Luma Financial Technologies — Due Diligence Playbook
This playbook covers the due diligence framework used to screen and qualify acquisition targets, and the governance forums that review M&A activity.
Section 1 — Five Gates Overview
Each acquisition is screened through five gates. A deal must pass every gate; failing any one is a kill.
| Gate | Focus |
|---|---|
| 1 — Strategic | Does this fit Luma's strategy and acquisition criteria? |
| 2 — Commercial | Are the business and customer fundamentals sound? |
| 3 — Technical | Is the tech buildable, maintainable, and secure? |
| 4 — Financial & Legal | Do the finances and legal position match the narrative? |
| 5 — Integration Feasibility | Can we integrate this at speed and cost effectively? |
Section 2 — Gate 1: Strategic
Purpose. Confirm the target advances Luma's strategy and meets the ecosystem criteria. Filter before significant investment is made and should be possible based on public information and relationships.
Inputs from seller. Typically none at this stage. Potentially NDA.
What we assess.
- Acquisition criterion (Network Effects / Parenting Advantage / Ecosystem Lock-In)
- Acquisition vs. Build or Partner
- Why is Luma the best acquirer
- Does it align with the IPO narrative
Kill criteria.
- Fails the above
- Hits an Explicit NO
Who leads. Strategic workstream — CEO/COO/M&A Strategy team.
Section 3 — Gate 2: Commercial
Purpose. Confirm the commercial fundamentals — revenue quality, customer base, growth, differentiation. The business must be sustainable through and beyond an acquisition.
Inputs from seller.
- Top 20 customers by revenue, with change-of-control / assignment provisions
- NRR and churn cohort data
- Customer references, win rates, pricing strategy
What we assess.
- Revenue concentration and churn
- NRR trajectory
- Pricing power and product differentiation
- Whether seller price is justified by the business
Kill criteria.
- Customer churn too high
- NRR <90% and declining
- No meaningful product differentiation
- Seller price not justified by the business
Who leads. Commercial workstream — COO + Ash + Corp Dev.
Section 4 — Gate 3: Technical
Purpose. Assess the quality of the target's technology — codebase health, security, API maturity, cloud architecture, cost base, data schema. Standalone technical due diligence on what we'd be inheriting.
Inputs from seller.
- Full codebase access
- Architecture documentation
- Test coverage metrics
- API documentation
- Infrastructure costs and cloud spend
- Data schema
- Security history and audit reports
- Engineering org chart and tenure
What we assess.
- Code quality, technical debt, commit concentration
- API maturity and coverage
- Cloud architecture and scalability
- Security posture and remediation work inherited
- True cost of maintenance (infra + headcount)
- Data schema cleanliness
Kill criteria.
- No API layer
- Test coverage too low
- Unpatched critical security vulnerabilities
- Severe technical debt that makes ongoing operation uneconomic
Who leads. Technical workstream — External tech DD firm + Luma tech team.
Section 5 — Gate 4: Financial & Legal
Purpose. Confirm the finances match the narrative. Identify legal and regulatory risk Luma inherits on close.
Inputs from seller.
- Monthly accounts, cap table
- Material contracts, any patents
- Litigation history, customer complaints
- Employment and key talent agreements
- Regulatory licences
What we assess.
- Revenue quality, EBITDA, hidden liabilities
- Tax position and transferability
- Change-of-control triggers in material contracts
- Cap table
- Regulatory and data privacy exposure
- Key talent terms
Kill criteria.
- Risk-adjusted payback >5 years
- Material undisclosed liabilities or litigation
- Regulatory licences non-transferable
- Change-of-control issues
Who leads. Financial & Legal workstream — External counsel, coordinated by Gim.
Section 6 — Gate 5: Integration Feasibility
Purpose. Confirm Luma can integrate the target at intended speed and cost. Failure can block both benefits being realised and future acquisitions.
Inputs from seller.
- Org charts, tenure, retention risk (in particular tech)
- System dependencies and external integrations
- Customer data flows
- Existing partner / vendor contracts
What we assess.
- Integration cost estimate as % of acquisition price
- API consolidation and data migration effort
- Luma engineering capacity vs. competing priorities
- Key engineer retention
Kill criteria.
- Integration cost >X% of acquisition price
- Critical engineers unwilling to sign retention
- No spare Luma engineering capacity
Who leads. Technical workstream — Luma tech team.
Section 7 — Governance Meetings
How is any M&A reviewed? What meetings should we create?
| Forum | Frequency | Scope |
|---|---|---|
| M&A Committee | Monthly | Pipeline; gate reviews and kill decisions; budget and strategy |
| Integration | Weekly | KPI led, RAG escalation, resource conflicts |
| Retrospective | After each close | Lessons learned; amendments before next deal |