The Exit Ready Series · Post R.9
View the full series →Risk, Lawsuits, and Insurance — What Buyers Are Really Asking
Buyers don't mind risk. They mind undisclosed risk. The difference is the whole Legal diligence process.
In the spring of 2022, a Meridian technician fell off a commercial rooftop.
He was working on a chiller replacement at a strip mall in Akron when he stepped onto what he thought was a stable piece of flashing. He fell about 12 feet, fractured his hip and 3 ribs. Workers' comp covered the medical bills and his lost wages. Ed visited him in the hospital twice and wrote a $2K check from the company account for the family's grocery bills.
The technician came back to work in early 2023. Ed thinks of the incident as handled.
It is not handled. The workers' comp claim is still open. The technician's physician has not issued a final impairment rating. There is an ongoing dispute between the carrier and the treating doctor over whether the hip requires a second surgery. The claim shows up on Meridian's loss runs — a standard report any buyer's risk team pulls in the first week of diligence.
Ed has not looked at the loss runs in 3 years. He does not know the claim is still active. He does not know the carrier has reserved $180K against it. When the buyer asks him to disclose all pending claims, he does not list it because he believes it was resolved when the technician came back to work.
In week 3 of diligence, the buyer's risk team pulls the loss runs. The open claim is on page 2.
This is where risk becomes expensive.
The 2 Buckets
Every business carries risk. Buyers expect a business whose risks are known, documented, and priced.
Disclosed risk is manageable. The buyer can quantify it, price it into the deal, and structure protections around it.
Undisclosed risk is a different category. Not because the underlying risk is worse — it is often small — but because the seller's failure to disclose raises a larger question: what else have you not told us?
Undisclosed risk is priced as if there might be more of it. Ed's open comp claim was not large. But it was not disclosed. The $2K check he wrote was a kindness. To the buyer's attorney, it was an undocumented payment related to an open claim the seller failed to report. That implies other exposures might exist.
One undisclosed claim costs more than three disclosed claims.
What the Buyer's Risk Team Does
When diligence begins, the buyer's risk team runs a parallel process. They are not looking at valuation. They are looking at what could go wrong after closing.
Their checklist is dense. Pending and threatened litigation. Settled litigation with ongoing obligations. Regulatory investigations. OSHA findings. Employment claims. Insurance claims for the last 7 years. Coverage limits, exclusions, renewal dates, premium history, loss runs.
They run the checklist against every state and federal database that is publicly searchable, and they ask the seller for the same information directly. The 2 versions have to match.
Insurance Coverage Is a Valuation Input
Founders tend to buy insurance once at a level that seemed appropriate, then let it roll. Revenues grow. Exposures grow. The policy stays roughly where it was.
For Ed's business — $28M in revenue, commercial HVAC, crews on rooftops in 4 states — the buyer's risk team expects general liability limits of $5M minimum, ideally with a $5M umbrella. Ed has a $2M general liability with a $1M umbrella. Adequate for a business half his size. Not adequate for Meridian.
The gap becomes a line item. The buyer adds the cost to upgrade to their go-forward projections and the purchase price reduction.
Cyber coverage is the one almost nobody has and almost every buyer now requires. Ed has none. The buyer's IT team flags the absence in week 4. Ed agrees to a cyber-incident indemnity provision because he does not have a better option by the time it is on the table.
What Ready Looks Like
A founder ready for the risk review treats every known exposure as a documented line item, not a memory.
A live risk register exists. Every pending claim, every regulatory inquiry, every insurance claim from the last 7 years — current status and potential cost on each one. Reviewed quarterly, not improvised when the buyer asks.
Insurance coverage has been benchmarked against companies of similar size and exposure profile. The gaps are either closed or priced into the budget for the prep year.
The litigation search has already been run. A few hundred dollars. Results filed alongside the risk register. The founder knows what the buyer is going to find before the buyer finds it.
For Meridian, none of these were true.
The Ed Moment
3 weeks into diligence, Ed sat across from his M&A attorney with a printout of the buyer's findings. The Akron comp claim was at the top of the list.
Ed said he had forgotten about it. The attorney said the buyer did not care that he had forgotten. The buyer cared that he had missed it.
Ed asked what it was going to cost.
"More than the claim. Whatever they find next, you'll pay for too."
What this cost Ed: $95K.
- Undisclosed Akron comp claim triggered an escrow holdback provision that tied up capital for 18 months; carrying cost and concession value priced into final terms.
- General liability and umbrella coverage benchmarked below comparable businesses; bring-up cost added to projections plus purchase price reduction.
- No cyber coverage; cyber-incident indemnity provision accepted under time pressure.
Another cut.
Don't be Ed.