinely classify owner perquisites, family payroll, and one-time benefits as recurring operating expenses they're adding back. A QoE on a $4M EBITDA SMB usually adjusts by $200k–$800k in either direction.
- Working capital normalization. Most LOIs include a working capital target. Most sellers under-fund the target. Specify the target as a trailing 12-month average, not point-in-time, and audit the components (AR aging, prepaid expenses, inventory obsolescence) line by line.
- Customer concentration. If a single customer is more than 15% of revenue, the deal valuation should adjust. If it's more than 30%, the deal becomes a different transaction (you're buying a contract, not a business).
Common deal-killer: discovering 8 months after close that the "recurring revenue" the seller showed was actually billed on month-to-month contracts that nobody had bothered to formalize.
Bucket 2: Legal diligence
The point of legal diligence isn't to find a lawsuit — most SMBs don't have any. It's to find the missing paperwork that creates post-close liabilities.
- Contracts with change-of-control clauses. Every customer contract, every vendor agreement, every lease. About 20% of SMBs have at least one significant contract that requires the counterparty's consent for an ownership transfer. Discovering this at the closing table is fatal.
- IP ownership. Who owns the code, the brand, the trademarks? In SMBs that grew from a founder's side project, the IP is occasionally still owned personally by the founder, not the business. This requires assignment paperwork.
- Employee agreements. NDAs, non-competes, IP assignments, and for tech businesses, equity agreements. Roughly half of SMBs under 100 employees have never put IP assignment agreements in place — meaning the engineers who wrote the codebase may hold partial claims to it.
- Pending litigation. Even small claims. Especially small claims — they signal cultural issues that compound post-close.
Bucket 3: Customer diligence
The single most ignored diligence area in SMB transactions. Buyers focus on financials and miss the underlying customer relationships.
- Customer interviews. Talk to 8–12 customers, structured interviews, ideally without the seller's awareness so customers speak freely. You're testing two things: (a) is the relationship with the company or with the founder? (b) would they renew if ownership changes?
- Cohort retention analysis. Build the retention curve by cohort. Most SMB sellers don't have this data at hand; insist on the underlying transaction log so you can build it. Hidden problems become visible (most companies have a deteriorating retention trend somewhere in the data).
- Customer concentration risk by segment. Not just "no customer
15%" but "no industry vertical >40%, no geography >50%, no customer-acquisition channel >60%". Single-channel risk is particularly common in SMBs that grew through one route.
The deal-killer here is "founder-attached" customer relationships. Customers who've been with the business 8 years because they trust the founder, and who'll churn within 18 months of close once they realize the founder is gone.
Bucket 4: Technology diligence
For SMBs with material technology — SaaS, e-commerce, software- enabled services — the tech diligence is the longest pole.
- Code review by an independent engineer. Not the seller's engineering team. A 2–4 week review producing a written report on: technical debt level, security posture, scalability constraints, key-person dependencies in the codebase.
- Infrastructure. What's hosted where? What's the monthly cloud cost trajectory? Any critical services dependent on a single vendor or a single engineer's API key?
- Data architecture. How does the customer data flow? Are there GDPR/CCPA compliance gaps? What does data export look like if needed?
- Software licenses. Every open-source license used in the codebase. GPL contamination is rare but kills deals when found.
The deal-killer: discovering during integration that the seller's codebase is 10 years of accreted hacks held together by one engineer who'd announced their departure two months before the close.
Bucket 5: HR & key-person diligence
The talent layer is where post-close value gets destroyed if diligence missed something.
- Key-person interviews. Identify the 5–8 employees whose departure would be material. Interview each. Not to find a flight risk to flag — to assess engagement and signal whether they'd stay through a transition.
- Retention plans. Pre-negotiate retention bonuses for the critical 5–8. The cost is real ($50k–$200k per person typically) and worth it; losing all five in the 60 days post-close routinely destroys 20–40% of the deal value.
- Org chart vs. reality. Who actually does the work the org chart says they do? In SMBs, titles and actual responsibilities often don't match. Map the real workflow.
- Comp benchmarking. Is the team paid at market? Below-market comp creates flight risk; above-market comp creates integration conflict with the buyer's pay bands.
Bucket 6: Commercial diligence
The market-side check. Often skipped in SMB deals; usually the most informative when done well.
- Market size and growth trajectory. Is the business in a growing or shrinking market? Industry-level data, not seller- provided.
- Competitive positioning. Who's gaining and losing share? What's the moat — and is it durable or eroding?
- Pricing power. Has the business raised prices in the last 3 years? If not, why not?
- Pipeline quality. Look at the next 90–180 days of pipeline in the CRM. Apply realistic conversion rates. Compare to the seller's projection.
The diligence sequence
The order matters. The way I run a 60-day diligence:
- Week 1–2: financial QoE + initial legal scoping. Cheapest diligence to run first, and surfaces the most common deal-killers.
- Week 3–4: customer interviews + cohort analysis. Often reveals issues that change the deal terms.
- Week 4–6: technology diligence (if applicable) + HR/key- person work.
- Week 6–8: commercial diligence + final legal review.
- Week 8: close or kill.
Most diligence processes run in reverse — legal first, financial last. That's wrong. Financial issues are the most likely deal-killers; surface them first when you've spent the least.
What separates good buyers from bad buyers
Bad buyers run the checklist as a compliance exercise — gather all the documents, check the boxes, close the deal. Good buyers run it as a diagnostic — every finding adjusts the model, the price, or the deal structure. Bad buyers close deals; good buyers close good deals.
If your diligence process is taking 60 days and not adjusting the deal terms by the end of it, you're not running diligence — you're running an audit. The findings should change the deal. If they don't, either the deal is genuinely perfect (rare) or the diligence isn't sharp enough.
The acquisitions that produce returns are the ones where the buyer knew exactly what they were buying — and structured the deal around the real risks they found. The acquisitions that destroy value are the ones where the diligence happened on a checklist but didn't actually inform the deal. Run the six buckets honestly, let the findings change the terms, and walk away when they should.
