Due Diligence Analyst

AI-powered use cases for due diligence analyst professionals.

1. AI Subsidiary & Affiliated Entity Mapper

Maps the full corporate ownership tree — direct subsidiaries, indirect holdings, VIEs, nominee structures, and shell entities — across 50+ jurisdictions in hours, not weeks.

Pain Point & How COCO Solves It

The Pain: Corporate Structure Investigation Paralyzes Deal Timelines

In today's cross-border M&A, private equity, and regulatory compliance landscape, due diligence analysts face a compounding problem: the entities they need to investigate rarely disclose their full corporate structure upfront. A target company may control dozens of subsidiaries across multiple jurisdictions — some through direct ownership, others through variable interest entity (VIE) structures, nominee directors, or layered holding companies designed to obscure beneficial control. Mapping this structure manually requires pulling registrations from each national business registry, reconciling naming variations, translating foreign-language filings, and chasing down references buried inside articles of incorporation — a process that takes experienced analysts weeks and still yields incomplete pictures.

The stakes are high and the errors are costly. Missing a subsidiary means missing liabilities: unresolved litigation, regulatory sanctions, tax arrears, or reputational red flags that would have changed the deal entirely. In cross-border transactions, a single undisclosed VIE structure in one jurisdiction can invalidate an entire acquisition thesis. Regulatory bodies — including the SEC, FCA, and CSRC — increasingly hold acquirers responsible for the compliance history of every entity in the target's corporate tree, not just the parent. The legal exposure from an incomplete corporate map is often larger than the transaction premium.

The downstream cost compounds further when the same mapping work must be repeated for every deal, every portfolio company review, and every periodic compliance refresh. Analyst time that should go toward qualitative judgment — evaluating management quality, market positioning, litigation risk — gets consumed by registry lookups and spreadsheet reconciliation. Junior analysts make errors under time pressure. Senior analysts spend cycles reviewing work that should never have required their attention. And when the deal timeline compresses, the corporate structure map is the first artifact to get shortcuts — creating risk that surfaces only after close.

How COCO Solves It

Multi-Source Corporate Registry Integration: COCO aggregates data from official registries and verified commercial sources simultaneously:
- Queries national and provincial business registries across 50+ jurisdictions in parallel
- Reconciles entity names across languages, scripts, transliterations, and common abbreviations
- Ingests uploaded documents — articles of incorporation, shareholder agreements, annual reports — to extract ownership data not available in public registries
- Cross-references commercial databases (Dun & Bradstreet, Bureau van Dijk, CNKI filings) with official registry data to fill gaps
- Flags jurisdictions where data availability is limited and surfaces alternative verification pathways
Automated Ownership Graph Construction: COCO builds a navigable visual and structured ownership map:
- Identifies direct subsidiaries (majority and minority) at every tier of the corporate tree
- Traces indirect ownership chains through holding companies, SPVs, and fund structures
- Calculates effective economic interest at each level, distinguishing voting control from economic exposure
- Detects circular ownership structures and cross-holdings that indicate complex control arrangements
- Exports the ownership graph as structured data (JSON, CSV) and visual diagrams compatible with VizTool, PowerPoint, and due diligence platforms
VIE, Nominee, and Shell Structure Detection: COCO surfaces concealed control arrangements:
- Identifies variable interest entity (VIE) structures common in Chinese technology and education sectors
- Flags nominee director patterns where the same individual appears across unrelated entities in high-secrecy jurisdictions
- Detects shell company indicators: no employees, no physical address, single-director structures, registered agent addresses shared by hundreds of entities
- Cross-references beneficial ownership registers (UK PSC Register, EU registers) for disclosed ultimate beneficial owners
- Generates a risk score for each entity based on structural complexity, jurisdiction risk, and transparency signals
Sanctions, Litigation, and Regulatory Screening: COCO enriches every entity node with compliance data:
- Screens all identified entities against OFAC, EU, UN, and national sanctions lists in real time
- Pulls litigation records, regulatory enforcement actions, and administrative penalties from court databases and regulator portals
- Checks for tax liens, insolvency filings, and business license suspensions across jurisdictions
- Identifies politically exposed person (PEP) connections through director and shareholder cross-referencing
- Generates a consolidated compliance risk flag summary with source citations for each finding
Change Monitoring and Periodic Refresh: COCO maintains the corporate map over time:
- Monitors registry feeds for ownership changes, director appointments, and structural reorganizations
- Alerts analysts within 24 hours when a material change is detected in any entity in the map
- Compares current structure against prior snapshots to highlight what changed, when, and at which tier
- Schedules periodic full-refresh runs aligned with portfolio review cycles or regulatory reporting deadlines
- Maintains a version-controlled audit trail of every map state for regulatory and legal defense purposes
Due Diligence Report Generation: COCO produces client-ready deliverables automatically:
- Generates a structured corporate structure memo with ownership chart, entity list, jurisdiction summary, and risk flag register
- Produces an executive summary calibrated for investment committee, legal counsel, or regulatory submission audiences
- Creates a data room–ready package with all source documents, registry extracts, and verification logs linked to each entity node
- Flags gaps in the map — entities referenced but not yet fully verified — with suggested next steps for each
- Supports iterative refinement: analysts add context or corrections, and COCO regenerates the report with updated findings

Results & Who Benefits

Measurable Results

Corporate mapping time: Reduced from 3–6 analyst weeks to under 8 hours for a mid-complexity target (85–90% time savings)
Entity coverage: Identified an average of 2.3x more subsidiary entities per target compared to manual registry searches alone
Sanctions and litigation hit rate: Pre-close compliance flags detected in 94% of cases where post-close issues later emerged — vs. 61% with manual processes
Analyst rework cycles: Downstream corrections to corporate maps reduced from an average of 4.2 rounds to under 1 round per engagement
Time to first deliverable: Investment committee–ready corporate structure memo produced within 1 business day of engagement kickoff, vs. 2–3 weeks manually

Who Benefits

Due Diligence Analysts: Eliminate registry lookups, translation work, and spreadsheet reconciliation — redirect capacity to qualitative judgment and risk interpretation that drives actual deal decisions
M&A and Private Equity Deal Teams: Compress pre-LOI and post-LOI timelines; enter negotiations with a complete picture of what you are buying, not a partial one
Legal Counsel and Compliance Officers: Obtain audit-ready documentation of corporate structure investigation with source citations, version history, and gap disclosures — satisfying regulatory and legal defense standards
Investment Committees and LPs: Receive a consistent, verifiable corporate structure deliverable for every deal rather than analyst-dependent ad-hoc outputs, enabling more reliable investment screening

💡 Practical Prompts

Prompt 1: Initial Corporate Structure Mapping

Map the full corporate ownership structure for the following target entity.

Target entity: [legal entity name]
Jurisdiction of incorporation: [country/state]
Known subsidiaries or related entities (if any): [list or "unknown"]
Purpose: [M&A due diligence / regulatory filing / AML compliance / investment screening]
Depth required: [direct subsidiaries only / full tree to ultimate beneficial owner]
Jurisdictions of interest: [list or "all"]

Deliverables:
1. Ownership tree diagram showing all entities, ownership percentages, and jurisdictions
2. Entity register table: name, jurisdiction, registration number, incorporation date, status
3. Beneficial owner summary: who ultimately controls more than [5%/10%/25%] of voting rights
4. Flags: any entities in high-risk jurisdictions, with nominee directors, or matching VIE patterns
5. Data gaps: entities identified but not fully verified, with suggested verification steps

Output format: Structured report + exportable entity table (CSV) + visual ownership diagram

Prompt 2: Subsidiary Integrity Check

Perform an integrity check on the following subsidiary entities identified in our corporate structure map.

Entities to check (provide list):
1. [Entity name] — [Jurisdiction] — [Registration number if known]
2. [Entity name] — [Jurisdiction] — [Registration number if known]
...

Check each entity for:
1. Active business registration status — confirm not dissolved, suspended, or struck off
2. Sanctions screening — OFAC, EU, UN, and relevant national lists
3. Litigation and enforcement — active lawsuits, regulatory penalties, administrative actions
4. Tax compliance — any publicly disclosed tax liens, arrears, or investigations
5. Director/shareholder cross-checks — flag individuals appearing on PEP lists or adverse media
6. Address verification — flag registered-agent-only addresses or addresses shared by 50+ companies

Output: Entity-by-entity integrity scorecard with red/amber/green status, finding details, and source citations for every flag.

Prompt 3: Beneficial Owner Identification

Identify the ultimate beneficial owners (UBOs) of the following entity, tracing through all intermediate holding layers.

Target entity: [legal entity name and jurisdiction]
Ownership threshold for UBO identification: [10% / 25% / any controlling interest]
Available documents: [articles of incorporation / shareholder register / annual report — attach or paste relevant sections]

Analysis required:
1. Direct shareholders and their ownership percentages
2. For each corporate shareholder: repeat analysis up the chain until natural persons are reached
3. Flag any layers where ownership data is unavailable or obscured
4. Identify nominee arrangements: directors or shareholders acting on behalf of undisclosed principals
5. Cross-reference identified UBOs against PEP lists, sanctions lists, and adverse media databases

Output: UBO chain diagram + narrative summary of beneficial control + compliance risk assessment for each identified UBO

Prompt 4: VIE and Offshore Structure Analysis

Analyze the following corporate structure for VIE arrangements, offshore holding layers, and structural red flags.

Structure description or documents: [paste structure summary or attach org chart / filings]
Industry of target: [technology / education / healthcare / other regulated sector]
Jurisdictions involved: [list known jurisdictions in the structure]

Analyze:
1. VIE indicators: contractual control arrangements substituting for direct equity ownership — identify any WFOE/VIE/operating entity triangles
2. Offshore holding layers: Cayman, BVI, Bermuda, or similar — assess purpose (tax efficiency vs. opacity) and regulatory implications
3. Nominee director patterns: same individuals appearing as directors across multiple shell entities
4. Round-trip investment structures: capital that originates domestically, routes offshore, and re-enters as "foreign investment"
5. Regulatory risk: jurisdictions where this structure may face challenges under current or proposed law

Output: Structure analysis memo with flagged elements, regulatory risk rating (low/medium/high), and recommended legal counsel review items

Prompt 5: Periodic Ownership Change Monitoring Report

Generate a monitoring report for changes in the corporate structure of the following portfolio entities since the last review date.

Portfolio entities: [list entity names and jurisdictions]
Last review date: [date]
Monitoring scope: [ownership changes / director changes / regulatory actions / all]

For each entity:
1. Confirm current registration status vs. status on [last review date]
2. Identify any ownership transfers, new shareholders, or departing shareholders
3. Flag director or officer appointments and resignations
4. Surface any new litigation filings, regulatory notices, or enforcement actions
5. Note any address changes, name changes, or business scope amendments

Output: Change summary table (entity × change type × date × significance rating) + narrative summary of material changes requiring deal team attention + recommended follow-up actions for high-significance changes

2. AI Beneficial Owner Identification Engine

Traces ultimate beneficial ownership through multi-layer holding structures, nominee arrangements, and trust intermediaries across 80+ jurisdictions — producing a verified UBO map with compliance risk ratings in hours rather than weeks.

Pain Point & How COCO Solves It

The Pain: Beneficial Ownership Opacity Paralyzes AML and Pre-Deal Compliance

Identifying the true human beings who ultimately own or control a corporate entity is among the most demanding tasks in due diligence. Corporate structures are frequently designed — whether for tax efficiency, confidentiality, or deliberate concealment — to interpose multiple holding layers between the operating company and its real owners. A target may be owned by a Cayman Islands holding company, whose sole shareholder is a BVI trust vehicle, whose beneficiaries are undisclosed under local secrecy law, whose trustee is a licensed fiduciary acting on instructions from a management company registered in a jurisdiction with no beneficial ownership register. Each hop in that chain requires a separate inquiry, separate documentation, and specialist knowledge of how each jurisdiction discloses — or refuses to disclose — ownership data. For an analyst managing multiple targets simultaneously, the time required to trace even a single chain to natural persons can consume an entire engagement.

The compliance stakes are exceptionally high. Anti-money laundering (AML) regulations under FATF, FinCEN, the EU's AMLD series, and equivalent frameworks in Asia-Pacific require financial institutions and acquirers to identify and verify UBOs above defined thresholds — typically 10% or 25% — before executing transactions. Failure to identify a sanctioned UBO, a politically exposed person (PEP), or an individual under law enforcement scrutiny can expose the buyer to transaction blocking, regulatory fines, reputational damage, and in some jurisdictions, criminal liability for the responsible officer. The same individual may appear under different name transliterations, aliases, or through corporate nominees that only reveal their principal upon compelled disclosure. Manual cross-referencing is error-prone, and the consequences of a miss are severe.

The problem compounds in cross-border M&A, where the target's UBO chain may span jurisdictions with conflicting disclosure standards. The EU's beneficial ownership registers offer partial transparency, but access is increasingly restricted following post-Costeja privacy rulings. The United States' new Corporate Transparency Act reporting is still building toward full coverage. Offshore centers like the Cayman Islands, BVI, and Jersey impose strict confidentiality that can only be pierced through legal process. An analyst working without AI-assisted aggregation must maintain working knowledge of disclosure rules in dozens of jurisdictions simultaneously — a human impossibility at scale. The result is UBO reports that are incomplete, inconsistently sourced, and defensible only if never challenged.

How COCO Solves It

Multi-Jurisdiction UBO Registry Integration: COCO systematically aggregates beneficial ownership data across global sources:
- Queries EU member-state beneficial ownership registers, UK PSC Register, FinCEN BOI database, and equivalent national registers simultaneously
- Accesses commercial UBO aggregation services (Orbis, LexisNexis, Refinitiv) and reconciles data across conflicting sources
- Ingests uploaded corporate documents — trust deeds, shareholder registers, notarized declarations — and extracts ownership data not available in public databases
- Tracks jurisdictional disclosure thresholds automatically, flagging when a reported percentage may be below the local UBO definition threshold
- Generates jurisdiction-by-jurisdiction data availability scores, alerting analysts to gaps requiring enhanced due diligence or legal process
Layered Ownership Chain Reconstruction: COCO automatically maps the full ownership hierarchy:
- Traces direct and indirect ownership chains from operating entity upward through each holding layer to natural persons
- Calculates aggregate effective ownership percentages at each layer, accounting for fractional stakes through intermediate vehicles
- Identifies control relationships that diverge from ownership — shareholder agreements, board appointment rights, golden shares, veto provisions
- Detects nominee arrangements by cross-referencing directors with known fiduciary service providers and registered agent databases
- Produces a structured chain-of-ownership diagram with economic interest and voting control columns side by side
Trust and Foundation Structure Analysis: COCO handles complex wealth vehicles used to obscure beneficial ownership:
- Identifies trust structures by detecting trustee entities registered as professional fiduciaries in Cayman, Channel Islands, or Liechtenstein
- Extracts beneficiary information from trust deeds where available and flags sealed or blind trust arrangements
- Analyzes foundation structures (Stiftung, Fondation) under continental European and Caribbean law for beneficial interest holders
- Cross-references discretionary trust beneficiaries against PEP and sanctions lists to surface hidden risks
- Generates a trust-layer summary distinguishing fixed beneficiaries, discretionary beneficiaries, and protectors
Sanctions and PEP Screening of Identified UBOs: COCO screens every identified natural person at the chain terminus:
- Screens identified UBOs against OFAC SDN list, EU Consolidated Sanctions List, UN Consolidated List, HMT Sanctions, and 20+ national lists in real time
- Checks all UBOs against global PEP databases including direct PEPs, family members, and close associates (PEP+1/+2 levels)
- Runs adverse media screening for each identified UBO across 10,000+ global media sources in 40+ languages
- Generates a per-UBO risk profile combining jurisdiction risk, PEP status, sanctions exposure, and adverse media findings
- Flags any UBO for whom identity verification documentation is absent or inconsistent across sources
Nominee and Proxy Arrangement Detection: COCO surfaces concealed beneficial control relationships:
- Cross-references director databases to identify professional nominees — individuals who appear as directors or shareholders in hundreds of companies
- Analyzes voting agreements, power of attorney records, and management agreements for de facto control language
- Flags nominee service providers appearing in known offshore secrecy structures in BVI, Cayman, Seychelles, and Vanuatu
- Identifies patterns where a single natural person's name appears across multiple unrelated corporate vehicles in the same structure
- Generates a nominee suspicion score with supporting evidence for each flagged arrangement
UBO Due Diligence Report Generation: COCO produces compliant, client-ready UBO deliverables:
- Generates a structured UBO identification memo per FATF Recommendation 24 standards and EU AMLD disclosure requirements
- Produces an ownership chain visualization with natural persons highlighted and screening results embedded at each node
- Creates a verification status log showing which UBO identities have been confirmed through document review vs. database-only sourcing
- Drafts an enhanced due diligence narrative for any high-risk UBO, summarizing risk factors and recommended remediation steps
- Exports a machine-readable UBO data file compatible with KYC onboarding platforms and AML case management systems

Results & Who Benefits

Measurable Results

UBO identification time: Reduced from 2–4 analyst weeks per complex target to under 12 hours for multi-layer structures (80–85% time savings)
Coverage completeness: AI-assisted UBO mapping identifies 94% of beneficial owners meeting the 25% threshold vs. 71% using manual registry-only approaches
PEP and sanctions hit detection: Screening accuracy improved by 37% when AI aggregates multiple name transliterations and aliases vs. single-pass manual screening
Nominee arrangement detection: AI surface-layer analysis identifies nominee arrangements at a rate 3.1x higher than document-only review
Compliance defensibility: UBO reports produced by COCO carry complete source citation logs, reducing regulatory challenge exposure by an estimated 60% in audited engagements

Who Benefits

Due Diligence Analysts: Eliminate the multi-week manual chain-tracing process and focus on interpreting risk findings rather than assembling raw ownership data
Compliance and MLRO Officers: Obtain UBO reports that satisfy FATF, EU AMLD, and FinCEN BOI standards with complete audit trails — critical for regulatory examination readiness
M&A Legal Counsel: Receive verified UBO maps with source citations and gap disclosures that support legal opinions on ownership structure and change-of-control requirements
Financial Institutions and Transaction Banks: Clear KYC obligations for counterparties and beneficial owners before transaction closing, reducing transaction blocking risk

💡 Practical Prompts

Prompt 1: Full UBO Chain Identification

Identify the ultimate beneficial owners (UBOs) of the following corporate entity, tracing all intermediate holding layers.

Target entity: [legal entity name]
Jurisdiction of incorporation: [country]
Known shareholders (if any): [list or "unknown"]
UBO threshold: [10% / 25% / any controlling interest]
Available documents: [shareholder register / trust deed / articles of incorporation — attach or paste]

Analysis required:
1. Direct shareholders with percentage stakes and entity types (corporate / natural person / trust / foundation)
2. For each corporate shareholder: trace upward through each layer until natural persons are reached
3. For each trust or foundation: identify trustee, beneficiaries, and protector (if disclosed)
4. Flag each layer where data is unavailable, incomplete, or sourced from non-verified databases
5. For each identified natural person: provide name, nationality, percentage effective ownership, and screening results (sanctions / PEP / adverse media)

Output: UBO chain diagram + ownership chain table (entity → type → jurisdiction → % → data source) + per-UBO risk profile

Prompt 2: Nominee Arrangement Detection

Analyze the following corporate structure for nominee director and shareholder arrangements.

Corporate structure documents: [attach or paste articles of incorporation, director register, shareholder agreement]
Jurisdictions involved: [list]
Concern type: [nominee directors / nominee shareholders / undisclosed principals / all]

Identify:
1. Individuals who appear as directors or shareholders in this structure AND in 10+ other unrelated entities
2. Registered agent or fiduciary service provider addresses serving as director or shareholder
3. Voting agreements or powers of attorney that transfer control away from the registered shareholder
4. Any language in shareholder agreements indicating undisclosed beneficial interest arrangements
5. Cross-reference all identified nominees against known professional nominee service provider databases

Output: Nominee suspicion scorecard with flagged individuals/entities, evidence summary, and recommended verification actions (beneficial interest declaration, notarized POA review, direct interview)

Prompt 3: PEP and Sanctions Screening of Identified UBOs

Run a PEP and sanctions screening on the following identified ultimate beneficial owners.

UBO list:
1. Name: [full name] | Nationality: [country] | Date of birth: [if known] | Role: [shareholder / director / beneficiary]
2. [repeat for each UBO]

Screening scope:
- Sanctions: OFAC SDN, EU Consolidated Sanctions, UN Consolidated List, HMT Financial Sanctions, [any additional lists]
- PEP: Direct PEP status + family members + close associates (PEP+1 and PEP+2 if material)
- Adverse media: Past 5 years, global coverage, topics: corruption / fraud / AML / criminal proceedings / regulatory sanctions

For each UBO, provide:
1. Sanctions match status: confirmed match / possible match (name similarity) / no match — with evidence
2. PEP status: category (head of state / minister / senior official / state-owned enterprise / judicial) and country
3. Adverse media summary: key findings with source names and publication dates
4. Overall risk rating: low / medium / high / critical with justification

Output: UBO screening report table + narrative risk summary for any medium-risk or above findings

Prompt 4: Trust and Foundation Beneficial Interest Analysis

Analyze the following trust or foundation structure for beneficial ownership disclosure purposes.

Structure type: [discretionary trust / fixed trust / private foundation / Stiftung / other]
Jurisdiction of establishment: [country]
Available documents: [trust deed / foundation charter / trustee declaration — attach or paste relevant sections]
Purpose of analysis: [KYC onboarding / M&A UBO identification / AML filing / regulatory inquiry]

Identify and analyze:
1. Settlor / founder: identity, nationality, and relationship to the operating entity under review
2. Trustees: identity (individual or corporate), jurisdiction, and whether they appear to be professional nominees
3. Beneficiaries: fixed vs. discretionary; named beneficiaries vs. class descriptions (e.g., "issue of the settlor")
4. Protector (if any): identity, appointment rights, and veto/removal powers over trustees
5. Letter of wishes or side letter: any disclosed instructions that modify the formal trust terms
6. Screen all identified individuals against sanctions, PEP, and adverse media databases

Output: Beneficial interest map + disclosure gap assessment + risk rating + recommended next steps (trustee declaration request / legal opinion / enhanced due diligence)

Prompt 5: UBO Verification Status Memo

Generate a UBO verification status memo for the following transaction, summarizing the completeness and reliability of beneficial ownership identification.

Transaction: [acquisition / investment / lending / KYC onboarding]
Target entity: [name and jurisdiction]
UBO identification findings to date: [paste summary or attach UBO report]
Verification documents received: [list documents obtained]
Outstanding gaps: [list any unverified layers or undisclosed owners]

Memo structure:
1. Executive summary: identified UBOs, their aggregate ownership percentages, and overall verification status
2. Verified UBOs: name, percentage, verification method (document / register / declaration), and screening status
3. Unverified layers: each unresolved layer with explanation of why data is unavailable and steps taken
4. Risk assessment: whether unverified layers represent material ownership risk at the applicable threshold
5. Recommended next steps: specific actions (formal request for documentation, legal opinion, third-party verification) with timeline

Output: Formal UBO verification memo in compliance-ready format suitable for regulatory examination or file defense

3. AI Sanctions & PEP Screening Orchestrator

Orchestrates multi-list sanctions screening and PEP identification across all entities, directors, shareholders, and counterparties in a transaction — with alias resolution, transliteration matching, and jurisdictional list management built in.

Pain Point & How COCO Solves It

The Pain: Manual Sanctions Screening Fails at Transaction Scale and Generates Unacceptable False Negative Risk

Sanctions and PEP screening is non-negotiable in financial transactions, yet the practical execution of screening at deal scale is deeply problematic. A mid-sized M&A transaction may involve the target company, its twenty subsidiaries, fifty directors and senior officers, thirty significant shareholders, ten major customers, and fifteen key suppliers — each requiring screening against OFAC, EU, UN, HMT, and relevant national lists, plus global PEP databases. Multiplied across dozens of deals in a year, and accounting for the fact that sanctions lists update multiple times per week, the workload overwhelms any manual process. Analysts working under time pressure frequently screen only the primary entity and the most visible individuals, leaving counterparty networks, nominee directors, and minority shareholders unscreened — precisely the vectors through which sanctioned persons most commonly gain hidden access to financial systems.

The name matching problem alone makes manual screening unreliable. Sanctioned individuals appear in databases under their legal name, but transactions may involve entities controlled by those individuals under corporate names that contain no personal identifier. Names transliterated from Arabic, Chinese, Russian, Persian, or Korean scripts produce multiple valid romanizations — and a manual analyst screening "Mohammed Al-Rashid" will not automatically also screen "Muhammad Al-Rasheed," "Mohamad Alrashid," or the dozens of other plausible variants. PEP databases compound this: an individual who held a government position may be listed as a PEP in one database but not another, or may have left their position recently enough that some databases have not yet updated their status. A false negative on a sanctioned person or a PEP who later becomes the subject of enforcement action produces regulatory and reputational consequences that dwarf the original screening cost.

The compliance landscape is also dynamic in ways that make point-in-time screening insufficient. OFAC alone designates and updates hundreds of entries annually. The EU adds, modifies, and removes designations in response to geopolitical developments — Russia-related sanctions programs have expanded dramatically and continue to evolve. A deal that was clean at signing may have a newly sanctioned counterparty by the time of closing. Without ongoing monitoring, that change goes undetected until an adverse event forces a review. The regulatory standard increasingly requires not just initial screening but continuous monitoring of existing relationships — a requirement that manual processes cannot satisfy at reasonable cost without AI augmentation.

How COCO Solves It

Comprehensive Sanctions List Orchestration: COCO manages multi-list screening with full list coverage and automatic updates:
- Maintains current versions of OFAC SDN and non-SDN lists, EU Consolidated Sanctions List, UN Security Council Consolidated List, HMT UK Financial Sanctions, AUSTRAC, MAS, and 25+ national lists simultaneously
- Updates list coverage within hours of official government publications, ensuring no screening gap during active geopolitical sanctions events
- Applies jurisdiction-specific screening requirements automatically based on the transaction's parties and financial institution's home jurisdiction
- Deduplicates cross-list matches so the same individual sanctioned across multiple lists appears once with all applicable designations cited
- Generates a screening universe inventory — every entity, individual, and address to be screened — before the screening run begins
Fuzzy Name Matching and Transliteration Resolution: COCO resolves the name matching challenge across scripts and aliases:
- Applies phonetic matching algorithms (Soundex, Metaphone, double-metaphone) to catch misspellings and anglicization variants
- Generates all major romanization variants of names transliterated from Arabic, Chinese, Russian, Persian, Korean, and Thai scripts
- Cross-references known aliases, maiden names, and name changes recorded in sanction designations and commercial databases
- Scores each potential match on a confidence scale (confirmed / high-probability / possible / unlikely) rather than binary hit/no-hit
- Presents every possible match above the analyst-defined confidence threshold for human review, with side-by-side evidence
PEP Identification and Classification: COCO identifies politically exposed persons with full classification detail:
- Screens against PEP databases covering 250+ countries with classifications including heads of state, cabinet ministers, senior military and judicial officers, central bank governors, and senior SOE executives
- Identifies PEP+1 (direct family members: spouse, children, parents, siblings) and PEP+2 (close associates: business partners, known advisors) connections
- Tracks historical PEP status for individuals who have left qualifying positions within the past 12–36 months (jurisdiction-dependent cooling-off periods)
- Flags State-Owned Enterprise (SOE) directors and executives in jurisdictions where SOE affiliation constitutes PEP status under applicable law
- Generates a PEP profile for each identified individual including their qualifying role, jurisdiction, tenure, and applicable regulatory treatment
Counterparty Network Screening: COCO screens beyond the primary entity to the full counterparty ecosystem:
- Automatically expands the screening universe to include all directors, significant shareholders (above analyst-defined threshold), and authorized signatories
- Screens key customers, suppliers, and business partners identified during commercial due diligence
- Cross-references payment counterparties from transaction history documents against sanctions lists (particularly for correspondent banking and trade finance contexts)
- Flags any entity where a sanctioned person or PEP holds a beneficial interest above the applicable threshold, even if not named in the entity's registration
- Generates a network risk map showing where sanctions or PEP exposures sit within the counterparty ecosystem
Real-Time Monitoring and Alert Management: COCO maintains screening currency throughout a deal lifecycle:
- Monitors all screened entities and individuals against ongoing sanctions list updates on a daily or configurable basis
- Generates immediate alerts when a new designation covers any entity or individual in the monitored portfolio
- Tracks the full change history of each screened entity — when they were first screened, when re-screened, and any intervening list updates
- Provides a daily digest of sanctions changes relevant to any active deal or monitored relationship
- Integrates with case management systems to escalate new hits directly to compliance officers without requiring manual list monitoring
Screening Report and Compliance Documentation: COCO produces defensible compliance records:
- Generates a comprehensive screening report with per-entity results, match confidence levels, and analyst disposition for each hit
- Creates a list management log showing which list versions were in effect at the time of each screening run
- Produces an escalation memo for any confirmed match or high-probability match, with regulatory guidance on next steps
- Drafts a negative screening certification for clean entities, citing list versions checked and match disposition rationale
- Exports all screening records in formats compatible with major compliance case management platforms (Actimize, Oracle FCCM, Napier)

Results & Who Benefits

Measurable Results

Screening universe coverage: AI-orchestrated screening covers 100% of identified entities and individuals vs. an estimated 40–60% coverage typical in manual deal screening under time pressure
False negative reduction: Fuzzy name matching and transliteration resolution reduce false negatives by 42% compared to exact-match-only screening
Screening throughput: A 50-entity deal universe screened against 30+ lists completed in under 2 hours vs. 3–5 analyst days manually
PEP identification rate: AI PEP+1/+2 screening identifies 2.7x more PEP-connected individuals than primary-entity-only screening
Ongoing monitoring cost: Continuous monitoring of a 100-relationship portfolio requires 4 analyst-hours per month vs. 3+ analyst-weeks for equivalent manual periodic re-screening

Who Benefits

Due Diligence Analysts: Run complete, defensible screening across entire deal universes without manually managing 30+ list files or performing transliteration analysis
MLRO and Compliance Officers: Obtain screening reports with full list versioning, match disposition records, and audit trails that satisfy regulatory examination and enforcement inquiry standards
Transaction Counsel: Receive sanctions clearance documentation that supports legal opinions on OFAC and EU sanctions compliance, including evidence of enhanced diligence for high-risk counterparties
Financial Institutions and Regulated Entities: Demonstrate to regulators a systematic, complete screening process across all counterparties — not just primary obligors — reducing enforcement exposure

💡 Practical Prompts

Prompt 1: Full Transaction Sanctions Screening

Conduct a comprehensive sanctions and PEP screening for the following transaction.

Transaction type: [M&A acquisition / investment / loan / KYC onboarding]
Primary entity: [name, jurisdiction, registration number]
Entities to screen (provide full list):
- Corporate entities: [list all subsidiaries, holding companies, and counterparties]
- Individuals: [list all directors, significant shareholders (above [X]%), authorized signatories, and key management]

Screening requirements:
- Sanctions lists: OFAC SDN, EU Consolidated, UN Consolidated, HMT UK, [any additional national lists]
- PEP screening: direct PEP, PEP+1 (family), PEP+2 (close associates)
- Adverse media: financial crime, corruption, regulatory violations — past [3/5/10] years

For each screened entity/individual:
1. Sanctions status: confirmed match / possible match (with confidence score) / no match
2. PEP status: classification, country, role, and tenure
3. Adverse media: summary of significant findings
4. Overall risk rating and recommended action

Output: Screening results matrix + narrative summary of high/critical risk findings + compliance certification for clean entities

Prompt 2: Name Transliteration and Alias Resolution

Perform a transliteration and alias resolution screening for the following individuals.

Individuals to screen:
1. Name as provided: [name as it appears in the document]
   Known aliases or prior names: [if any]
   Nationality: [country]
   Date of birth: [if known]
   Script of origin: [Arabic / Chinese / Russian / Persian / Korean / other]

2. [Repeat for each individual]

Analysis required:
1. Generate all principal romanization variants of the name from its origin script
2. Identify all recorded aliases, maiden names, transliteration variants, and known name changes in sanctions and PEP databases
3. Run screening for all variants against: OFAC, EU, UN, HMT, and [list additional lists]
4. For each potential match: provide full sanction entry details, match confidence score, and distinguishing factors

Output: Per-individual screening summary with all variants tested, all matches found (with confidence), and recommended disposition

Prompt 3: PEP Network Mapping

Map the PEP network connections for the following corporate entity and its key principals.

Entity: [name and jurisdiction]
Key principals to analyze:
- Directors: [list names and nationalities]
- Significant shareholders (above [X]%): [list names and nationalities]
- Senior management: [CEO, CFO, General Counsel — list names and nationalities]

PEP analysis required:
1. Direct PEP status for each named individual — qualifying role, country, and period in office
2. PEP+1 connections: family members of each individual who hold or have held qualifying public positions
3. PEP+2 connections: known close business associates who are PEPs
4. SOE connections: any named individuals who are directors or executives of state-owned enterprises in jurisdictions where SOE affiliation constitutes PEP status
5. Historical PEP status: individuals who held qualifying positions within the past 3 years

Output: PEP network map + per-individual PEP profile with classification, risk rating, and applicable enhanced due diligence requirements

Prompt 4: Sanctions Monitoring Alert Report

Generate a sanctions monitoring alert report for the following portfolio of monitored entities.

Portfolio entities: [list all entity and individual names under monitoring]
Last screening date: [date]
Screening scope: [sanctions only / sanctions + PEP / full]

Report requirements:
1. Identify any new designations issued since [last screening date] that match any entity or individual in the portfolio
2. For each new potential match: provide the designation details, issuing authority, effective date, and confidence level
3. Flag any portfolio entity where a director, shareholder, or key counterparty has been newly designated
4. Summarize list updates (new additions, modifications, removals) relevant to the portfolio's jurisdictional exposure
5. Recommend required actions for any new confirmed matches (transaction suspension, regulatory notification, legal counsel engagement)

Output: Alert summary table + narrative report of material changes + recommended actions with urgency ratings

Prompt 5: Negative Screening Certification Memo

Prepare a negative screening certification memo for the following entity.

Entity name: [full legal name]
Jurisdiction: [country of incorporation]
Purpose: [pre-transaction clearance / annual KYC refresh / regulatory filing]
Screening date: [date]
Individuals screened: [list all directors, shareholders above [X]%, and authorized signatories]

Certification content:
1. Scope of screening: all entities and individuals covered, with roles specified
2. Lists screened: enumerate all lists checked, their versions/publication dates at time of screening
3. Screening methodology: name matching approach, transliteration variants considered, alias resolution performed
4. Results: confirmation of no confirmed matches; disposition of any possible matches reviewed and cleared
5. Limitations: any individuals or entities for whom data was insufficient for complete screening, with explanation

Output: Formal negative screening certification memo in compliance-ready format with analyst attestation fields

4. AI Litigation Record Search & Timeline Builder

Searches court databases, regulatory enforcement portals, and arbitration records across multiple jurisdictions to construct a complete litigation history timeline — identifying material pending claims, prior judgments, and regulatory actions in hours.

Pain Point & How COCO Solves It

The Pain: Incomplete Litigation Discovery Creates Catastrophic Post-Close Surprises

Litigation history is one of the most consequential — and most frequently underestimated — components of due diligence. A pending lawsuit seeking damages equal to 30% of the target's equity value can be discovered only after closing if the due diligence search was limited to one jurisdiction or one court level. Targets routinely fail to voluntarily disclose all material litigation in the data room; they may disclose settled cases but omit pending ones, disclose federal court matters but omit state or provincial court actions, or categorize regulatory proceedings as "administrative" rather than litigation in their disclosure schedules. An analyst relying on the target's self-disclosure without independent verification is, in practice, only finding what the target wants them to find. In contested transactions, that asymmetry is a feature from the seller's perspective.

The geographic fragmentation of court systems compounds the problem enormously. In the United States alone, there are 94 federal judicial districts, 50 state court systems with trial and appellate levels, and numerous specialized courts (bankruptcy courts, tax courts, patent courts, international trade courts). A target with operations across ten states may have pending litigation in any combination of these courts — and no centralized database covers all of them. PACER provides federal court records, but state court access requires jurisdiction-by-jurisdiction queries with inconsistent APIs, search interfaces, and record availability. International targets require navigating court databases in multiple languages and legal systems, many of which have no English-language interface and some of which are not publicly accessible at all.

The consequences of litigation discovery failures are severe and well-documented. Post-close litigation surprises represent one of the most common causes of M&A purchase price adjustment disputes, earn-out conflicts, and indemnification claims. When a hidden regulatory enforcement action comes to light post-close, it may impose remediation costs, business restriction orders, or license suspensions that alter the economics of the deal entirely. Reputational damage from undisclosed prior criminal proceedings against key executives — even resolved proceedings — can affect financing terms, customer retention, and regulatory relationships in ways that are difficult to quantify but material to deal value. Early, comprehensive litigation discovery is not a compliance formality; it is a fundamental risk management function.

How COCO Solves It

Multi-Jurisdiction Court Database Search: COCO executes litigation searches across comprehensive court data sources:
- Queries PACER for all federal district, appellate, and bankruptcy court filings with the target as party (plaintiff, defendant, debtor, or creditor)
- Searches available state court electronic filing systems across all 50 US states, prioritizing states where the target has registered operations
- Accesses international court databases including Companies House disqualification records, UK court service, EU court portals, and commercial legal database aggregators
- Ingests litigation disclosure schedules from the target's data room and cross-validates against independent search results
- Generates a jurisdiction coverage map showing which courts were searchable vs. requiring manual attorney search, with a gap mitigation plan
Regulatory and Administrative Enforcement Search: COCO extends the search beyond traditional courts:
- Queries SEC EDGAR for enforcement actions, Wells Notices, and SEC no-action letter requests involving the target or its executives
- Searches CFTC, FTC, DOJ, EPA, OSHA, and relevant state regulatory agency enforcement databases
- Accesses international regulatory portals: FCA Final Notices, BaFin enforcement actions, MAS regulatory actions, HKMA supervisory actions
- Identifies debarment and suspension entries in SAM.gov and equivalent government contractor exclusion databases
- Extracts administrative tribunal decisions, license revocation proceedings, and professional misconduct findings
Arbitration and Alternative Dispute Resolution Records: COCO identifies non-court dispute records:
- Searches AAA, JAMS, ICC, LCIA, and SIAC arbitration filing databases for proceedings naming the target
- Identifies international arbitration awards under ICSID for targets with government contract exposure
- Reviews commercial contracts provided in the data room for arbitration clauses and identifies any referenced proceedings
- Searches trade association disciplinary proceedings and professional body investigation records
- Cross-references patent dispute databases (IPR proceedings at USPTO PTAB) for technology sector targets
Litigation Timeline Construction and Pattern Analysis: COCO builds a structured, navigable litigation history:
- Constructs a chronological litigation timeline spanning the full history of the entity, with each proceeding plotted by filing date, status changes, and resolution
- Categorizes all proceedings by type (commercial dispute, employment, IP, regulatory enforcement, securities, environmental, criminal), jurisdiction, and current status
- Calculates aggregate exposure: total claimed damages in pending litigation, estimated settlement probabilities based on proceeding stage
- Identifies litigation patterns — repeated disputes with particular counterparty types, clustering of claims in specific business units, serial regulatory inquiries suggesting systemic compliance failures
- Flags proceedings involving key executives personally (as individual defendants) rather than the entity alone
Material Pending Claim Assessment: COCO evaluates the financial significance of identified litigation:
- Estimates financial exposure for each material pending proceeding based on claimed amounts, comparable settlements, and proceeding stage
- Cross-references identified litigation against the target's financial statements to verify litigation reserve adequacy
- Identifies any proceedings that, individually or in aggregate, could exceed material disclosure thresholds under the applicable deal agreement
- Flags any proceedings that may trigger cross-default provisions, change-of-control restrictions, or consent requirements in the target's existing agreements
- Generates a materiality-tiered summary distinguishing critical (deal-blocking), significant (purchase price impact), and background (manageable) proceedings
Litigation Due Diligence Report and Disclosure Schedule Review: COCO delivers structured findings:
- Generates a comprehensive litigation search memorandum with findings organized by jurisdiction, claim type, and materiality
- Compares independent search results against the target's litigation disclosure schedule and flags all discrepancies requiring explanation
- Produces a litigation risk register with each proceeding rated by probability, exposure magnitude, and timeline to resolution
- Drafts a data room request list for documents not yet provided on material proceedings (complaints, answers, expert reports, settlement agreements)
- Summarizes litigation findings in an executive format for investment committee and deal team decision-making

Results & Who Benefits

Measurable Results

Litigation search coverage: AI-assisted search covers 12x more court databases per engagement than typical manual search, reducing missed-proceeding risk
Discovery completeness: Independent litigation search identifies material proceedings undisclosed by targets in 23% of reviewed deals, on average
Search-to-report time: Complete multi-jurisdiction litigation search and risk-tiered report delivered in 1–2 business days vs. 2–4 weeks for attorney-led manual searches
Exposure quantification accuracy: AI-generated exposure estimates for pending proceedings align with eventual outcomes within ±25% in 78% of tracked engagements
Post-close surprise rate: Engagements using AI-assisted litigation discovery show a 67% reduction in material post-close litigation surprises vs. data-room-only review

Who Benefits

Due Diligence Analysts: Conduct independent, comprehensive litigation searches without coordinating multiple law firm referrals and waiting weeks for manual attorney searches
M&A Legal Counsel: Receive a structured litigation search output that accelerates their own legal review and provides an independent basis for disclosure schedule negotiations
Investment Committees and Deal Teams: Make go/no-go decisions with a complete litigation risk picture rather than relying on target-provided disclosures that may be strategically incomplete
Risk and Insurance Teams: Obtain a comprehensive pending litigation register required for representations and warranties insurance underwriting and liability exposure modeling

💡 Practical Prompts

Prompt 1: Comprehensive Litigation Search Request

Conduct a comprehensive litigation history search for the following entity.

Entity name: [full legal name and any prior names]
Jurisdiction of incorporation: [country/state]
Operating jurisdictions: [list states/countries where the entity has or had operations]
Individual principals to search (as personal defendants): [list key executives and directors]
Search scope: [all litigation / commercial disputes only / regulatory proceedings only / criminal proceedings]
Time period: [inception / past 10 years / past 5 years]

Search sources:
1. Federal courts (PACER): all districts where entity appears as party
2. State courts: [list specific states to prioritize]
3. Regulatory agencies: [list relevant regulators: SEC, FTC, DOJ, EPA, OSHA, state attorneys general]
4. International courts: [list jurisdictions if applicable]

Output: Litigation register table (proceeding name / court / filing date / status / claim type / claimed amount / next event) + materiality-tiered summary + comparison against data room disclosure schedule

Prompt 2: Regulatory Enforcement History Search

Search for all regulatory enforcement actions and administrative proceedings involving the following entity and its key executives.

Entity: [name and jurisdiction]
Industry/regulators most relevant: [financial services: SEC/CFTC/OCC; environmental: EPA; healthcare: FDA/OIG; other]
Key executives to include in search: [names and titles]
Time period: [full history / past 10 years]

Search scope:
1. Formal enforcement actions: SEC/CFTC orders, DOJ criminal charges, debarment/exclusion orders
2. Informal actions: Wells Notices, warning letters, consent orders, cease-and-desist
3. License and permit actions: suspensions, revocations, conditions imposed
4. Settlement agreements with regulatory agencies: terms and ongoing compliance obligations
5. International regulatory actions: [list applicable jurisdictions]

For each proceeding found:
- Agency and proceeding type
- Filing/initiation date and current status
- Specific allegations and regulatory violations cited
- Penalties imposed, remediation required, or ongoing obligations
- Whether named executives are subject to individual sanctions (officer/director bars, industry bans)

Output: Regulatory enforcement register + executive risk summary + ongoing compliance obligation tracker

Prompt 3: Litigation Timeline Visualization Request

Build a litigation timeline for the following entity covering its full corporate history.

Entity: [name]
Litigation records to analyze: [paste litigation register or attach documents]
Timeline parameters:
- Start date: [incorporation date / date of earliest known proceeding]
- End date: [current]
- Grouping: [by year / by claim type / by jurisdiction / by business unit]

Timeline analysis required:
1. Plot each proceeding by initiation date, key event dates (summary judgment, trial, settlement), and resolution date
2. Identify clustering: periods of elevated litigation activity and their correlation with corporate events (acquisitions, leadership changes, product launches, regulatory changes)
3. Identify repeat counterparties: parties who have litigated against the entity more than once
4. Identify executive exposure: proceedings where current or former executives are named individually
5. Calculate year-by-year litigation intensity: number of active proceedings and aggregate claimed exposure by year

Output: Narrative timeline analysis + visual timeline chart + litigation intensity graph + repeat counterparty summary

Prompt 4: Disclosure Schedule Litigation Discrepancy Analysis

Compare the following litigation disclosure schedule provided by the target with the results of our independent litigation search.

Target-provided disclosure schedule: [paste or attach]
Independent litigation search results: [paste or attach]

Analysis required:
1. Identify all proceedings in the independent search results that do not appear in the disclosure schedule
2. For each undisclosed proceeding: assess whether the omission is likely deliberate, inadvertent, or the result of a definitional dispute (e.g., regulatory proceedings categorized as "not litigation")
3. Identify any material differences in how proceedings are described — minimized severity, understated claimed amounts, disputed status designations
4. Flag any disclosed proceedings where our independent search found additional documents not referenced in the disclosure (e.g., appeal filings, judgment enforcement actions)
5. Assess overall completeness of the disclosure schedule: what percentage of identified proceedings are disclosed?

Output: Discrepancy register (disclosed vs. found vs. missing) + materiality assessment for each undisclosed proceeding + recommended representations and warranties negotiation points

Prompt 5: Litigation Risk Register for Deal Documentation

Generate a litigation risk register for inclusion in the deal team's due diligence summary.

Entity: [name]
All identified proceedings: [paste complete litigation list from prior search]
Deal structure: [stock acquisition / asset purchase / merger / investment]
Applicable indemnification threshold: [dollar amount or percentage of deal value]

Risk register structure for each proceeding:
1. Proceeding identifier and brief description
2. Current status (pre-trial / trial / appeal / stayed / resolved)
3. Claimed amount or regulatory penalty range
4. Probability of adverse outcome (high / medium / low) with basis
5. Estimated financial exposure range if adverse outcome
6. Materiality classification: critical / significant / background
7. Recommended action: deal condition / escrow / indemnification provision / disclosure only / monitor

Output: Formatted litigation risk register table + aggregate exposure summary (best case / expected / worst case) + deal structuring recommendations for critical and significant items

5. AI Business Registration Verification Assistant

Verifies the active legal existence, registration status, authorized business scope, and filing compliance of corporate entities across 80+ jurisdictions — flagging discrepancies, dormant entities, and scope violations within hours.

Pain Point & How COCO Solves It

The Pain: Counterparty Registration Failures Are the Most Common and Most Underestimated Deal Risk

Entity verification — confirming that a counterparty is actually what it claims to be, is legally authorized to conduct the business it purports to conduct, and is in good standing with the registering authority — sounds like a basic compliance step. In practice, it is consistently one of the most error-prone and incompletely executed components of due diligence, particularly in cross-border transactions where different jurisdictions maintain registries in different formats, languages, and with dramatically different update frequencies. A target company may hold an expired business license, operate in a jurisdiction where it has never formally registered, conduct business activities outside its authorized scope, or be legally dormant while still presenting itself as an active operating entity. Each of these conditions carries distinct legal, regulatory, and commercial consequences — and none of them will be obvious from the target's self-description.

The practical difficulties of verification at transaction scale are substantial. A mid-complexity target may have registered presence in a dozen jurisdictions through subsidiaries, branch offices, and special registrations. Each jurisdiction requires a separate query to a different registry system: China's National Enterprise Credit Information Publicity System is structured differently from Germany's Handelsregister, which bears no resemblance to India's MCA21 portal, which operates on a different basis than Brazil's CNPJ system or the UAE's various emirate-level registries. Access requirements vary — some are free and online, others require paid subscription, local agent engagement, notarized requests, or in-person retrieval. Time zones, language barriers, and variable data freshness mean that an analyst completing a multi-jurisdiction verification manually is, in many cases, looking at incomplete data and has no reliable way to know how incomplete it is.

The consequences of failing to verify registration status range from awkward to catastrophic. A counterparty that is operating outside its authorized business scope may be conducting regulated activities without the required license — exposing both itself and the transacting party to regulatory sanction. A dormant entity transacting in a deal may lack legal capacity to enter contracts, transfer assets, or make representations and warranties. An entity struck off the register (as happens automatically in many jurisdictions for failure to file annual returns) may have no authority to execute documents, and contracts signed by a struck-off entity may be voidable. In procurement and supply chain contexts, engaging a supplier that lacks valid registration in its operating jurisdiction creates liability exposure that cannot be transferred through indemnification alone.

How COCO Solves It

Multi-Jurisdiction Business Registry Integration: COCO executes systematic registration verification across global registries:
- Directly queries official business registries in 80+ jurisdictions including China NECIPS, UK Companies House, Germany Handelsregister, France SIRENE, US Secretary of State databases, India MCA21, Japan METI registry, Singapore ACRA, and equivalents across Asia-Pacific and Latin America
- Verifies current registration status: active, suspended, dormant, struck off, dissolved, or under insolvency proceedings
- Retrieves the official registration certificate, articles of incorporation, and most recent annual filing for each entity queried
- Cross-validates registered name against the name used in transaction documents, flagging any discrepancies that may indicate a misidentified entity
- Generates a registry data freshness indicator showing when each registry was last updated and the confidence level of the returned status
Authorized Business Scope and License Verification: COCO verifies that the entity is authorized to conduct the activities it actually conducts:
- Extracts the registered business scope from official filings and compares it against the entity's described operations and revenue activities
- Flags activities that appear to exceed or fall outside the registered scope, particularly in regulated industries (financial services, healthcare, food & beverage, construction, transport)
- Verifies industry-specific licenses and operating permits required in the entity's operating jurisdictions (financial institution licenses, pharmaceutical manufacturing permits, food safety licenses, securities dealer registrations)
- Identifies recent scope amendments or license renewals and checks whether they cover the current scope of business
- Generates a scope compliance matrix showing, for each jurisdiction, whether the entity's actual activities are covered by its registered authorizations
Annual Filing and Compliance Status Check: COCO verifies ongoing regulatory compliance with registry obligations:
- Confirms that annual reports, beneficial ownership filings, and director information updates have been submitted within statutory deadlines
- Flags overdue filings and calculates how long the entity has been in arrears — a key indicator of administrative neglect that correlates with broader governance weakness
- Identifies patterns of chronic late filing that may indicate a poorly managed entity or deliberate compliance avoidance
- Checks whether the entity is on a compliance warning list, under administrative suspension, or subject to automatic dissolution proceedings
- Verifies that registered office addresses, director appointments, and shareholder information on file match the information provided by the target
Registered Agent and Physical Presence Verification: COCO assesses the substantive reality of the entity's corporate presence:
- Verifies that the registered office address is a legitimate business premises rather than a shared registered-agent address
- Flags registered agent addresses that appear on databases of known offshore incorporation service providers, shell company factories, or mass-registered addresses
- Cross-references physical address against available commercial property and business directory data to assess whether the location is consistent with the claimed scale of operations
- Identifies entities whose registered address is in a secrecy jurisdiction while their actual operations are managed from a different jurisdiction — a common tax and regulatory evasion pattern
- Generates a physical substance score for each entity based on address type, employee count, and operational footprint indicators
Historical Registration and Name Change Tracking: COCO reconstructs the entity's identity history:
- Retrieves the full registration history: incorporation date, name changes, registered office changes, and status transitions
- Identifies all prior corporate names under which the entity operated, enabling comprehensive litigation, sanctions, and adverse media searches under historical identities
- Flags suspicious patterns: multiple rapid name changes, conversions between entity types, or re-registrations that may indicate attempts to shed adverse history
- Traces predecessor entities and absorptions from mergers that may have brought historical liabilities into the current entity
- Cross-references historical names and addresses against adverse databases to identify liability-carrying identities not reflected in the current name
Entity Verification Report and Gap Resolution: COCO delivers actionable verification outputs:
- Generates a multi-entity verification report with per-entity status, filing compliance summary, scope verification result, and physical substance assessment
- Produces a gap resolution tracker listing jurisdictions where registry data was unavailable and recommended alternative verification methods (local counsel, notarized request, direct registry contact)
- Drafts a targeted data room request for missing or inconsistent registration documents identified during the verification
- Creates a verification matrix suitable for inclusion in the due diligence closing checklist
- Generates a clean entity certification for entities passing all verification criteria, suitable for inclusion in closing documentation

Results & Who Benefits

Measurable Results

Verification throughput: Multi-entity verification across 80+ jurisdictions completed in under 4 hours vs. 1–2 weeks for manual multi-jurisdiction registry searches
Registration discrepancy detection: AI-assisted verification detects material registration discrepancies (scope violations, expired licenses, struck-off entities) in 19% of target entity populations reviewed
Coverage completeness: Systematic verification covers 100% of identified entities vs. 60–70% typically verified manually under deal timeline pressure
Filing compliance gap identification: Annual filing arrears and compliance warnings identified in 31% of subsidiary populations in multi-jurisdiction deals, representing undisclosed governance risk
Scope violation findings: Business scope violations discovered in 14% of operating entities in cross-border deals, with material regulatory exposure implications

Who Benefits

Due Diligence Analysts: Execute systematic, complete entity verification without navigating dozens of foreign-language registry interfaces or tracking multi-jurisdictional filing deadlines
M&A Legal Counsel: Receive a verified entity register with status, scope, and filing compliance data that supports representations and warranties review and closing condition satisfaction
Compliance and Regulatory Affairs Teams: Confirm that acquired entities hold all required licenses and authorizations before close, avoiding post-close regulatory remediation costs
Procurement and Third-Party Risk Officers: Verify supplier and partner registration status and business scope compliance before contract execution, reducing regulatory and contractual liability

💡 Practical Prompts

Prompt 1: Multi-Entity Registration Verification

Verify the active legal existence and good standing of the following corporate entities.

Entities to verify:
1. [Entity name] | Jurisdiction: [country/state] | Registration number (if known): [number]
2. [Entity name] | Jurisdiction: [country/state] | Registration number (if known): [number]
[Repeat for all entities]

Verification required for each entity:
1. Current registration status: active / suspended / dormant / struck off / dissolved
2. Legal entity type: [limited liability company / joint stock company / branch office / partnership]
3. Date of incorporation and registered address
4. Current directors and significant shareholders as registered (verify against provided data)
5. Annual filing compliance: confirm most recent annual return filed and within statutory deadline
6. Any administrative warnings, suspension notices, or dissolution proceedings in progress

Output: Entity verification table with status, filing compliance, and discrepancy flags + certificates of good standing (where available) + gap resolution tracker for jurisdictions where data was incomplete

Prompt 2: Business Scope and License Compliance Check

Verify that the following entity's registered business scope covers all activities it currently conducts.

Entity: [name and jurisdiction]
Registered business scope (from registry): [paste or attach]
Actual business activities (from data room / management description): [describe]
Industry: [financial services / healthcare / food & beverage / construction / technology / other]
Specific licenses to verify: [financial institution license / pharmaceutical manufacturing permit / food safety license / securities dealer registration / other]

Analysis required:
1. Map each actual business activity against the registered scope — identify any activities not covered
2. Identify all industry-specific licenses required for the described activities in the entity's operating jurisdictions
3. Verify current validity of each required license: active / expired / under renewal / revoked
4. Flag any activities that appear to require regulatory approval not currently held
5. Identify any recent scope amendments or license renewals — assess whether they adequately cover current operations

Output: Scope compliance matrix + license status register + gap analysis with regulatory exposure assessment for each gap

Prompt 3: Historical Name and Identity Reconstruction

Reconstruct the full corporate identity history of the following entity.

Entity: [current legal name and jurisdiction]
Registration number: [if known]
Purpose: [comprehensive adverse history search / litigation history completeness / sanctions screening completeness]

Research required:
1. All prior legal names under which the entity has operated, with dates of each name change
2. Prior registered office addresses and jurisdictions
3. Any conversions between entity types (e.g., partnership to LLC, private to public)
4. Any predecessor entities merged into this entity, with their own historical names
5. Any spin-offs, demergers, or divestments that created separate entities carrying historical liabilities

For each historical identity: run sanctions, PEP, adverse media, and litigation searches under the prior name to identify adverse history that would not surface under the current name.

Output: Corporate identity timeline + historical adverse history summary per prior identity + current entity's inherited liability profile

Prompt 4: Foreign Branch and Operating Entity Registration Audit

Audit the registration compliance of the following entity's foreign branches and operating presence.

Parent entity: [name and home jurisdiction]
Jurisdictions where operations are reported: [list all countries/states with claimed operations]
Employee count and revenue by jurisdiction (if available): [provide]

Verification required for each operating jurisdiction:
1. Confirm the entity has a valid registration, branch license, or operating permit in that jurisdiction
2. Verify that the registration covers the type of activities conducted (e.g., sales vs. manufacturing vs. regulated financial services)
3. Check compliance with local annual filing requirements
4. Flag any jurisdictions where the entity appears to operate without formal registration — identify legal and tax exposure
5. Identify any jurisdictions where operations have been established but registration has lapsed

Output: Foreign presence registration audit table (jurisdiction / registration type / status / coverage / compliance) + unregistered operations exposure summary + remediation priority list

Prompt 5: Entity Verification Gap Resolution Plan

Develop a verification gap resolution plan for the following entities where registry data was unavailable or incomplete.

Entities with verification gaps:
1. [Entity name] | Jurisdiction: [country] | Gap: [registry not publicly accessible / data out of date / language barrier / registration number unknown]
2. [Repeat for each entity with gaps]

For each gap:
1. Identify the closest available alternative verification source (official government contact, commercial database, local counsel, notarized request procedure)
2. Estimate timeline and cost for gap resolution through the recommended method
3. Assess the risk of the unverified gap: what is the worst-case scenario if the entity turns out not to be in good standing?
4. Recommend whether the gap is material enough to require resolution before closing vs. can be addressed post-close with appropriate representations

Output: Gap resolution action plan (entity / gap type / resolution method / timeline / cost estimate / pre-close vs. post-close priority) + escrow or holdback recommendation for material unresolved gaps

6. AI Corporate History Timeline Reconstructor

Reconstructs the complete corporate history of a target entity — mergers, acquisitions, divestitures, restructurings, name changes, and control shifts — from public records, registry data, and news archives, producing a verified chronological narrative.

Pain Point & How COCO Solves It

The Pain: Hidden Corporate History Conceals Inherited Liabilities That Surface After Close

Every corporate entity has a history, and that history carries liabilities: prior litigation, regulatory sanctions, environmental obligations, labor violations, tax disputes, and reputational incidents that may not be visible from the entity's current presentation. In M&A due diligence, one of the most consequential risks is acquiring a target without understanding what corporate events — mergers, acquisitions, spin-offs, restructurings, or control changes — have shaped its current legal and financial profile. A company that was created through a merger with a bankrupt entity may have assumed liabilities from the predecessor. One that was divested from a larger group may carry carve-out obligations or shared service agreements with the former parent. A target that changed its name three times over a decade may have done so to distance itself from regulatory sanctions or litigation history that still attaches to the successor entity as a matter of law.

The challenge for analysts is that this history is rarely presented coherently in the data room. Sellers tend to disclose current structure and recent events while treating the distant past as irrelevant — but legal liability does not have a self-imposed statute of limitations based on how far back the seller wants to look. Merger successor liability, environmental remediation obligations under CERCLA, pension fund obligations from prior corporate entities, and tax liabilities from prior business combinations can all follow an entity forward in time indefinitely. Identifying these requires reconstructing the full corporate history from original sources: registry filings, press announcements, SEC proxy statements, annual reports, and news archives — a labor-intensive exercise that most due diligence processes fail to perform comprehensively.

The fragmentation of historical records adds further difficulty. Corporate events from the 1990s or early 2000s may predate online registry systems and exist only in physical archives or early-format digital records with limited searchability. Name changes may not be automatically surfaced in database searches for the current entity name. Private company transactions — which represent the majority of M&A volume — generate less public documentation than public company deals and require more aggressive investigative research. An analyst building a corporate history manually must integrate information from multiple sources, each with its own format and vocabulary, and must maintain enough historical corporate law knowledge to understand what each event implies for current liability — a demanding task rarely completed to the depth required.

How COCO Solves It

Registry-Based Corporate Event Extraction: COCO mines official filings for corporate history events:
- Retrieves the complete chronological filing history from business registries: incorporation documents, articles amendments, annual returns, director change filings, and dissolution/restoration records
- Extracts merger and acquisition notifications, statutory merger filings, and asset transfer records from registry databases across 70+ jurisdictions
- Identifies name changes, registered address relocations, share capital changes, and entity type conversions from official filing sequences
- Reconstructs predecessor entity identities by tracing merger filings backward to the absorbed entities' independent registry histories
- Generates a registry event timeline that forms the authoritative backbone of the corporate history analysis
Public Records and News Archive Mining: COCO supplements registry data with public document sources:
- Searches SEC EDGAR for historical proxy statements, S-4 merger filings, 8-K material event disclosures, and 10-K business history narratives for US-listed entities
- Mines historical news archives (LexisNexis, Factiva, Bloomberg) for press coverage of corporate transactions, restructurings, and leadership changes
- Accesses Gazette notices, official tender offer announcements, and competition authority merger decisions for publicly documented transactions
- Retrieves historical annual reports from investor relations archives and national filing repositories
- Synthesizes documentary evidence of corporate events that were not reflected in registry filings — particularly private transactions and pre-registration history
Merger Successor Liability Mapping: COCO identifies liabilities inherited through corporate transactions:
- Traces every merger, consolidation, and statutory absorption event to determine which entities' liabilities were assumed
- Identifies asset purchase transactions that may have included explicit liability assumptions or environmental indemnities
- Cross-references absorbed entities' litigation, regulatory action, and environmental compliance records with the target entity's current standing
- Analyzes carve-out transactions for representations and warranties given at time of separation that may still be in force
- Generates a successor liability matrix mapping historical entities to the current target entity and summarizing inherited liability categories
Control and Ownership Change History: COCO reconstructs the history of who owned and controlled the entity:
- Traces majority ownership changes through registry filings, press announcements, and SEC 13D/13G filings for US-listed entities
- Identifies private equity sponsor ownership periods and their dates of entry and exit
- Reconstructs management buyouts, leveraged recapitalizations, and secondary transactions from available public records
- Flags control changes that occurred close in time to significant legal events (regulatory sanctions, litigation initiation, financial distress) as potential indicators of liability-motivated transfers
- Generates a control change timeline with ownership periods, acquiring/divesting parties, and contemporaneous event flags
Financial Restructuring and Insolvency History: COCO surfaces distressed corporate events:
- Searches bankruptcy court databases (PACER, CourtLink) for historical insolvency filings by the entity or any predecessor
- Identifies historical Chapter 11, Chapter 7, administration, or receivership proceedings and their outcomes
- Retrieves historical debt restructuring announcements, covenant waiver events, and credit rating downgrades from news and financial databases
- Flags entities that emerged from bankruptcy with reorganization plans that may carry ongoing obligations (plan distributions, professional fee claims, rejected contract liabilities)
- Summarizes the financial stress history and its implications for current financial health assessment
Corporate History Narrative and Timeline Report: COCO synthesizes findings into a coherent deliverable:
- Generates a narrative corporate history document covering the entity's full lifecycle from incorporation to present
- Produces a visual corporate history timeline with major events plotted chronologically and hyperlinked to source documents
- Creates a predecessor entity register listing all historical corporate identities with their individual risk profiles
- Drafts an inherited liability summary highlighting the most significant historical events with current legal implications
- Produces targeted research questions for management interviews based on gaps or unexplained events in the reconstructed history

Results & Who Benefits

Measurable Results

History reconstruction depth: AI-assisted corporate history reconstruction surfaces events 15–20 years back in a single day vs. 2–3 weeks for manual archival research
Predecessor liability identification: Hidden predecessor liabilities discovered in 28% of corporate history reviews, including environmental, pension, and regulatory categories
Name change discovery rate: Prior corporate names identified that were not disclosed by target in 41% of multi-event history reviews
Research integration speed: AI synthesizes registry, news, and SEC filing data into a coherent timeline 8x faster than manual analyst research across the same sources
Management interview preparation: AI-generated history gaps produce an average of 12 targeted interview questions per engagement that would not have been formulated without prior history reconstruction

Who Benefits

Due Diligence Analysts: Build a complete corporate history without manually researching physical archives, foreign-language filings, and decades-old SEC submissions
M&A Legal Counsel: Identify merger successor liability, carve-out obligations, and predecessor regulatory exposure before making representations and warranties recommendations
Environmental and Specialist Due Diligence Teams: Understand which predecessor entities' operational history may create environmental, pension, or tax liabilities that need specialist investigation
Investment Committee and Portfolio Management Teams: Understand the full legacy context of an acquisition target — not just its current presentation — before committing capital

💡 Practical Prompts

Prompt 1: Full Corporate History Reconstruction

Reconstruct the complete corporate history of the following entity from inception to present.

Entity: [current legal name and jurisdiction]
Registration number: [if known]
Known prior names or predecessor entities: [list or "unknown"]
Purpose: [M&A due diligence / litigation successor liability / regulatory compliance / investment screening]

Research sources to use:
1. Business registry filings: full chronological filing history
2. SEC EDGAR: all filings (proxy statements, 8-K, S-4, 10-K historical sections)
3. News archives: LexisNexis / Factiva / Bloomberg — major corporate events coverage
4. Bankruptcy court databases: any historical insolvency proceedings
5. Competition authority databases: any merger clearance proceedings

Timeline must include:
- Incorporation and initial ownership
- All name changes with dates
- Major acquisitions completed by the entity
- Divestitures and spin-offs
- Control changes (majority ownership transfers)
- Financial restructurings and distress events
- Major regulatory actions contemporaneous with corporate events

Output: Corporate history narrative + visual chronological timeline + predecessor entity register + inherited liability summary

Prompt 2: Merger Successor Liability Analysis

Analyze the successor liability implications of the following historical corporate transactions involving the target entity.

Target entity: [name and jurisdiction]
Historical transactions identified (provide list):
1. [Acquisition of / Merger with]: [entity name] — [approximate date] — [transaction type: merger / asset purchase / stock purchase]
2. [Repeat for each transaction]

For each transaction:
1. Identify the entity type and jurisdiction of the absorbed/acquired entity
2. Determine the transaction structure (statutory merger = full succession; asset purchase = selective succession) and its liability implications under applicable law
3. Search for litigation, regulatory actions, environmental liabilities, and tax disputes involving the predecessor entity at or before the time of acquisition
4. Assess whether any known liabilities were excluded by contract — and whether those exclusions are enforceable against third-party claimants
5. Identify any ongoing obligations created by the acquisition agreement (indemnification provisions, earnouts, environmental remediation commitments)

Output: Per-transaction liability succession analysis + aggregate inherited liability estimate + priority items for specialist review (environmental, tax, ERISA)

Prompt 3: Private Equity Ownership History Research

Research the private equity ownership history of the following entity.

Entity: [name and current ownership]
Known prior PE sponsors (if any): [list or "unknown"]
Time period: [full history / past 15 years]

Research required:
1. Identify all PE sponsor ownership periods: entry date, exit date, fund name, and ownership percentage where available
2. For each PE ownership period: identify significant corporate events (add-on acquisitions, divestitures, dividend recapitalizations, management changes)
3. Identify the leverage profile at each PE entry: was the entity loaded with acquisition debt that may have impaired the business?
4. Surface any investor disputes, LP complaints, or regulatory scrutiny associated with prior ownership periods
5. Identify any representations and warranties given by prior sponsors on exit that are still within the survival period

Output: PE ownership timeline + event summary per ownership period + current liability implications of prior PE ownership

Prompt 4: Corporate Distress and Insolvency History Search

Search for all historical financial distress and insolvency events involving the following entity and its predecessors.

Entity: [current name and jurisdiction]
Predecessor entities (if known): [list]
Time period: [full corporate history]

Search scope:
1. Formal insolvency: Chapter 7/11 (US), administration/liquidation (UK), insolvenzverfahren (Germany), redressement judiciaire (France), equivalent in all operating jurisdictions
2. Near-insolvency events: debt restructurings, covenant defaults, creditor standstills, out-of-court workouts
3. Credit events: payment defaults on public debt (from news and ratings databases)
4. Asset seizures: involuntary asset sales, foreclosures, or receiver-managed divestments
5. Tax authority distress actions: tax liens, tax payment plans, government-supervised restructurings

For each event found:
- Entity involved (current entity or predecessor)
- Nature of distress event and triggering circumstances
- Outcome: successful emergence / liquidation / partial asset sale
- Ongoing obligations arising from resolution (plan distributions, tax settlements, creditor agreements)

Output: Distress history timeline + current liability implications + financial health risk flag summary

Prompt 5: Corporate History Gap Investigation Memo

Generate a gap investigation memo for unexplained periods or events in the following corporate history.

Reconstructed history summary: [paste or attach]
Unexplained gaps or suspicious events identified:
1. [Period with no registry activity: from date to date — entity appears dormant but no formal dormancy filing]
2. [Name change with no disclosed reason: old name / new name / date]
3. [Rapid series of director changes: dates and individuals]
4. [Other unexplained event]

For each gap or suspicious event:
1. Identify what the most plausible benign explanation would be
2. Identify what the most plausible adverse explanation would be (regulatory avoidance, liability shedding, control concealment)
3. Recommend specific investigative steps to resolve ambiguity (management inquiry, specific document request, local counsel research, registry contact)
4. Assess risk level of the unexplained event if it turns out to have an adverse explanation

Output: Structured gap investigation memo with recommended questions for management interview + specific document requests + priority ranking of gaps by adverse risk potential

7. AI Director & Officer Background Check Engine

Runs comprehensive background investigations on directors, officers, and key executives — covering professional history verification, regulatory sanctions, criminal records, litigation exposure, adverse media, and PEP status — across 50+ data sources simultaneously.

Pain Point & How COCO Solves It

The Pain: Undisclosed Executive Misconduct Creates Catastrophic Post-Acquisition Exposure

In any acquisition, the management team is simultaneously the asset and the risk. The executives who built the target's business are the same individuals whose prior conduct, regulatory history, and personal integrity determine whether the company's reported performance is reliable and whether the business can continue under new ownership. Yet background verification of directors and officers is one of the most commonly shortchanged components of due diligence — because it is the most personally uncomfortable to discuss with sellers, the most fragmented in terms of data sources, and the most difficult to execute thoroughly without dedicated research resources. The result is that acquirers regularly close transactions without understanding that a CFO previously falsified financial statements at a prior employer, a CEO is subject to an SEC bar order from a decade ago, or a board director has undisclosed conflicts of interest with a material counterparty.

The data sources required for a thorough executive background check span an enormous range of databases and document types. Professional history requires cross-referencing LinkedIn, corporate filings, academic credential databases, and direct verification with prior employers — a process that takes hours per individual and is subject to deliberate falsification. Regulatory records require searches across the SEC's EDGAR and BrokerCheck, CFTC enforcement database, FINRA, state bar disciplinary records, medical board records, SEC Rule 10(b)(5) litigation history, and international regulatory databases like the FCA Register and HKMA supervision records. Criminal records require jurisdiction-by-jurisdiction searches that are subject to privacy law restrictions in many countries, making complete coverage a legal as well as practical challenge. PEP status and sanctions screening require cross-referencing dozens of global lists under the individual's name, aliases, and name transliterations. Adverse media requires monitoring thousands of news sources across the individual's relevant jurisdictions in multiple languages.

The stakes of an inadequate background check are clear and well-documented. The acquisition of a business whose key executive faces undisclosed securities fraud charges may expose the acquirer to liability as a successor entity. A portfolio company CEO who has been barred from serving as a director of a public company cannot fulfill their role post-close without triggering regulatory violations. An executive team that has collectively defrauded a prior employer is unlikely to manage the acquirer's capital with integrity. Reputational damage from an acquired executive's public scandal can damage the acquirer's customer and investor relationships in ways that are immediate and severe. The cost of a comprehensive AI-assisted background check is a fraction of the cost of a single post-close management misconduct event.

How COCO Solves It

Professional History Verification and Cross-Referencing: COCO constructs and verifies each executive's career timeline:
- Extracts employment history from corporate filings, SEC officer disclosures, proxy statements, and professional social media profiles
- Cross-references stated employment history against corporate registry records, confirming that the individual appears in the relevant company's official filings during claimed periods of employment
- Flags discrepancies between claimed roles and registry filings — title inflation, extended claimed tenures, fabricated employer references
- Verifies claimed educational credentials against institutional databases and professional accreditation registries
- Identifies undisclosed prior employment that surfaces in public records, court documents, or regulatory filings — potentially indicating deliberate history concealment
Regulatory Sanctions and Professional Bar Search: COCO identifies formal regulatory actions against each individual:
- Searches SEC EDGAR and PACER for Rule 10(b)(5) actions, SEC enforcement orders, and injunctions naming the individual
- Queries FINRA BrokerCheck for broker-dealer registration history, customer complaints, arbitration awards, and industry bar orders
- Searches CFTC enforcement database for commodity trading advisor, futures commission merchant, and floor broker enforcement history
- Accesses state bar association disciplinary databases (for attorneys), medical board records (for physician executives), and CPA licensing board disciplinary records
- Searches international regulatory registers: FCA Register (UK), HKMA fit and proper determination records, MAS enforcement actions, BaFin investigations
Criminal Record and Court Proceeding Search: COCO searches for criminal history within legally permissible scope:
- Queries federal criminal court databases via PACER for indictments, guilty pleas, convictions, and sentencing records
- Accesses state court criminal records in all jurisdictions where the individual has resided or conducted business
- Searches international criminal record sources in jurisdictions with accessible databases (UK, Canada, Australia, EU member states with public access)
- Identifies financial crime convictions specifically: fraud, embezzlement, money laundering, insider trading, bribery, and tax evasion
- Flags pending criminal charges that may not yet have resulted in conviction but represent material integrity risk
Adverse Media Intelligence Gathering: COCO systematically mines media coverage for executive misconduct signals:
- Searches 10,000+ global news sources in 40+ languages for coverage of each executive across a 10-year window
- Applies semantic filtering to identify relevant coverage: corporate misconduct, financial irregularities, regulatory investigations, personal scandal, litigation, and professional disputes
- Distinguishes material adverse media from routine coverage using AI significance scoring — not every news mention is a red flag
- Identifies patterns of adverse coverage: executives who appear repeatedly in reporting about financial irregularities at different employers
- Surfaces social media and online forum content that may indicate business conduct issues not covered by formal news archives
PEP Status, Sanctions, and Conflict-of-Interest Assessment: COCO identifies political and compliance risk factors:
- Screens each executive against global PEP databases, classifying direct PEP status and family/associate connections
- Runs sanctions screening across OFAC, EU, UN, and national lists for each individual and known aliases
- Identifies government board appointments, advisory positions, and political party affiliations that may create conflicts in regulated industries
- Cross-references each executive against the target's key customer, supplier, and partner list for undisclosed personal relationships
- Flags state-owned enterprise affiliations that create PEP status or conflict-of-interest implications under applicable jurisdiction rules
Executive Background Investigation Report: COCO delivers structured, actionable findings:
- Produces a per-executive background investigation summary organized by risk category (regulatory / criminal / financial misconduct / PEP/sanctions / adverse media / professional history)
- Generates a risk scorecard for each executive with overall risk rating (low / medium / high / critical) and supporting evidence
- Drafts a targeted reference and interview question set for each executive based on gaps or adverse findings
- Creates a retention risk assessment: executives with significant adverse history who may depart or face removal post-close
- Summarizes aggregate management team integrity risk in an executive format for investment committee presentation

Results & Who Benefits

Measurable Results

Background check throughput: Full background investigation across 10 executives completed in under 8 hours vs. 2–4 weeks for manual multi-source research
Undisclosed adverse finding rate: Material adverse findings not disclosed by subjects detected in 31% of executive populations in completed deals
Regulatory bar identification: SEC, FINRA, or state-level professional bar orders identified for executives who were unaware of or failed to disclose them in 18% of PE portfolio deals reviewed
Source coverage: AI-assisted background research covers 40+ data sources simultaneously vs. an average of 6–8 sources in typical manual processes
Post-close management misconduct incidents: Deals with AI-assisted executive background checks show 52% fewer material management misconduct events in the 24 months post-close

Who Benefits

Due Diligence Analysts: Conduct comprehensive executive background investigations without manually navigating 40+ separate databases, language barriers, and jurisdiction-specific access requirements
Private Equity and Investment Teams: Make key personnel retention decisions and compensation negotiations with a complete picture of each executive's professional integrity and regulatory history
Boards of Directors and Audit Committees: Fulfill fiduciary duties for director appointment and executive hiring with documented, comprehensive background investigation support
Representations and Warranties Insurance Underwriters: Assess management team integrity risk with systematic, documented background investigation findings that inform coverage terms and exclusions

💡 Practical Prompts

Prompt 1: Executive Background Investigation Request

Conduct a comprehensive background investigation for the following executive.

Individual: [full name]
Title and company: [current role and entity]
Nationality and date of birth (if available): [details]
Prior employers (known): [list]
Purpose: [M&A due diligence / board appointment / PE investment / KYC / employment screening]

Investigation scope:
1. Professional history: verify all claimed employment periods, titles, and responsibilities against public records
2. Regulatory history: search SEC, FINRA, CFTC, state regulators, and international equivalents for enforcement actions, bar orders, and disciplinary proceedings
3. Criminal history: federal and state court records, financial crime focus; international records where accessible
4. Litigation: all civil proceedings naming the individual as a party in any capacity
5. PEP and sanctions: full screening against global lists with alias and transliteration variants
6. Adverse media: global news coverage past 10 years — financial misconduct, corporate governance issues, personal scandal

Output: Per-category findings summary + overall risk rating + recommended follow-up actions for any medium-risk or above findings

Prompt 2: Management Team Collective Integrity Assessment

Conduct a collective integrity assessment for the following management team.

Entity: [company name]
Management team members:
1. [Name] | [Title] | [Nationality]
2. [Name] | [Title] | [Nationality]
[List all directors and senior officers]

Assessment required:
1. Individual risk profiles: summarize adverse findings for each individual
2. Collective pattern analysis: identify any themes across the team (multiple individuals from the same prior employer with adverse history, cluster of regulatory sanctions, pattern of repeat business failures)
3. Conflict of interest mapping: identify any relationships between team members and the target's key counterparties (customers, suppliers, lenders)
4. Undisclosed related-party relationships: cross-reference executives against the entity's supplier and customer database for personal connections
5. Collective PEP/sanctions status: any team member with PEP exposure or sanctions risk

Output: Management team integrity summary table + collective risk narrative + specific interview questions for each individual based on adverse findings

Prompt 3: Regulatory Bar and License Status Verification

Verify the regulatory standing and license status of the following individuals in their relevant professional capacities.

Individuals to verify:
1. [Name] | Role: [CFO / securities dealer / broker / attorney / CPA / physician / other licensed professional]
2. [Repeat for each licensed professional]

Verification required for each individual:
1. Confirm they hold (or held) the licenses or registrations claimed in their biography
2. Check for any disciplinary actions, suspensions, or revocations of professional licenses
3. Verify with FINRA BrokerCheck, SEC IAPD, state bar records, CPA licensing boards, or other applicable registries
4. Identify any industry bar orders preventing them from serving in a financial or regulated capacity
5. Check international equivalents if the individual has worked in regulated roles outside the US

Output: License status register per individual + any bar or disciplinary findings + fitness and propriety assessment for each individual's proposed post-close role

Prompt 4: Adverse Media Deep Dive — Financial Misconduct Focus

Conduct an adverse media search with financial misconduct focus for the following individual.

Individual: [full name, nationality, approximate age or birth year]
Known prior employers: [list]
Jurisdictions of primary activity: [list]
Search period: [past 10 years / past 15 years / full career]

Search priorities:
1. Financial fraud: misrepresentation of financial results, accounting irregularities, securities violations
2. Corporate misconduct: executive misconduct at prior employers — departures under investigation, whistleblower complaints, shareholder litigation
3. Regulatory inquiries: named in regulatory investigations, subpoena recipients, cooperation agreements
4. Personal financial distress: personal bankruptcy, large civil judgments, unpaid tax liens
5. Reputational events: serious personal misconduct that would affect fitness for executive role

For each adverse finding:
- Source, date, and publication
- Nature of allegation vs. confirmed finding
- Resolution status (pending / settled / acquitted / convicted)
- Significance rating for the proposed role

Output: Adverse media report organized by risk category + significance-rated findings + recommended management interview approach for each adverse item

Prompt 5: Post-Acquisition Key Person Retention Risk Assessment

Assess the retention risk for the following key executives post-acquisition.

Transaction: [acquisition / merger / investment]
Acquirer: [name and industry]
Key executives to assess:
1. [Name] | [Title] | [Tenure at target] | [Compensation structure: base/bonus/equity]
2. [Repeat for each key person]

Assessment required:
1. Adverse findings from background investigation: identify any findings that may cause the executive to resign, be removed, or become unable to serve post-close
2. Regulatory fitness: confirm the executive is legally able to hold their proposed post-close role under applicable regulatory requirements
3. Change-of-control sensitivities: review employment agreements for change-of-control provisions, golden parachutes, and non-compete terms
4. Competitor approaches: identify any pattern of outreach or prior employment discussions with competitors
5. Motivation factors: assess whether the executive's background and history suggest they are likely to remain engaged under new ownership

Output: Per-executive retention risk rating + regulatory fitness confirmation + key contract terms affecting retention + recommended retention strategy for each individual

8. AI IP Portfolio Integrity Analyzer

Analyzes the integrity, ownership chain, and encumbrance status of a target's intellectual property portfolio — patents, trademarks, trade secrets, and software licenses — identifying gaps, disputes, and freedom-to-operate risks before deal close.

Pain Point & How COCO Solves It

The Pain: IP Portfolio Defects Silently Destroy Deal Value and Create Post-Close Liability

Intellectual property is frequently the primary value driver in technology, pharmaceutical, consumer brand, and media acquisitions — yet IP due diligence is among the most technically demanding and commonly incomplete components of deal review. The problem begins with the IP register: a company's stated IP portfolio is rarely perfectly aligned with what it actually owns. Patents may have lapsed for failure to pay maintenance fees. Trademarks may have been abandoned in key markets. Software licenses critical to the product stack may be held in the wrong entity's name, preventing lawful assignment on closing. Core code may incorporate open-source components with copyleft licenses (GPL, AGPL) that, if not properly managed, impose obligations to disclose proprietary source code — a catastrophic risk for any software-based acquisition. An acquirer who fails to identify these defects before closing inherits them in full.

The ownership chain problem is particularly severe in acquisitions involving technology companies that have grown through their own acquisitions, R&D partnerships, or work-for-hire arrangements. Software developed by contractors may lack proper assignment agreements, leaving copyrights with individual developers rather than the company. Patents co-invented with university researchers may be subject to university licensing rights or government rights under the Bayh-Dole Act. Trade secrets allegedly belonging to the company may actually have been developed on prior employer time or using prior employer resources — exposing the target to theft-of-trade-secret claims from former employers that survive acquisition. In each case, the defect is contractual rather than technical, requiring a document-intensive review that most due diligence processes complete only superficially.

Freedom-to-operate risk — the question of whether the target's products infringe third-party intellectual property — adds another dimension of complexity. A company may hold an excellent patent portfolio while simultaneously having products that infringe a competitor's patents, facing patent troll claims, or using open-source software in ways that create licensing obligations. Patent litigation is expensive, unpredictable, and can result in injunctive relief that prevents the acquirer from selling the acquired product line entirely. In pharmaceutical acquisitions, Freedom-to-Operate analysis for each compound or device is a standard component of the diligence process; in technology M&A, it is frequently skipped or understaffed. The resulting exposure can exceed the acquisition price.

How COCO Solves It

IP Portfolio Inventory Reconciliation and Verification: COCO builds and validates a complete IP asset register:
- Cross-references the target's IP schedule against USPTO, EPO, WIPO, and national patent office databases to verify grant status, filing dates, and maintenance fee payment history
- Checks trademark registrations in all claimed markets against national and regional trademark offices (USPTO, EUIPO, CNIPA, and 80+ national offices)
- Verifies copyright registrations in jurisdictions with registration systems (US Copyright Office) and flags unregistered works with significant commercial value
- Reconciles domain name registrations and social media handle ownership against IP ownership claims
- Generates a per-asset IP register with grant status, expiration dates, maintenance fee payment dates, and any lapse or abandonment flags
IP Ownership Chain and Assignment Analysis: COCO traces title to each IP asset:
- Reviews inventor assignment agreements, work-for-hire contracts, and employment IP assignment clauses for each patent in the portfolio
- Identifies patents with multiple inventors and confirms that all co-inventors have executed valid assignment agreements
- Traces prior assignment history for acquired IP assets to confirm clean chain of title without breaks or contested transfers
- Flags IP assets developed under US government funding (NSF, NIH, DARPA grants) that may be subject to march-in rights under the Bayh-Dole Act
- Reviews university licensing agreements for IP developed in academic partnerships — identifying sublicensing restrictions, royalty obligations, and field-of-use limitations
Open Source Software License Compliance Analysis: COCO audits software IP for license compliance risks:
- Analyzes code base documentation, software bills of materials, and open-source component lists for copyleft license exposure (GPL v2/v3, AGPL, LGPL, MPL)
- Identifies any GPL-licensed components incorporated into commercial proprietary software that may require source code disclosure obligations
- Reviews software license agreements for field-of-use restrictions, sublicensing prohibitions, and assignment restrictions that would prevent transfer on closing
- Identifies any open-source contributions made by the company's engineers that may have inadvertently disclosed proprietary code
- Generates a software license compliance matrix rating each component's license type, obligation category, and assignment risk
IP Encumbrance and Security Interest Search: COCO identifies IP that has been pledged or encumbered:
- Searches UCC filings and equivalent security interest registers for IP assets pledged as collateral in financing arrangements
- Identifies any registered IP licenses that grant third parties rights that would survive a change of control
- Reviews identified security interests against the proposed deal structure — asset purchase vs. equity purchase — to determine whether releases or consents are required
- Flags any IP assets subject to governmental compulsory licensing in regulated sectors (pharmaceutical patents, standard-essential patents with FRAND commitments)
- Identifies any IP rights subject to co-ownership agreements that require co-owner consent for assignment or licensing
IP Dispute and Infringement Risk Assessment: COCO surfaces IP conflict exposure:
- Searches Patent Trial and Appeal Board (PTAB) for Inter Partes Review (IPR) and Post-Grant Review petitions challenging the target's patents
- Identifies active patent infringement litigation involving the target (as plaintiff or defendant) from court databases and dockets
- Reviews cease-and-desist correspondence and license demand letters referenced in the data room or identified through external search
- Screens the target's key products against known patent assertion entity (PAE) assertion campaigns in relevant technology areas
- Flags standard-essential patent (SEP) exposure requiring FRAND license negotiations that may affect product margins
IP Due Diligence Summary and Post-Close Risk Register: COCO delivers structured IP findings:
- Generates a comprehensive IP due diligence report organized by asset category (patents / trademarks / copyrights / trade secrets / software / domains)
- Produces an IP risk register rating each identified issue by severity (deal-blocking / purchase price impact / remediation required / monitor)
- Drafts a data room request for assignment agreements, maintenance records, and license documentation not yet provided
- Creates a post-close IP remediation roadmap for issues that cannot be resolved before closing (e.g., retroactive assignment execution, FRAND negotiation initiation)
- Summarizes the net IP value assessment — positive portfolio strength vs. deductions for disputes, encumbrances, and freedom-to-operate risks

Results & Who Benefits

Measurable Results

IP portfolio discrepancy rate: AI-assisted verification identifies material discrepancies between stated IP portfolios and registry records in 44% of technology deal IP reviews
Open-source compliance risk discovery: GPL and copyleft exposure identified in 67% of software product acquisitions reviewed, compared to 30% detected through manual code review alone
Patent maintenance gap identification: Lapsed or abandoned patents not disclosed by targets discovered in 22% of patent portfolio reviews
Ownership chain defect rate: Missing inventor assignments or chain-of-title breaks found in 35% of patent portfolios reviewed in early-stage technology company acquisitions
IP review timeline: Comprehensive IP integrity review for a 200-patent portfolio completed in 2–3 business days vs. 3–5 weeks for attorney-led manual review

Who Benefits

Due Diligence Analysts: Complete the initial IP inventory, registry verification, and ownership chain review without requiring specialized patent law expertise for the data gathering phase
IP Counsel and Patent Attorneys: Receive a pre-structured IP registry analysis and ownership chain summary that allows them to focus legal review on substantive issues rather than data assembly
Technology M&A Teams: Identify IP portfolio risks early in the process — before final pricing — ensuring deal economics reflect actual IP value rather than the target's optimistic representation
Post-Merger Integration Teams: Obtain a complete IP remediation roadmap pre-close, enabling immediate action on assignment gaps and license transfers at closing rather than discovering them months later

💡 Practical Prompts

Prompt 1: IP Portfolio Registry Verification

Verify the registration status and ownership of the following intellectual property portfolio.

Entity: [company name]
IP assets to verify (provide list):
Patents:
1. [Patent number] | [Title] | [Jurisdiction] | [Grant date]
2. [Repeat]

Trademarks:
1. [Registration number] | [Mark] | [Jurisdiction(s)] | [Classes]
2. [Repeat]

Verification required for each asset:
1. Current status: granted/registered / pending / lapsed / abandoned / expired
2. Registered owner: confirm matches the target entity (or identified predecessor with valid assignment)
3. Maintenance fee status: confirm all annuities and maintenance fees paid and up to date
4. Encumbrances: any security interests, licenses, or co-ownership arrangements recorded against the asset
5. Active disputes: any IPR petitions, oppositions, cancellations, or infringement proceedings

Output: IP registry verification table + lapse/encumbrance flags + priority issues requiring immediate remediation

Prompt 2: Software Open-Source License Compliance Audit

Audit the following software product's open-source component usage for license compliance risks.

Product: [product name]
Available documentation: [software bill of materials / dependency list / code repository access / license file inventory — attach or describe]
License risk focus: [copyleft (GPL/AGPL) / patent grant risk / attribution requirements / all]

Analysis required:
1. Identify all open-source components and their license types
2. Flag any copyleft (GPL v2, GPL v3, AGPL, LGPL, MPL) components incorporated into proprietary code — assess whether the incorporation method triggers source disclosure obligations
3. Identify any components with patent grant revocation clauses that could be triggered by patent litigation
4. Flag any license incompatibilities between components (e.g., GPL v2-only components combined with GPL v3 code)
5. Assess assignment risk: can licenses be assigned to an acquirer, or do any licenses terminate on change of control?

Output: Open-source license compliance matrix (component / license type / risk category / obligation) + high-risk component summary + recommended remediation (replace / segregate / obtain commercial license / execute relicensing)

Prompt 3: IP Ownership Chain Verification

Verify the chain of title for the following intellectual property assets.

Assets to verify:
1. [Patent/trademark/copyright identifier] — [Current registered owner] — [Prior owners if known]
2. [Repeat]

Documents available for review: [inventor assignment agreements / work-for-hire contracts / acquisition agreements with IP schedules — attach or paste relevant sections]

Verification required:
1. Confirm all inventors/creators have executed valid assignment agreements to the registered owner
2. Trace prior assignment history for acquired IP — confirm no gaps in chain of title
3. Flag any co-invented assets where not all co-inventors' assignments are on file
4. Identify any IP developed under government grants (NIH, NSF, DARPA, equivalent) — Bayh-Dole march-in rights status
5. For university-licensed IP: identify royalty obligations, sublicensing restrictions, and field-of-use limitations that survive acquisition

Output: Chain-of-title assessment per asset + ownership defect register + recommended remediation actions (retroactive assignment / license amendment / government rights assessment)

Prompt 4: Patent Dispute and Freedom-to-Operate Screening

Conduct a patent dispute and freedom-to-operate screening for the following entity and its products.

Entity: [name]
Key products: [list products with brief description of functionality/technology]
Technology areas: [list relevant technology classifications: CPC/IPC codes or descriptive areas]

Search required:
1. Active patent infringement litigation: cases where the target is a defendant, including assertions by NPEs/PAEs
2. PTAB proceedings: IPR, PGR, or CBM petitions challenging the target's patents
3. Standard-essential patent exposure: identify any technologies in the product stack covered by declared SEPs with FRAND licensing obligations
4. Known PAE campaign exposure: identify any patent assertion entities active in the target's technology area that have asserted patents against similar products
5. Recent licensing demands: any cease-and-desist letters or license demand correspondence in the data room referencing the listed products

Output: Freedom-to-operate risk summary + active dispute register + SEP exposure assessment + recommended specialist patent counsel review scope

Prompt 5: IP Post-Close Remediation Roadmap

Generate a post-close IP remediation roadmap based on the following due diligence findings.

IP due diligence findings: [paste or attach findings summary]
Transaction structure: [stock purchase / asset purchase / merger]
Closing date: [date or approximate timeline]

Roadmap structure:
1. Pre-close critical actions: issues that must be resolved before closing (e.g., security interest releases, missing assignments that must be executed, regulatory approvals for IP transfer)
2. Day-1 to 30-day post-close: immediate actions required for license transfers, domain transfers, trademark assignments, and database access
3. 30–90 day post-close: assignment filings with patent and trademark offices, open-source compliance remediation, inventor assignment execution
4. 90-day to 1-year: FRAND negotiation initiation, government rights confirmation, long-term portfolio rationalization

For each action: assign responsibility (legal / technical / business), identify required external resources (patent counsel / copyright attorney / IP administrator), and note any regulatory or counterparty dependencies.

Output: Structured remediation roadmap with timeline, owners, and dependencies + critical path analysis + cost estimate for remediation activities

9. AI Tax Compliance Gap Detector

Analyzes the target entity's tax filing history, transfer pricing documentation, and cross-border tax positions across multiple jurisdictions — identifying filing gaps, undisclosed liabilities, and aggressive tax positions that create post-acquisition exposure.

Pain Point & How COCO Solves It

The Pain: Hidden Tax Liabilities Are the Single Largest Source of Post-Close M&A Indemnification Claims

Tax due diligence is universally recognized as a critical component of M&A, yet the depth of tax review in most transactions falls far short of what is required to identify the full spectrum of tax risk. The reason is straightforward: comprehensive tax due diligence requires the simultaneous application of tax law expertise, financial modeling capability, and investigative research — across multiple jurisdictions, tax types, and regulatory environments — within a deal timeline that rarely allows for systematic analysis. The typical tax review focuses on the most visible risks: historical income tax filings, obvious transfer pricing arrangements, and known tax disputes. What it routinely misses are the systemic compliance gaps that exist beneath the surface: withholding taxes on intercompany payments that were never remitted, VAT/GST registrations in jurisdictions where the business has a taxable presence but never registered, employment tax irregularities, and tax positions that were taken aggressively on the assumption that they would never be examined.

Transfer pricing represents perhaps the most significant and consistently underestimated tax risk in cross-border acquisitions. Most multinationals have intercompany transactions — loans, royalty payments, management fees, cost-sharing arrangements — that must be priced at arm's length under OECD guidelines and bilateral tax treaty requirements. The documentation requirements are extensive: contemporaneous transfer pricing studies, intercompany agreements, functional analyses, and benchmarking analyses are required in virtually every major jurisdiction. Yet in practice, many private equity–backed companies and founder-led businesses have intercompany transactions that were never properly documented, priced based on internal convenience rather than arm's-length standards, or structured to take advantage of low-tax jurisdictions in ways that are now under active challenge by taxing authorities following BEPS implementation. An acquirer who purchases a target without understanding these positions inherits both the underpaid tax and the penalties for failure to document.

The tax landscape has become dramatically more complex and adversarial in the post-BEPS environment. Country-by-Country Reporting requirements, mandatory disclosure rules (DAC6 in the EU, similar regimes in Canada, Australia, and others), the OECD Pillar Two global minimum tax, and the proliferation of digital services taxes create new compliance obligations that many targets have not fully addressed. An acquisition of a company operating across multiple jurisdictions now requires analysis of whether the target is compliant with a matrix of overlapping, sometimes conflicting, tax reporting obligations. A target that is non-compliant with mandatory disclosure requirements may face penalties that are automatic rather than discretionary, and in some jurisdictions, mandatory disclosure non-compliance can result in loss of tax treaty benefits — fundamentally altering the economics of the deal structure.

How COCO Solves It

Multi-Jurisdiction Tax Filing Compliance Verification: COCO systematically maps and checks filing compliance:
- Reconstructs the expected tax filing calendar for each jurisdiction where the target has a legal entity or taxable presence — income tax, VAT/GST, payroll tax, withholding tax, local business tax
- Identifies all jurisdictions where the target has likely created a taxable presence (permanent establishment) through employee location, server hosting, or sales activity, even without a registered entity
- Cross-references filed tax returns (from data room) against the expected filing calendar to identify missing or late-filed returns
- Checks statutory filing deadlines in each jurisdiction against filed return dates, calculating exposure for late-filing penalties
- Generates a tax compliance calendar gap matrix showing every jurisdiction, tax type, and filing status for the review period
Transfer Pricing Position Analysis: COCO analyzes intercompany pricing for documentation and substantive risk:
- Maps all intercompany transactions from financial statements — loans, royalty streams, management fee charges, cost-sharing contributions, and inventory transfers between related entities
- Verifies that contemporaneous transfer pricing documentation (master file, local file per BEPS Action 13 standards) exists for all material intercompany transactions
- Assesses the disclosed pricing methodology against OECD arm's-length standards: comparable uncontrolled price, resale price, cost-plus, TNMM, and profit split methods
- Flags transactions where the pricing method adopted is inconsistent with the functional and risk profile described in the target's own documentation
- Identifies jurisdictions that have received Country-by-Country Reports and assesses whether reported profit allocation patterns are consistent with the economic substance described
Tax Dispute and Audit History Review: COCO surfaces disclosed and undisclosed tax conflicts:
- Extracts all disclosed tax audit adjustments, deficiency notices, and dispute resolutions from the data room and reconciles against financial statement reserves
- Identifies any open tax years under audit and the jurisdictions conducting the examination — flagging years where the statute of limitations has been extended through audit tolling
- Cross-references disclosed tax reserves against the size of identified exposure positions, flagging potential under-reserving
- Searches publicly available tax court decisions and administrative tribunal records for proceedings involving the target entity
- Assesses whether any resolved audit adjustments are indicative of systemic rather than isolated compliance failures
Aggressive Tax Position and Substance-Over-Form Risk: COCO identifies positions at elevated examination risk:
- Analyzes transaction structures for tax planning arrangements common to current regulatory focus: hybrid instruments, branch structures, IP migration transactions, principal structures, and commissionaire arrangements
- Flags any tax positions that rely on treaty shopping or conduit arrangements being challenged by revenue authorities under OECD BEPS Action 6
- Identifies jurisdictions where the target's entities lack genuine economic substance relative to their claimed tax benefits — a key examination trigger under BEPS and EU ATAD
- Reviews mandatory disclosure filings (DAC6, hallmark analysis) and identifies any undisclosed reportable arrangements
- Estimates the range of potential reassessment exposure for each identified aggressive position
Tax Attribute Preservation Analysis: COCO assesses whether deal structure preserves tax benefits:
- Identifies net operating loss carryforwards, tax credit carryforwards, and capital loss carryforwards in the target's tax attributes
- Analyzes whether the proposed transaction structure triggers ownership change limitations on NOL utilization (IRC Section 382 for US targets, equivalent rules in other jurisdictions)
- Assesses whether accelerated depreciation claims and investment tax credits remain intact post-transaction under the proposed deal structure
- Reviews tax consolidation group membership and identifies any exit charges, clawback obligations, or deferred tax adjustments triggered by leaving the consolidated group
- Models the after-tax value of identified tax attributes under the proposed deal structure vs. alternative structures
Tax Due Diligence Report and Liability Quantification: COCO delivers structured, actionable tax findings:
- Generates a jurisdiction-by-jurisdiction tax compliance summary showing filing status, open audit years, and known disputes for each entity
- Produces a quantified tax risk register listing each identified exposure, probability of challenge, estimated liability range, and applicable penalty amounts
- Drafts deal structure recommendations — representations and warranties requirements, escrow holdbacks, tax indemnification provisions — tailored to identified risks
- Creates a post-close tax remediation plan for filing gaps, documentation deficiencies, and voluntary disclosure opportunities
- Summarizes tax findings in an executive format showing aggregate best-case, expected, and worst-case tax exposure

Results & Who Benefits

Measurable Results

Filing gap identification: Systematic compliance calendar analysis identifies tax filing gaps in 37% of multi-jurisdiction target reviews that were not disclosed in the data room
Transfer pricing documentation deficiency rate: Missing or inadequate contemporaneous TP documentation found in 58% of private company acquisitions reviewed — representing substantial penalty exposure
Undisclosed tax reserve inadequacy: AI analysis identifies tax exposure materially exceeding disclosed reserves in 24% of deals, with an average exposure gap of $2.3M per transaction
Tax attribute preservation modeling: Alternative deal structures identified through AI tax attribute analysis save an average of $1.8M in NOL value per transaction vs. default structure selection
Tax review timeline: Complete multi-jurisdiction tax compliance review completed in 3–5 business days vs. 4–8 weeks for traditional tax advisor manual review

Who Benefits

Due Diligence Analysts: Conduct an initial, comprehensive tax compliance and risk-mapping review without requiring tax law expertise — producing a structured findings set that tax counsel can immediately act on
Tax Advisors and Big Four Tax Teams: Receive a pre-built compliance gap matrix and filing calendar analysis that eliminates the most time-consuming data assembly phase of their review
M&A Deal Teams and CFOs: Understand aggregate tax exposure and its impact on deal economics — including purchase price adjustment and escrow holdback sizing — before finalizing deal terms
Representations and Warranties Insurance Underwriters: Assess the completeness of tax due diligence and the magnitude of identified tax exposure when evaluating coverage scope and tax-related exclusions

💡 Practical Prompts

Prompt 1: Tax Compliance Calendar Gap Analysis

Analyze the tax filing compliance of the following entity across all relevant jurisdictions.

Entity: [name]
Legal entities in scope: [list all subsidiaries and branches]
Financial years under review: [specify period, e.g., 2019–2024]
Tax returns provided in data room: [list filings available, or "see attached index"]

Analysis required for each entity and jurisdiction:
1. Identify all tax types requiring filing: corporate income tax, VAT/GST, payroll/employment tax, withholding tax, local business tax, annual information returns
2. Determine statutory filing deadlines for each tax type in each jurisdiction
3. Compare filed returns (from data room) against required filings — identify any gaps (missing returns, late filings)
4. Calculate penalty exposure for each identified filing gap under local tax law
5. Flag any open audit years or extended statute-of-limitations periods

Output: Tax compliance calendar matrix (entity / jurisdiction / tax type / required filing / filed / gap / penalty estimate) + priority gap summary

Prompt 2: Transfer Pricing Risk Assessment

Analyze the transfer pricing positions and documentation for the following intercompany transactions.

Entity group: [parent and subsidiary names]
Intercompany transactions identified:
1. Transaction type: [royalty / management fee / intercompany loan / cost sharing / goods transfer]
   Parties: [entity A to entity B]
   Annual value: [$amount]
   Pricing method used: [stated in TP documentation or "undocumented"]
2. [Repeat for each transaction]

Assessment required:
1. Confirm that contemporaneous TP documentation (master file + local file) exists for each transaction
2. Assess whether the pricing method adopted is appropriate for the functional and risk profile of each transaction
3. Evaluate whether the arm's-length price range documented is defensible under current OECD Guidelines and local country rules
4. Identify transactions with no documentation — estimate exposure including primary adjustment, corresponding adjustment, and penalties
5. Assess Country-by-Country Report consistency: does profit allocation in the CbCR align with the claimed economic substance in each jurisdiction?

Output: Per-transaction TP risk assessment + documentation adequacy rating + quantified exposure estimate + recommended pre-close remediation steps

Prompt 3: Tax Dispute and Reserve Adequacy Review

Review the adequacy of the target's tax reserves in light of identified disputes and open tax positions.

Entity: [name]
Tax disputes disclosed: [list from disclosure schedule or data room]
Open audit years by jurisdiction: [list]
Current tax reserve per financial statements: [$amount]
Uncertain tax position disclosures in financial statements: [paste relevant notes]

Analysis required:
1. For each disclosed dispute: assess probability of adverse outcome, estimated liability range, and whether current reserve appears adequate
2. Identify any open audit years with elevated examination risk (recent adjustments, industry-wide initiatives, aggressive positions identified in our review)
3. Assess whether any undisclosed positions identified in our review represent unrecorded contingent liabilities
4. Compare aggregate identified tax exposure (all categories) against total reserve — identify any shortfall
5. Recommend reserve adjustment and deal documentation (indemnification, escrow) implications

Output: Tax reserve adequacy assessment + exposure-to-reserve gap analysis + deal documentation recommendations

Prompt 4: BEPS and International Tax Structure Analysis

Analyze the following corporate group's international tax structure for BEPS compliance risks.

Group structure: [describe or attach org chart]
Key jurisdictions: [list all operating and holding entity jurisdictions]
Identified tax planning features:
- IP holding structure: [describe, e.g., IP held in [jurisdiction] licensed to operating entities]
- Financing structure: [describe intercompany loans or treasury arrangements]
- Operating model: [principal structure / full-risk distributor / commissionaire]

BEPS analysis required:
1. Economic substance: do entities in low-tax jurisdictions have genuine employees, management, and assets proportionate to claimed profits?
2. Treaty shopping: does the holding structure rely on treaty access that would be denied under MLI principal purpose test or LOB clauses?
3. Hybrid mismatches: any instruments or entities treated differently across jurisdictions — creating double deductions or deduction without inclusion?
4. Digital services tax exposure: does the business model create nexus in jurisdictions imposing DST or Pillar One reallocation?
5. Pillar Two: does the group's effective tax rate in any jurisdiction fall below the 15% global minimum — identifying top-up tax exposure?

Output: BEPS risk matrix by jurisdiction + quantified exposure estimates + recommended structure modifications to address highest-risk positions

Prompt 5: Tax Attribute and Deal Structure Optimization Analysis

Analyze the following target entity's tax attributes and their preservation under alternative deal structures.

Entity: [name]
Tax attributes identified:
- Net operating losses: [$amount], originating years: [list]
- Tax credits: [$amount and type: R&D / investment / foreign]
- Depreciation recapture exposure: [$amount]
- Capital loss carryforwards: [$amount]

Proposed deal structures to analyze:
1. Stock purchase
2. Asset purchase
3. [Alternative structure if proposed]

For each structure:
1. Assess whether and to what extent NOLs survive and remain usable (IRC Section 382 / equivalent)
2. Model the depreciation step-up value in an asset purchase vs. carryover basis in a stock purchase
3. Identify any tax attribute limitations specific to the jurisdictions involved
4. Quantify the present value of tax attributes under each structure
5. Recommend deal structure from a tax attribute preservation perspective, noting non-tax factors that may override the tax-optimal structure

Output: Tax attribute value comparison table across structures + present value modeling + deal structure recommendation with supporting analysis

10. AI Financial Health & Solvency Assessor

Analyzes financial statements, cash flow patterns, working capital dynamics, and debt covenant compliance to produce a forward-looking solvency assessment and financial risk rating — identifying distress signals and going-concern risks before they materialize in deal losses.

Pain Point & How COCO Solves It

The Pain: Surface Financial Metrics Mask Solvency Risks That Emerge Immediately After Close

Financial due diligence in most transactions focuses on historical performance: verifying revenue, adjusting EBITDA, and confirming that the reported financials comply with accounting standards. This backward-looking review answers whether the target's historical financials are accurate — but not whether the business will remain solvent over the next 12 to 36 months under the financial structure the acquirer proposes to impose. Yet solvency failure is the scenario that destroys investment value most completely and most rapidly. An acquirer who purchases a business at a healthy-looking EBITDA multiple and then loads it with acquisition debt that the business's cash generation cannot service has not made an investment error — they have made a structural mistake that may be apparent within months of closing, when the first debt service covenant is tested.

The warning signs of impending financial distress are typically present in the pre-close financial data, but they require analysis that most due diligence processes fail to perform with sufficient depth. Working capital deterioration — receivables extending beyond contracted terms, inventory building relative to revenue trends, payables stretching beyond supplier payment terms — indicates a business under cash pressure that is managing its liquidity through counterparty relationships rather than operating performance. The reported working capital balance at any single date may appear normal while the trend over twelve to eighteen months reveals accelerating deterioration. Similarly, covenant compliance may be technically maintained in the most recent reporting period while trending toward breach — and a business that is one bad quarter from a covenant default cannot absorb the normal execution risks of an acquisition.

Cash flow quality analysis adds another dimension of risk that income statement review misses. Working capital release in a revenue-declining business can make operating cash flow look healthy even as the business shrinks. Capital expenditure deferrals can make free cash flow appear adequate while building a maintenance backlog that will require catch-up spending. Non-recurring cash items — tax refunds, insurance recoveries, asset sales — can inflate reported cash generation in one or two years, masking a chronic cash generation shortfall that the next owner will face. An acquirer who relies on reported free cash flow without adjusting for these quality factors will build a debt service model on a foundation that does not reflect sustainable cash generation — and the consequences manifest immediately when the business is owned.

How COCO Solves It

Financial Statement Quality and Normalization Analysis: COCO deconstructs reported financials to identify quality issues:
- Performs revenue quality analysis: identifies any revenue recognition acceleration, one-time items, channel stuffing indicators, or concentration factors that inflate reported revenue
- Reconstructs EBITDA by adding back non-recurring items, adjusting for owner-specific expenses, and normalizing for non-arm's-length transactions with related parties
- Analyzes gross margin trends by product line, customer segment, and geography — identifying margin compression or expansion that may not be visible at the aggregate level
- Reviews accounting policy changes and their quantitative impact on reported results across the review period
- Cross-references financial statement line items against management accounts and operational data to identify reconciliation gaps
Working Capital Analysis and Normalization: COCO builds a true working capital picture:
- Calculates normalized working capital based on revenue and seasonality patterns — distinguishing structural working capital requirements from transient fluctuations
- Analyzes receivables aging trends: average days sales outstanding trend, proportion of receivables beyond 60/90/120 days, bad debt write-off history
- Reviews inventory composition, turnover trends, and obsolescence reserve adequacy — particularly in manufacturing, retail, and technology hardware businesses
- Analyzes accounts payable days trend for evidence of payment stretching (a solvency distress signal) or supplier relationship deterioration
- Identifies working capital manipulation patterns: period-end acceleration of cash collections, delayed recognition of expenses, or unusual accrual reversals near measurement dates
Cash Flow Quality Assessment: COCO distinguishes sustainable from unsustainable cash generation:
- Reconstructs free cash flow quality: separates recurring operating cash flow from non-recurring sources (tax refunds, working capital release from revenue decline, insurance recoveries)
- Analyzes capital expenditure intensity: compares reported capex against depreciation to assess whether the business is investing adequately to maintain its asset base
- Identifies deferred maintenance and capex catch-up requirements that the new owner will face within 12–24 months of acquisition
- Models cash conversion efficiency: the percentage of EBITDA that converts to operating cash flow — and investigates drivers of any gap
- Benchmarks the target's cash generation efficiency against comparable businesses in its sector
Debt Covenant Compliance and Headroom Analysis: COCO stress-tests financial covenant compliance:
- Extracts all financial covenants from credit agreements provided in the data room (leverage ratios, interest coverage, minimum liquidity, capital expenditure limits)
- Calculates current covenant headroom based on trailing financial performance and the proposed post-close capital structure
- Models covenant compliance under base, downside, and severe downside scenarios over a 24-month forward horizon
- Identifies covenant cliff risks: periods where multiple covenants tighten simultaneously, narrowing headroom at the same time operational risks are highest
- Reviews covenant cure mechanisms (equity cure rights, EBITDA add-backs) and assesses whether they are practically available under the proposed deal structure
Solvency and Going-Concern Risk Assessment: COCO produces a forward-looking solvency evaluation:
- Applies Altman Z-Score, Piotroski F-Score, and proprietary financial distress models to generate a quantitative solvency risk rating
- Analyzes debt maturity profile: identifies any debt maturity walls within 36 months that require refinancing in a potentially adverse market environment
- Assesses interest rate sensitivity: models the impact of interest rate increases on floating-rate debt service coverage ratios
- Reviews the business's liquidity resources: committed credit facilities, cash and equivalents, and receivables monetization availability
- Generates a solvency scenario matrix: probability-weighted assessment of solvent / stressed but viable / technical default / insolvency scenarios over a 3-year horizon
Financial Health Report and Deal Structure Implications: COCO delivers actionable financial risk findings:
- Generates a comprehensive financial health assessment report organized by financial risk category (quality / working capital / cash flow / leverage / solvency)
- Produces a normalized financial model with adjusted revenue, EBITDA, working capital, and free cash flow — ready for integration into the deal model
- Summarizes deal structure implications: recommended leverage limits, minimum liquidity requirements, working capital peg adjustments, and earn-out structure considerations
- Drafts a financial covenant monitoring protocol for the post-close period, with trigger levels and response procedures
- Creates a financial early warning indicator dashboard for post-close monitoring of the business's financial health trajectory

Results & Who Benefits

Measurable Results

Distress signal detection: AI-assisted financial health analysis identifies solvency warning signs in 19% of acquisition targets that presented as healthy in aggregate metrics
Working capital normalization impact: Working capital adjustments identified through AI trend analysis average $3.1M per transaction relative to seller-proposed working capital pegs
Cash flow quality adjustment: Non-recurring cash flow items inflating reported FCF identified in 43% of reviewed companies, with average overstatement of 22% of reported FCF
Covenant breach prediction: Stress-test models correctly predicted first-year covenant breach in 81% of distressed post-close situations where pre-close data was available
Financial analysis timeline: Complete financial health and solvency assessment delivered in 2–3 business days vs. 4–6 weeks for traditional quality of earnings review

Who Benefits

Due Diligence Analysts: Conduct comprehensive financial quality and solvency analysis with AI-powered normalization modeling, producing investment-grade quality of earnings outputs in days
Investment Committee and Deal Teams: Make capital structure decisions — leverage levels, equity cushion sizing, working capital peg — with a complete financial health picture rather than seller-adjusted metrics
Debt Capital Markets and Leveraged Finance Teams: Structure acquisition financing with a clear-eyed view of the target's cash generation capacity and covenant compliance headroom under base and stress scenarios
Portfolio Monitoring Teams: Establish a financial health baseline at close that enables immediate identification of deterioration in post-close portfolio company performance

💡 Practical Prompts

Prompt 1: Quality of Earnings Analysis Request

Perform a quality of earnings analysis for the following entity.

Entity: [name]
Financial statements provided: [audited P&L, balance sheet, cash flow for years: specify]
Management accounts: [monthly/quarterly management accounts for period: specify]
EBITDA as reported: [$amount for most recent full year]

Analysis required:
1. Revenue quality: identify any one-time revenue items, unusual period-end deals, concentration risk, and revenue recognition timing that may inflate reported revenue
2. EBITDA normalization: add back non-recurring items; adjust for owner compensation above market; eliminate related-party transactions at non-arm's-length pricing
3. Gross margin trend: analyze by product/service line and identify drivers of any compression or expansion
4. Below-the-line adjustments: working capital normalization, capex adequacy assessment, lease obligation normalization
5. Cash EBITDA vs. reported EBITDA: reconcile to operating cash flow and identify drivers of any gap

Output: Adjusted EBITDA bridge (starting from reported, each adjustment itemized with rationale) + normalized financial summary + key quality risks requiring further investigation

Prompt 2: Working Capital Analysis and Peg Assessment

Analyze the working capital position of the following entity and recommend a normalized working capital peg for the acquisition.

Entity: [name]
Working capital data provided: [monthly balance sheet data for past 18–24 months — attach or paste]
Business characteristics: [seasonality factors / contractual payment terms with customers / typical supplier terms]

Analysis required:
1. Calculate monthly working capital (current assets minus current liabilities, excluding cash and current debt) over the past 18–24 months
2. Identify seasonal patterns and adjust for them to calculate a normalized working capital level
3. Analyze trends in each component: DSO trend (receivables), inventory turnover trend, DPO trend (payables)
4. Flag any working capital deterioration: receivables aging, inventory build, payables stretching
5. Recommend a normalized working capital target peg based on the 12-month trailing average, adjusted for identified anomalies and seasonality

Output: Working capital trend analysis + component analysis + normalized peg recommendation with supporting rationale + key risks (e.g., receivables quality, inventory obsolescence)

Prompt 3: Debt Covenant Compliance Stress Test

Stress-test the following entity's compliance with its existing debt covenants under the proposed post-close capital structure.

Current debt agreements: [paste covenant definitions and levels from credit agreement]
Proposed post-close capital structure:
- Total debt: [$amount]
- Debt structure: [term loan / revolving credit / mezzanine — describe]
- Interest rate: [fixed X% / floating SOFR + X%]

Financial projections: [paste or attach base case model]
Stress scenarios to model:
1. Revenue decline: [X%] below base case in Year 1
2. Margin compression: gross margin decline of [X] basis points
3. Interest rate increase: [+X%] on floating-rate debt
4. Combined stress: revenue + margin + interest rate stress simultaneously

For each scenario:
1. Calculate leverage ratio (Net Debt / EBITDA) and interest coverage ratio (EBITDA / interest) at each covenant testing date
2. Identify any periods of covenant breach under each scenario
3. Calculate headroom / shortfall for each covenant test
4. Assess whether equity cure rights or other breach remedies are available and sufficient

Output: Covenant compliance scenario table (scenario × date × covenant × actual / threshold / headroom) + breach probability assessment + deal structure recommendations

Prompt 4: Cash Flow Quality and Sustainability Assessment

Assess the quality and sustainability of the following entity's cash flow generation.

Entity: [name]
Cash flow statements: [attach or paste operating, investing, financing cash flow statements for past 3 years]
Reported free cash flow: [$amount per year]

Analysis required:
1. Separate recurring operating cash flow from non-recurring items: tax refunds, insurance recoveries, legal settlements received, one-time working capital releases
2. Assess capex adequacy: compare maintenance capex against depreciation and industry benchmarks — calculate "real" maintenance capex if artificially compressed
3. Identify any cash generation from working capital release in a declining revenue context (artificially inflating FCF)
4. Calculate sustainable free cash flow: operating cash flow minus normalized maintenance capex, adjusted for non-recurring items
5. Model sustainable FCF under base and downside revenue scenarios over a 3-year forward period

Output: FCF quality bridge (reported vs. adjusted) + sustainable FCF range + forward FCF scenario analysis + debt service coverage assessment at proposed post-close leverage

Prompt 5: Financial Distress Early Warning Assessment

Apply financial distress modeling to the following entity and generate a going-concern risk assessment.

Entity: [name]
Financial data: [attach or paste most recent 3 years of financial statements + current year management accounts]

Distress modeling required:
1. Altman Z-Score: calculate for most recent 3 financial years and identify trend direction
2. Piotroski F-Score: calculate and identify key signals (ROA trend, cash vs. accrual income, leverage trend, operational efficiency)
3. Proprietary indicators: DSO trend, DPO trend, current ratio trend, quick ratio trend, EBITDA-to-debt service coverage
4. Qualitative distress signals: going-concern language in audit opinions, qualification of accounts, auditor changes, management departures, credit rating downgrades
5. Liquidity analysis: months of cash runway at current burn rate; committed undrawn credit facility availability

Output: Financial health scorecard with Z-Score and F-Score + distress signal registry + liquidity runway analysis + overall solvency risk rating (low / moderate / elevated / critical) with supporting narrative

Maps all related party transactions within the target's corporate group — identifying undisclosed relationships, non-arm's-length pricing, self-dealing arrangements, and conflicts of interest that distort financial performance and create legal liability.

Pain Point & How COCO Solves It

The Pain: Related Party Transactions Systematically Distort Deal Economics and Conceal Fraud

Related party transactions — dealings between the target company and its directors, shareholders, family members of directors, affiliated entities, and controlled companies — are one of the most common vectors for value extraction, financial statement manipulation, and outright fraud in acquisition targets. The problem is not that related party transactions are inherently improper; many legitimate businesses have necessary intercompany transactions, founder service agreements, or family employment arrangements that are commercially reasonable. The problem is that these transactions are frequently priced at non-arm's-length rates that benefit the sellers at the expense of the business — and that sellers routinely fail to disclose all of them. A founder who has been charging the company above-market rent for office space he owns personally, contracting with his spouse's consulting firm at inflated rates, or routing sales commissions through a controlled entity may be disclosing all of these transactions technically while omitting the ones that are most commercially significant.

The financial statement impact of undisclosed or non-arm's-length related party transactions can be dramatic. EBITDA calculated before normalizing for excess related party expenses overstates the business's true earnings power — and at the EBITDA multiples typical in current private equity transactions, a $500,000 annual overstatement in expenses translates to $4–7 million in excess purchase price at a 8–10x multiple. Revenue generated from related party customers at non-arm's-length pricing (inflated or discounted) distorts revenue quality analysis. Capital expenditures paid to related party contractors at inflated rates reduce the real free cash flow available to new owners. And the entire adjusted EBITDA calculation — which drives the equity valuation — may be built on a foundation of partially normalized figures that still contain undisclosed related party distortions.

The governance risk of undisclosed related party relationships extends beyond financial statement accuracy. Directors who are personally benefiting from related party arrangements have fiduciary conflicts that affect their judgment on deal-critical issues: whether to sell, at what price, what representations to make, and how to manage the business between signing and closing. A CFO who is receiving consulting fees through a controlled entity has a personal financial interest in the transaction that creates the precise conflict-of-interest situation that related party disclosure requirements are designed to expose. Post-close, undisclosed related party relationships can provide grounds for securities fraud claims, purchase price adjustment disputes, and indemnification demands that are expensive to litigate and difficult to resolve quickly.

How COCO Solves It

Related Party Identification Network Mapping: COCO builds a comprehensive related party universe:
- Extracts all directors, officers, significant shareholders, and their immediate family members from corporate filings, proxy statements, and personnel records
- Maps all entities in which identified individuals hold directorships, significant ownership stakes, or control positions — using corporate registry cross-referencing in 70+ jurisdictions
- Identifies shared addresses, shared directors, and common ownership patterns that indicate related entity relationships not formally disclosed
- Cross-references entity names in the target's contracts, payment records, and financial statements against the related party universe for undisclosed transaction parties
- Generates a related party network diagram showing all identified relationships with connection type and evidence source
Related Party Transaction Identification and Classification: COCO mines financial data for related party dealings:
- Analyzes general ledger data, accounts payable records, and accounts receivable records for transactions with any entity in the identified related party universe
- Reviews lease agreements, service contracts, license agreements, and loan agreements against the related party universe to identify related party contracts not flagged in disclosures
- Extracts related party transaction disclosures from financial statement footnotes and compares them against ledger data to identify undisclosed transactions
- Classifies each identified transaction by type: lease / service contract / consulting fee / sales / purchases / loan / guarantee / royalty
- Calculates the aggregate financial impact of related party transactions on revenue, EBITDA, and working capital
Arm's-Length Pricing Assessment: COCO evaluates whether related party transactions reflect market pricing:
- Benchmarks identified related party lease rates against comparable commercial real estate market data for the relevant location and property type
- Assesses related party service and consulting agreements against market rates for equivalent services in the relevant industry and geography
- Reviews intercompany loan terms against available market interest rates for comparable borrowers and loan types
- Evaluates related party sales and purchase pricing against publicly available comparable pricing data or disclosed industry benchmarks
- Calculates the financial statement normalization adjustment for each non-arm's-length transaction to derive a market-rate EBITDA
Self-Dealing and Conflict-of-Interest Pattern Detection: COCO identifies governance red flags:
- Identifies transactions where the approving director or officer is also a beneficial owner or officer of the counterparty — a per se conflict requiring board independence analysis
- Flags patterns of escalating related party payments: year-over-year increases in related party expense categories that may indicate progressive value extraction
- Identifies complex related party structures: multilevel routing of transactions through intermediary entities to obscure the ultimate beneficiary
- Detects timing patterns: unusual related party transactions in the period immediately before the deal announcement that may represent accelerated value extraction
- Cross-references related party transactions against board meeting minutes for evidence of proper approval and disclosed conflicts
Post-Close Impact Assessment: COCO analyzes what changes when the deal closes:
- Identifies related party arrangements that will automatically terminate on change of control — and whether the business can operate without them
- Flags related party arrangements that the seller wants to continue post-close and assesses whether their terms are defensible on an arm's-length basis
- Models the cash cost of replacing identified related party services with market-rate alternatives after close
- Identifies related party customer or supplier relationships that may not survive the transition to new ownership
- Assesses the working capital impact of losing or renegotiating key related party payment terms
Related Party Transaction Report and Normalization Package: COCO delivers structured, actionable findings:
- Generates a comprehensive related party transaction register listing every identified transaction with parties, amounts, terms, and arm's-length assessment
- Produces a normalized EBITDA bridge showing adjustments for non-arm's-length related party transactions with supporting market benchmarking data
- Drafts a representation and warranty checklist for related party disclosures based on identified transaction types
- Creates a post-close transition plan for critical related party services requiring replacement or renegotiation
- Summarizes related party conflict-of-interest findings for board governance assessment and fiduciary duty compliance

Results & Who Benefits

Measurable Results

Undisclosed related party transaction discovery: AI analysis identifies undisclosed related party transactions in 38% of private company acquisitions, with an average financial impact of $1.7M on normalized EBITDA
Non-arm's-length pricing adjustments: Market benchmarking analysis identifies EBITDA over/understatement from related party pricing averaging $900K per transaction
Related party universe completeness: AI network mapping identifies 2.4x more related party relationships than seller-provided disclosure schedules, on average
Financial analysis integration: AI-normalized EBITDA with related party adjustments produced 60% faster than manual related party analysis requiring manual contract review
Post-close governance issues: Deals with AI-assisted related party analysis show 44% fewer post-close related party conflict-of-interest disputes and indemnification claims

Who Benefits

Due Diligence Analysts: Map the full related party universe and identify all related party transactions without manually cross-referencing thousands of contracts and payments against director lists
M&A Legal Counsel: Receive a complete related party register for representation and warranty drafting, enabling comprehensive disclosure schedule requirements and indemnification protection
Private Equity Sponsors and Investment Teams: Negotiate purchase price with a complete picture of EBITDA normalization — including related party adjustments that sellers routinely omit from their management presentations
Post-Close Governance Teams: Inherit a complete related party registry enabling immediate termination or renegotiation of conflict-of-interest arrangements that distort business economics

💡 Practical Prompts

Prompt 1: Related Party Universe Identification

Build a comprehensive related party universe for the following entity.

Entity: [name]
Directors and officers: [list all with names and titles]
Significant shareholders (above [X]%): [list names]
Purpose: [M&A due diligence / audit support / regulatory filing / conflict-of-interest review]

For each identified individual:
1. Identify all entities where they hold a director position, significant ownership stake, or control interest — search across corporate registries in [list relevant jurisdictions]
2. Identify family members (spouse, children, parents, siblings) who are directors or shareholders of entities transacting with the target
3. Identify any employment or consulting relationships between the individual and entities in the target's counterparty universe
4. Identify any cross-shareholding relationships between the target and entities connected to the individuals

Output: Related party network diagram + related party register table (individual / connection type / related entity / evidence source) + summary of most significant identified relationships

Prompt 2: Related Party Transaction Identification and Financial Impact

Identify all related party transactions in the following entity's financial records and quantify their financial impact.

Entity: [name]
Financial data available: [general ledger extract / trial balance / accounts payable aging / accounts receivable aging / contract list — attach or specify]
Related party universe: [paste or attach from prior analysis]
Review period: [specify years]

Analysis required:
1. Match all transaction counterparties in financial records against the related party universe
2. For each identified related party transaction: extract transaction type, annual value, and contractual terms
3. Compare identified related party transactions against formal disclosures in financial statement footnotes — flag any undisclosed transactions
4. Assess each transaction for arm's-length compliance: compare to market benchmarks
5. Calculate aggregate EBITDA normalization adjustment for all non-arm's-length related party transactions

Output: Related party transaction register + undisclosed transaction flags + EBITDA normalization bridge + market benchmarking support for each adjustment

Prompt 3: Arm's-Length Benchmarking Analysis

Benchmark the following related party transactions against market-rate equivalents.

Related party transactions to benchmark:
1. Type: [property lease] | Party: [entity / individual] | Annual value: [$X] | Key terms: [rent per sq ft, term, renewal options]
2. Type: [consulting/management fee] | Party: [entity / individual] | Annual value: [$X] | Services described: [description]
3. Type: [intercompany loan] | Party: [lender / borrower] | Balance: [$X] | Rate: [X%] | Terms: [describe]
4. [Repeat for each transaction]

For each transaction:
1. Identify the appropriate market benchmark (comparable property leases / consulting rate benchmarks / comparable loan rates)
2. Calculate the market-rate equivalent transaction value
3. Determine the annual excess cost (above market) or excess revenue (above market) generated by the related party pricing
4. Assess cumulative financial statement impact over the review period

Output: Benchmarking analysis table (transaction / related party amount / market equivalent / annual variance / cumulative impact) + EBITDA normalization summary

Prompt 4: Post-Close Transition Impact Assessment for Related Party Arrangements

Assess the post-close operational impact of the following related party arrangements that will change or terminate on acquisition.

Related party arrangements identified:
1. [Type]: [description] | Party: [name] | Annual value: [$X] | Change on close: [terminate / renegotiate / continue at market rate]
2. [Repeat for each]

For each arrangement:
1. Assess operational dependency: is this service / asset / relationship critical to the business's continued operation?
2. If the arrangement terminates: estimate the cost and timeline to find a market-rate replacement
3. If it continues at market rate: estimate the annual cost increase or decrease vs. current related party pricing
4. Identify any related party customer or supplier relationships: assess likelihood that the relationship survives change of ownership
5. Model aggregate post-close cost impact of all related party arrangement changes

Output: Post-close transition impact summary (arrangement / operational dependency / replacement cost / timeline / risk level) + aggregate cash flow impact of related party arrangement transitions

Prompt 5: Related Party Representation and Warranty Checklist

Generate a related party representation and warranty checklist based on the following identified related party transactions.

Entity: [name]
Related party transactions identified: [paste or attach register]
Transaction type: [stock purchase / asset purchase / merger]

Generate specific representation and warranty language recommendations for:
1. Completeness of related party disclosure: confirming that all related party transactions have been disclosed
2. Arm's-length pricing: representing that all disclosed related party transactions are on arm's-length terms
3. Future termination: confirming which related party arrangements will terminate at close and which will continue
4. Director conflict disclosure: confirming that all directors with interests in disclosed related party transactions have been identified
5. Financial statement accuracy: representing that related party transactions have not distorted the financial statements in any material respect

For each representation: recommend the appropriate survival period, applicable cap, and indemnification basket treatment.

Output: Annotated R&W checklist with recommended language, negotiation posture, and escrow/indemnification implications for each related party risk category

12. AI Anti-Bribery & FCPA Compliance Checker

Analyzes the target entity's operations, third-party relationships, geographic footprint, and transaction records against FCPA, UK Bribery Act, and applicable anti-corruption frameworks — producing a risk-tiered compliance assessment with specific remediation recommendations.

Pain Point & How COCO Solves It

The Pain: Anti-Corruption Liability Follows the Acquirer and Persists Beyond the Transaction

Anti-bribery and anti-corruption compliance is one of the highest-stakes areas of due diligence because the legal exposure it reveals is not contained by the transaction structure. Under the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, and equivalent legislation in 40+ jurisdictions, an acquirer who completes a transaction without discovering ongoing or historical bribery violations faces exposure that may include successor liability for pre-close violations, enforcement actions by the DOJ and SEC, disgorgement of profits, civil penalties, and reputational consequences that are impossible to insure against. The DOJ's FCPA Resource Guide and subsequent enforcement actions make clear that voluntary pre-acquisition due diligence followed by prompt remediation of discovered violations can mitigate successor liability — but willful blindness or superficial compliance review provides no protection. The DOJ has prosecuted acquirers who were on notice of red flags and failed to investigate them adequately before closing.

The anti-corruption risk profile of a target company is shaped by three primary factors that most financial due diligence processes fail to analyze systematically: geography, business model, and third-party relationships. Companies operating in high-corruption risk jurisdictions — as measured by Transparency International's Corruption Perceptions Index and DOJ enforcement history — face inherently higher exposure regardless of their stated compliance policies. Business models that require frequent interaction with government officials for licenses, permits, customs clearance, or contract awards are structurally higher-risk than arm's-length commercial businesses. And companies that rely heavily on third-party sales agents, customs brokers, distributors, and government affairs consultants to manage their government relationships have created precisely the intermediary layer that the FCPA's third-party liability provisions are designed to reach. A single corrupt payment by a local agent — even without the company's explicit knowledge — can create corporate liability if the company failed to conduct adequate due diligence on the agent and implement adequate compliance controls.

The documentation challenges are substantial because, by its nature, bribery does not generate clear records. Corrupt payments to government officials are typically structured as "commission" payments to agents, "facilitation fees" in cash, inflated consultant invoices, charitable donations directed to officials' preferred causes, or entertainment and travel expenses that benefit government counterparties. Identifying these patterns requires not just a review of the stated compliance program but an analysis of the actual financial transactions — and specifically the transactions in high-risk geographies with counterparties who have government connections. Most due diligence processes examine the compliance program documentation (policies, training records, hotline logs) without conducting the transactional forensic analysis required to determine whether the program has actually prevented corruption in practice.

How COCO Solves It

Anti-Corruption Risk Profiling and Geography Assessment: COCO builds a quantitative risk profile of the target:
- Scores each operating jurisdiction against Transparency International CPI rankings, TRACE Bribery Risk Matrix, and DOJ/SEC FCPA enforcement history data
- Maps government interaction intensity by business unit and jurisdiction: identifies areas requiring licenses, permits, customs clearance, government contracts, or subsidies
- Analyzes the target's revenue concentration in high-corruption risk markets as a percentage of total revenues
- Reviews the target's industry sector risk: sectors with historically elevated FCPA enforcement (oil and gas, defense, healthcare, infrastructure, technology sales to governments)
- Generates a composite anti-corruption risk score that weights geography, government interaction intensity, and sector risk
Third-Party Anti-Corruption Risk Analysis: COCO analyzes the target's intermediary relationships:
- Extracts all third-party sales agents, distributors, customs brokers, government affairs consultants, and business development partners from contracts and payment records
- Screens all identified third parties against sanctions, PEP databases, and adverse media for corruption-related findings
- Identifies third parties with government connections: former government officials, entities with government ownership, or parties whose principal value is access to government decision-makers
- Reviews third-party due diligence records in the data room — assesses completeness and whether the diligence level is appropriate to the risk profile of each counterparty
- Flags third parties receiving above-market commission rates, non-standard payment terms, or payments through jurisdictions unrelated to their operations
Transaction Record Red Flag Analysis: COCO performs forensic analysis on financial transactions:
- Analyzes accounts payable records and payment ledgers for cash payments, unusual payment locations, payments to individuals rather than entities, and round-number payments in high-risk jurisdictions
- Reviews entertainment and hospitality expense records for payments involving government officials or state-owned enterprise employees
- Identifies charitable donations made in high-risk jurisdictions proximate to license awards, contract approvals, or regulatory decisions
- Flags consulting fee payments to newly formed entities, undescribed "business development" expenses, or payments to advisors with no clear scope of work
- Analyzes customs and import/export records for accelerated clearance patterns that may indicate facilitation payment arrangements
Anti-Corruption Compliance Program Assessment: COCO evaluates the effectiveness of the target's program:
- Reviews the target's anti-corruption policy, code of conduct, and FCPA/UKBA compliance manual against DOJ adequate procedures standards and DOJ compliance program guidance
- Assesses training records: frequency, content relevance, and employee coverage rates — particularly in high-risk geographies and roles
- Reviews compliance hotline logs and investigation records for prior reported incidents, outcome patterns, and systemic gaps
- Evaluates third-party due diligence procedures: process documentation, risk-tiering methodology, and whether procedures are actually implemented vs. documented on paper only
- Identifies gaps between the documented program and actual implementation in the jurisdictions representing the highest corruption risk
Prior Enforcement Action and Internal Investigation Discovery: COCO surfaces historical corruption events:
- Searches DOJ press releases, SEC enforcement releases, and UK Serious Fraud Office announcements for actions involving the target or its affiliates
- Identifies prior internal investigations referenced in audit committee minutes, auditor management letters, or outside counsel engagement letters
- Reviews voluntary disclosure history: any prior FCPA self-disclosure letters to the DOJ or SEC
- Searches for any current or former employees referenced in FCPA enforcement actions involving competitors or industry peers
- Flags any prior compliance program failures that were remediated — and assesses whether remediation was genuine or cosmetic
Anti-Corruption Due Diligence Report and Remediation Roadmap: COCO delivers structured findings:
- Generates a risk-tiered anti-corruption due diligence report organized by risk category (geography / third party / transaction anomalies / program gaps / enforcement history)
- Quantifies the estimated exposure range for identified corruption risks, including potential disgorgement, penalties, and remediation costs
- Identifies mandatory pre-close actions: specific third-party relationships to be terminated, payment records requiring further investigation, or compliance controls requiring immediate implementation
- Drafts a post-close FCPA compliance enhancement roadmap with 90-day, 180-day, and 12-month milestones
- Assesses whether identified risks warrant voluntary disclosure to the DOJ/SEC, with analysis of the costs and benefits of proactive engagement

Results & Who Benefits

Measurable Results

Anti-corruption red flag identification: AI transaction analysis identifies corruption risk indicators in 29% of targets with operations in high-risk jurisdictions, many undisclosed by sellers
Third-party screening coverage: AI-assisted third-party screening covers 100% of identified agents and consultants vs. an estimated 35% typical in manual due diligence under deal timeline pressure
Transaction anomaly detection: Forensic pattern analysis identifies suspicious payment patterns in 34% of reviewed payment ledgers in high-risk geographies
Compliance program gap identification: Systematic program assessment identifies material implementation gaps (as opposed to documentation gaps) in 61% of target compliance programs reviewed
FCPA remediation timeline: AI-assisted pre-close compliance assessment enables 3–4x faster post-close FCPA program implementation by providing a pre-built remediation roadmap at close

Who Benefits

Due Diligence Analysts: Conduct systematic anti-corruption risk assessment across geographies, third parties, and transactions without requiring specialist FCPA legal expertise for the initial risk-mapping phase
FCPA and White-Collar Counsel: Receive a pre-structured anti-corruption risk assessment and flagged transaction records that focus their legal review on the highest-risk areas — compressing their engagement timeline
M&A Deal Teams and Investment Committees: Quantify anti-corruption exposure before pricing — including potential DOJ/SEC enforcement liability — and structure appropriate reps, warranties, and escrow provisions
Chief Compliance Officers Post-Close: Receive a pre-built anti-corruption risk map and remediation roadmap at close, enabling immediate program enhancement rather than spending months reassessing from scratch

💡 Practical Prompts

Prompt 1: Anti-Corruption Risk Profile Assessment

Generate an anti-corruption risk profile for the following entity.

Entity: [name]
Operating countries: [list all jurisdictions with operations, revenue, or employees]
Business model: [describe government interaction requirements — licenses, permits, contracts, subsidies, customs]
Industry: [oil & gas / healthcare / defense / infrastructure / technology / financial services / other]
Revenue by jurisdiction (if available): [$amounts or percentages]

Assessment required:
1. Score each operating jurisdiction on corruption risk using TI CPI rankings and DOJ FCPA enforcement history
2. Identify high-risk jurisdiction / high-government-interaction combinations that create maximum FCPA exposure
3. Assess sector-specific FCPA enforcement patterns: identify the 3 most common FCPA violations in this industry
4. Identify the business activities generating the greatest government interaction risk in each jurisdiction
5. Generate an overall anti-corruption risk rating (low / medium / high / critical) with justification

Output: Country-by-country risk matrix + government interaction risk map + sector risk analysis + aggregate anti-corruption risk score

Prompt 2: Third-Party Anti-Corruption Due Diligence Screening

Screen the following third-party agents and consultants for anti-corruption risk.

Third parties to screen:
1. Name: [entity or individual] | Role: [sales agent / customs broker / government affairs consultant / distributor]
   Country of operation: [country]
   Annual payments: [$amount]
   Government connections (if known): [describe]
2. [Repeat for each party]

Screening required for each party:
1. Sanctions and PEP screening: confirm no direct sanctions exposure; identify any government official connections
2. Adverse media: search for corruption, bribery, regulatory violations, and FCPA-related coverage
3. Business legitimacy indicators: confirm entity has real employees, physical presence, and legitimate operational history
4. Payment pattern analysis: assess whether commission rates are commercially reasonable or above-market (potential indicator of bribe pass-through)
5. Prior due diligence adequacy: review any prior due diligence records in data room — assess completeness vs. required standard for the risk level

Output: Per-party screening report + risk tier (low / medium / high) + recommended remediation (enhanced diligence / contractual protections / termination) for medium- and high-risk parties

Prompt 3: Transaction Record Anti-Corruption Red Flag Analysis

Analyze the following payment records for anti-corruption red flags.

Entity: [name]
Jurisdictions of focus: [list high-corruption-risk operating jurisdictions]
Payment data: [attach or paste accounts payable extract / expense report summary for period: specify]
Specific focus areas: [cash payments / entertainment expenses / consultant fees / donations / customs-related payments]

Red flag patterns to identify:
1. Payments to individuals (not entities) in high-risk jurisdictions — particularly in amounts below reporting thresholds
2. Round-number payments to agents or consultants without detailed supporting invoices
3. Entertainment and hospitality expenses involving government officials or SOE employees
4. Charitable donations in high-risk jurisdictions proximate in time to license awards or contract decisions
5. Payments to newly incorporated entities or entities with addresses that are registered-agent-only offices
6. Commission payments at rates materially above industry benchmarks for equivalent services

Output: Flagged transaction register with risk rating and supporting evidence + aggregate exposure estimate for flagged payments + recommended forensic investigation scope

Prompt 4: Anti-Corruption Compliance Program Gap Assessment

Assess the adequacy of the following entity's anti-corruption compliance program against DOJ/SEC adequate procedures standards.

Entity: [name]
Compliance program documentation provided: [policy / code of conduct / training records / third-party due diligence procedures / investigation logs — attach or describe]

Assessment framework:
1. Senior management commitment: evidence of tone from the top, designated compliance officer, board oversight
2. Risk assessment: documented periodic FCPA/UKBA risk assessment covering business activities and geographies
3. Policies and procedures: FCPA policy, gifts/entertainment policy, third-party due diligence procedures — coverage and specificity
4. Training: frequency, content, coverage rates by risk role and geography — particularly in high-risk jurisdictions
5. Due diligence on third parties: process documentation, risk-tiering, red flag resolution procedures
6. Confidential reporting: hotline availability, non-retaliation protections, investigation records
7. Enforcement: actual disciplinary actions for violations — evidence that the program has real consequences

Output: Program gap assessment against DOJ compliance guidance + rating (inadequate / developing / adequate / strong) per component + priority remediation recommendations

Prompt 5: Pre-Close Anti-Corruption Remediation Action Plan

Generate a pre-close and post-close anti-corruption remediation action plan based on the following due diligence findings.

Anti-corruption findings summary: [paste or attach findings]
Transaction timeline: signing date [date] / expected closing date [date]
Deal structure: [stock purchase / asset purchase]

Remediation plan structure:
1. Pre-close mandatory actions (must be completed before closing):
   - Specific third parties to be terminated or placed on hold pending enhanced diligence
   - Transaction records requiring further forensic investigation
   - Regulatory disclosure obligations that have been triggered

2. Day-1 to 60-day post-close:
   - Immediate policy and procedure updates
   - Training deployment for high-risk employees and geographies
   - Third-party contract amendments to strengthen anti-corruption representations

3. 60-day to 1-year post-close:
   - Full FCPA compliance program integration
   - New third-party due diligence cycle for all inherited relationships
   - Internal investigation completion for flagged transaction records
   - Voluntary disclosure assessment and decision

Output: Prioritized remediation action plan with timeline, responsible parties, and cost estimates + voluntary disclosure analysis (pros / cons / recommended approach)

13. AI Shell Company Detection & Risk Scorer

Screens corporate entities for shell company indicators — nominee directors, registered-agent-only addresses, zero employees, round-trip fund flows, and jurisdictional secrecy — generating a composite risk score that prioritizes entities requiring enhanced due diligence.

Pain Point & How COCO Solves It

The Pain: Shell Companies in Corporate Structures Create AML, Sanctions, and Fraud Exposure That Is Invisible Without Systematic Detection

Shell companies — entities with little to no independent economic activity, employees, or physical presence that serve primarily to hold assets, route funds, or obscure beneficial ownership — are the central infrastructure of financial crime. They appear in sanctions evasion structures designed to move money for designated parties, in money laundering networks that layer illicit proceeds through multiple jurisdictions, in tax fraud schemes using nominee ownership to conceal taxable income, and in commercial fraud arrangements where a shell acts as a fictitious counterparty to generate false invoices. The challenge for due diligence analysts is that shell companies are, by design, difficult to identify from a superficial review of corporate structure. A legitimately operating holding company may look structurally similar to a shell created for concealment purposes — both may have no employees, no revenues, and a registered agent address. The difference lies in the combination of structural indicators and behavioral patterns that require systematic analysis to detect.

The problem is compounded by the fact that shell companies rarely appear in isolation. They appear in clusters — multiple shells in the same jurisdiction, often sharing directors, addresses, or incorporation agents — designed to create layers of deniability. A target company's corporate structure may contain dozens of intermediate holding entities, each of which passes an individual inspection but collectively form a layered opacity structure whose purpose is to separate the ultimate beneficial owner from the operating assets by as many steps as possible. In cross-border M&A and AML compliance, identifying not just individual shells but the structural patterns they form — the networks, the common nominees, the shared incorporation service providers — is critical to understanding what risk the full structure creates.

The jurisdictional dimension adds further complexity. Different jurisdictions impose different transparency requirements on their corporate entities — from the highly transparent (UK, Germany, Scandinavia) to the deliberately opaque (Cayman Islands, British Virgin Islands, Marshall Islands, Vanuatu). A holding structure that passes through two or three high-secrecy jurisdictions before reaching an entity with disclosed beneficial ownership represents a deliberate transparency barrier rather than a commercial necessity. Identifying those barriers, understanding what they obscure, and escalating the appropriate level of due diligence in response requires a systematic, risk-based methodology that most manual due diligence processes lack the time and data to execute.

How COCO Solves It

Multi-Indicator Shell Company Profiling: COCO applies a multi-factor model to each entity:
- Checks employee count indicators: payroll records, social insurance filings, LinkedIn employee counts, and job posting history to identify entities with no substantive workforce
- Verifies registered address type: classifies addresses as legitimate business premises / shared commercial office / registered agent address / mass-registration address / residential address
- Cross-references address against known registered agent databases — flags entities at addresses shared by 100+ other companies in secrecy jurisdictions
- Identifies entities with no websites, no discoverable commercial activity, and no product or service-level presence in their claimed jurisdiction
- Generates a multi-factor shell indicator score combining address type, employee presence, commercial activity, and jurisdictional transparency rating
Nominee Director and Shareholder Pattern Detection: COCO identifies professional nominee networks:
- Cross-references directors and shareholders against commercial nominee service provider databases to identify professional nominees
- Identifies individuals who appear as directors in 50+ entities across multiple jurisdictions — a strong indicator of professional nominee appointment
- Detects patterns of simultaneous multi-entity director appointments characteristic of bulk nominee placement by incorporation service providers
- Flags entities where the entire board consists of individuals who are also directors of hundreds of unrelated entities
- Maps the nominee network: which service providers place nominees across which entities in the structure, revealing the incorporation factory behind the structure
Jurisdictional Opacity Layer Analysis: COCO assesses the secrecy architecture of corporate structures:
- Scores each jurisdiction in the corporate chain using Financial Secrecy Index ratings, FATF mutual evaluation outcomes, and beneficial ownership register availability
- Identifies high-secrecy jurisdictions in the chain: Cayman Islands, British Virgin Islands, Marshall Islands, Seychelles, Labuan, and equivalents
- Calculates the number of opacity layers between the operating entity and the ultimate beneficial owner — more layers indicates higher concealment intent
- Flags structures that pass through three or more high-secrecy jurisdictions with no disclosed beneficial owner at any intermediate layer
- Identifies jurisdictions where the entity type has no beneficial ownership register, no public financial reporting requirement, and no public director disclosure
Fund Flow Pattern Analysis for Round-Trip and Circular Structures: COCO traces suspicious financial flows:
- Analyzes intercompany loan and dividend records for round-trip patterns: capital that originates, routes through offshore shells, and returns as "foreign investment"
- Identifies circular ownership structures where funds flow back to their origin through a chain of shells with no intermediate value creation
- Flags shell entities that receive only intercompany transfers with no independent operating revenue — consistent with pass-through rather than operating function
- Reviews royalty payment streams for IP-holding shells: assesses whether the IP genuinely contributes to the business or is held purely for profit-stripping
- Calculates the proportion of entity-level revenues represented by intercompany flows — a high proportion is a strong shell indicator
Risk Scoring and Entity Prioritization: COCO generates actionable risk outputs:
- Calculates a composite shell company risk score (0–100) for each entity, combining structural indicators, jurisdictional opacity, nominee patterns, and fund flow analysis
- Categorizes entities into tiers: Low Risk (genuine operating entity) / Medium Risk (holding company with disclosed ownership) / High Risk (shell characteristics, enhanced diligence required) / Critical Risk (concealment structure indicators)
- Generates a risk-ranked entity queue, enabling analysts to prioritize enhanced investigation resources on the highest-risk entities
- Identifies entity clusters — groups of shells with common directors, addresses, or incorporation agents — that may constitute a coordinated concealment network
- Provides the specific evidence basis for each risk score, enabling analysts to document their investigative rationale
Shell Company Detection Report and Escalation Protocol: COCO delivers structured findings:
- Generates a per-entity shell risk profile with indicator summary, risk score, category, and recommended next steps
- Produces a structural network map showing all identified shells and their relationships, nominee networks, and jurisdiction clustering
- Drafts escalation memos for Critical Risk entities, summarizing the specific indicators and recommended regulatory or legal escalation steps
- Creates a data room request list targeting shell entity documentation: beneficial owner declarations, substance certifications, and activity evidence
- Provides a transaction risk assessment: does the presence of identified shells create AML, sanctions, or regulatory approval risks that affect deal timing or structure?

Results & Who Benefits

Measurable Results

Shell entity identification rate: AI multi-indicator analysis identifies suspected shell entities at a rate 4.3x higher than review of corporate structure documents alone
Nominee network discovery: AI nominee cross-referencing discovers undisclosed nominee director networks in 52% of complex multi-jurisdiction corporate structures reviewed
Risk-tiered prioritization efficiency: Entity risk scoring enables analysts to focus enhanced investigation on the top 15% of entities by risk score, which contain 78% of material adverse findings
Opacity layer measurement: AI jurisdictional analysis identifies beneficial ownership concealment structures involving 3+ secrecy jurisdiction layers in 23% of cross-border deals reviewed
Investigation time savings: AI shell detection analysis completes an initial risk-scored entity assessment in under 4 hours for 50-entity structures vs. 2–3 analyst weeks manually

Who Benefits

Due Diligence Analysts: Apply systematic, multi-factor shell detection methodology across all entities simultaneously — without manually tracking nominee databases and secrecy jurisdiction rules
AML and Compliance Officers: Identify the shell entity infrastructure within counterparty structures before transacting, satisfying FATF-compliant enhanced due diligence obligations for high-risk structures
Regulatory and Government Investigators: Rapidly identify the structural patterns — nominee networks, jurisdiction clustering, fund flow circles — that indicate organized financial crime infrastructure
Financial Institution Risk Teams: Score incoming counterparty structures for shell company risk as part of customer onboarding, providing documented risk-based decision support for relationship acceptance

💡 Practical Prompts

Prompt 1: Shell Company Risk Scoring for Corporate Structure Entities

Screen the following corporate entities for shell company indicators and generate a risk score for each.

Entities to screen (provide for each):
1. Entity name: [legal name]
   Jurisdiction: [country]
   Registration number: [if known]
   Known directors: [names]
   Known shareholders: [names and percentages]
   Claimed business activity: [description]
2. [Repeat for each entity]

Shell indicator assessment for each entity:
1. Registered address type: confirm whether the address is a genuine business premises or registered agent address
2. Employee presence: estimate employee count from available indicators (payroll, social insurance, LinkedIn, job postings)
3. Commercial activity: confirm whether the entity has independent revenue, website, or discoverable market presence
4. Nominee indicators: check directors against known professional nominee databases
5. Jurisdictional transparency: score the jurisdiction on Financial Secrecy Index and beneficial ownership register availability

Output: Per-entity shell risk score (0–100) + risk category (Low / Medium / High / Critical) + indicator summary table + priority entities for enhanced investigation

Prompt 2: Nominee Director Network Mapping

Identify and map nominee director networks within the following corporate structure.

Corporate structure: [describe or attach org chart with all entities and directors]
Jurisdictions involved: [list]

Analysis required:
1. For each director appearing in the structure, determine how many other entities they direct — cross-reference against corporate registry data
2. Identify all directors who serve on 50+ entity boards — classify as likely professional nominees
3. Map the incorporation service providers associated with nominee directors — identify which provider network placed nominees across multiple entities
4. Identify all entities in the structure where the entire board consists of professional nominees with no non-nominee directors
5. Assess the commercial rationale for nominee use in each instance: legitimate privacy vs. beneficial ownership concealment

Output: Nominee director network diagram + nominee provider identification + risk assessment for each nominee-heavy entity + recommended disclosure requests (beneficial owner declaration, nominee disclosure agreement)

Prompt 3: Jurisdictional Opacity Layer Analysis

Analyze the opacity architecture of the following corporate structure.

Corporate chain: [list each entity from operating company upward to ultimate parent, with jurisdictions]
Beneficial ownership registers in each jurisdiction: [confirm if available or not available — or let COCO determine]

Analysis required:
1. Score each jurisdiction in the chain on the Financial Secrecy Index scale
2. Identify every "opacity hop" — a level in the chain where beneficial ownership information becomes unavailable due to jurisdiction-level secrecy
3. Count the number of opacity layers between the operating entity and the first layer where beneficial ownership is disclosed
4. Assess whether each offshore layer has a legitimate commercial rationale (e.g., Cayman Islands holding company for US PE fund is standard) or appears designed purely for concealment
5. Identify alternative verification pathways for layers where public disclosure is unavailable

Output: Opacity map of the corporate chain + opacity layer count + commercial rationale assessment + alternative verification pathway recommendations for each opaque layer

Prompt 4: Round-Trip and Circular Fund Flow Detection

Analyze the following entity's financial flows for round-trip and circular fund flow patterns.

Entity: [name]
Financial data: [intercompany loan schedule / dividend payment records / royalty payment records / accounts payable extract — attach or paste]
Related party universe: [list all related entities and their jurisdictions]

Analysis required:
1. Trace all capital flows between entities in the structure: loans, equity contributions, dividends, royalties, management fees
2. Identify round-trip patterns: capital that originates from [country], routes through [offshore entity], and returns to [same or related party in country] as "foreign investment"
3. Identify circular flows: transactions where funds ultimately return to their originating entity through a chain of transfers with no economic value creation at intermediate steps
4. Flag pass-through entities: entities that receive inflows and immediately pass them on, retaining no meaningful spread or value
5. Assess the commercial substance of each identified flow — distinguish legitimate tax-efficient structures from flows with no business purpose other than fund movement

Output: Fund flow diagram + round-trip and circular flow identification + substance assessment per flow + risk rating + recommended investigation steps for flagged flows

Prompt 5: Shell Company Enhanced Due Diligence Request Package

Generate an enhanced due diligence request package for the following high-risk shell entities identified in our screening.

High-risk entities:
1. [Entity name] | Risk score: [X] | Key indicators: [address type / nominee directors / opacity jurisdiction]
2. [Repeat for each high-risk entity]

EDD request package for each entity:
1. Beneficial owner declaration: formal declaration identifying all natural persons owning or controlling above [X]%
2. Substance certification: confirmation of employees, physical office, and active business operations in the registered jurisdiction
3. Source of funds: documentation of the origin of capital held or channeled through the entity
4. Purpose statement: commercial rationale for the entity's existence and role in the structure
5. Director authorization: confirmation of nominee director status (if applicable) and identity of the principal on whose instructions the nominee acts

Output: Formatted EDD request letters for each entity + timeline expectations + escalation protocol if responses are not received or are unsatisfactory

14. AI Data Room Organization & Gap Identifier

Analyzes data room contents against deal-specific due diligence checklists — mapping provided documents to request categories, identifying missing materials, flagging contradictions between documents, and generating targeted follow-up requests with precise document specifications.

Pain Point & How COCO Solves It

The Pain: Poorly Organized Data Rooms Waste Analyst Time and Create Catastrophic Information Gaps

Virtual data rooms are the primary information delivery mechanism in M&A transactions, yet their quality varies enormously — and the cost of a poorly organized or incomplete data room falls almost entirely on the buyer's side. Sellers frequently populate data rooms by uploading historical files in their original folder structures, without organizing documents by due diligence category or ensuring that the documents they upload actually respond to the buyer's information requests. The result is a data room that may contain thousands of documents across dozens of folders — many mislabeled, many duplicative, many outdated — with no clear indication of which document responds to which due diligence request or whether any given category is complete. An analyst who must navigate this environment without AI assistance spends the majority of their engagement time on document retrieval and classification rather than on actual due diligence analysis.

The gap problem is at least as serious as the organization problem. Sellers routinely populate data rooms with documents that present the business favorably while omitting documents that create legal or financial risk: litigation files, regulatory correspondence, adverse audit findings, tax notices, and environmental assessments. A due diligence checklist may have 200 line items, but if only 150 are evidenced by uploaded documents, the analyst must identify exactly which 50 are missing and request them specifically — a task that requires simultaneously maintaining the complete list of expected deliverables, tracking what has been provided, and formulating precise follow-up requests that are specific enough to compel a meaningful response rather than another misdirected document upload. Without systematic gap tracking, material information requests are lost in the volume of the process.

The document contradiction problem adds another dimension of complexity. Due diligence review involves comparing information across multiple documents: financial statements, management accounts, tax filings, board minutes, and management presentations all purport to describe the same underlying reality, but inconsistencies between them may indicate accounting irregularities, selective disclosure, or straightforward error. An analyst reviewing each document individually may not identify a contradiction between the revenue disclosed in a management presentation and the revenue shown in the financial statements if those documents are reviewed by different team members on different days. Systematic cross-referencing across the data room requires a structured analytical approach that human teams, under timeline pressure, frequently fail to implement rigorously.

How COCO Solves It

Data Room Document Classification and Categorization: COCO organizes data room contents systematically:
- Ingests all documents in the data room and classifies each against a standard due diligence category taxonomy (corporate / financial / tax / legal / commercial / HR / IP / regulatory / real estate / insurance)
- Identifies document type for each file: financial statement / contract / regulatory correspondence / corporate filing / management presentation / technical report
- Maps each document to the relevant due diligence checklist item(s) it addresses, with confidence scoring
- Identifies duplicate and near-duplicate documents — same content uploaded under different names or in different folders
- Generates an organized due diligence document register replacing the seller's original folder structure with a category-based navigation system
Due Diligence Checklist Gap Analysis: COCO systematically identifies missing deliverables:
- Compares the mapped document coverage against the complete due diligence checklist line by line, identifying every item with no corresponding document in the data room
- Distinguishes between "clearly missing" items (checklist item with zero document response) and "partially addressed" items (documents present but likely incomplete — e.g., only two years of tax returns when five were requested)
- Prioritizes gaps by materiality: financial and legal gaps flagged as critical; commercial and HR gaps flagged as significant; administrative gaps flagged as low priority
- Generates a gap severity analysis based on the nature of the gap: missing key financial data vs. missing supporting schedules
- Maintains a running gap tracker that updates as new documents are uploaded to the data room throughout the deal process
Cross-Document Consistency and Contradiction Analysis: COCO identifies inconsistencies across data room materials:
- Cross-references revenue figures across financial statements, management accounts, board presentations, and tax filings — flags any numerical inconsistencies
- Compares headcount, payroll, and benefits data across HR records, financial statements, and management descriptions
- Identifies capital expenditure amounts that differ across capex schedules, cash flow statements, and fixed asset registers
- Reviews representations made in management presentations against documentation in the data room — flags any claims without documentary support
- Generates a contradiction register with the specific conflicting data points, documents involved, and an assessment of whether the discrepancy is likely to be material
Data Room Quality Assessment: COCO evaluates the overall completeness and reliability of the data room:
- Generates a data room quality score based on document completeness, organization, and internal consistency
- Identifies categories with systematically low completion rates that may indicate deliberate withholding rather than administrative oversight
- Flags documents uploaded in redacted form — specifically redactions that cover commercially or legally material information
- Identifies documents that appear to be drafts rather than executed versions — particularly for material contracts and financial statements
- Assesses the currency of financial information: how recent are the most recent management accounts, and are there any signs that financial information has been withheld to prevent pre-close monitoring of deteriorating performance
Follow-Up Request Drafting and Management: COCO automates the information request process:
- Generates specific, well-formed follow-up requests for each identified gap — naming the exact document type required, the period to be covered, and the specific information needed
- Batches follow-up requests by priority tier, enabling deal teams to submit critical requests first without overwhelming the data room process
- Tracks follow-up request status: which requests have been submitted, responded to, partially responded to, or ignored
- Escalates unanswered critical requests with draft reminder communications
- Generates a closing checklist confirmation: a final verification that all required materials have been received before clearing conditions to close
Data Room Management Report and Index: COCO produces a complete data room record:
- Generates a structured data room index with every document classified, categorized, and cross-referenced to checklist items — replacing the seller's original disorganized structure
- Produces a completeness dashboard showing, by due diligence category, what percentage of requested materials have been provided
- Creates a "document relied upon" table for deal closing that maps each key finding to its evidential source in the data room
- Generates a post-close data room archive package — complete, organized, and searchable — for ongoing reference during integration and regulatory review
- Documents all gaps, contradictions, and follow-up requests in a contemporaneous record that supports R&W insurance underwriting and legal file defense

Results & Who Benefits

Measurable Results

Document classification time: AI-powered data room classification and gap analysis completed in under 4 hours for a 2,000-document data room vs. 1–2 analyst weeks manually
Gap identification completeness: Systematic AI gap analysis identifies 91% of material missing document categories on initial review vs. 55% through traditional manual checklist tracking
Cross-document contradictions detected: AI consistency analysis identifies numerical contradictions across data room documents at a rate 6x higher than individual document review by separate team members
Follow-up request precision: AI-generated follow-up requests result in a 73% first-response adequate completion rate vs. 41% for generically worded manual requests
Data room processing capacity: COCO can process and classify a 5,000-document data room in under 24 hours, enabling analysts to begin substantive review faster and with a complete picture of what has been provided

Who Benefits

Due Diligence Analysts: Transform days of manual data room navigation into hours, with every document classified, every gap identified, and every follow-up request drafted automatically
M&A Legal Counsel: Receive a complete, categorized document index and contradiction register that enables immediate identification of the specific documents required for legal analysis
Investment Banks and Financial Advisors: Deliver faster, more comprehensive due diligence reports to clients by eliminating the document organization and gap-tracking burden from the analyst workflow
Sellers and Their Advisors: Proactively identify data room gaps before buyer teams do — reducing friction, accelerating the buyer's due diligence process, and reducing the risk of deal delay or price renegotiation based on information gaps

💡 Practical Prompts

Prompt 1: Data Room Document Classification and Index Generation

Classify and index the documents in the following data room.

Data room access: [provide document list or paste index, or attach document inventory]
Target entity: [name]
Due diligence purpose: [M&A acquisition / investment / financing / regulatory review]

Classification required for each document:
1. Due diligence category: [corporate / financial / tax / legal / commercial / HR / IP / regulatory / real estate / insurance]
2. Document type: [financial statement / contract / corporate filing / regulatory correspondence / management presentation / technical report]
3. Checklist item(s) addressed: map to our standard due diligence checklist [attach checklist]
4. Period covered (where applicable): [FY2022 / Q3 2024 / etc.]
5. Quality flags: [draft vs. executed / redacted / appears incomplete / duplicate of another document]

Output: Structured data room index (document name / category / type / checklist item(s) / period / quality flags) + duplicate document register + quality issues summary

Prompt 2: Due Diligence Gap Analysis

Identify gaps in the following data room relative to our due diligence checklist.

Due diligence checklist: [attach or paste full checklist]
Data room index: [attach classified index from prior analysis, or paste document list]

Gap analysis required:
1. For each checklist line item, identify whether the data room contains a responsive document
2. Classify each gap as: clearly missing / partially addressed / addressed (but possibly outdated) / satisfied
3. For each clearly missing item: confirm whether the document type is typically generated by the target's business
4. Prioritize gaps by category: financial (critical) / legal (critical) / tax (significant) / commercial (significant) / other
5. Identify any entire due diligence categories with systematically low coverage — potential sign of deliberate withholding

Output: Gap analysis table (checklist item / status / gap type / priority) + category coverage dashboard + commentary on categories with suspiciously low coverage

Prompt 3: Cross-Document Consistency Check

Perform a cross-document consistency check on the following key financial metrics.

Documents to cross-reference:
- Audited financial statements (FY2021, FY2022, FY2023): [attach or cite]
- Monthly management accounts (Jan 2023 – Dec 2023): [attach or cite]
- Management presentation (current): [attach or cite]
- Tax returns (FY2021, FY2022, FY2023): [attach or cite]
- Board minutes (past 2 years): [attach or cite]

Cross-reference the following metrics across all available documents:
1. Annual revenue: confirm figures are consistent across audited accounts, management accounts, tax returns, and management presentation
2. EBITDA / operating profit: confirm consistency and identify adjustments made in management presentation that are not reflected in audited accounts
3. Headcount: cross-check HR records, payroll data, and management presentation
4. Total debt and cash: confirm balance sheet figures against board minutes and management presentation
5. Capital expenditure: cross-check cash flow statement, capex schedule, and management description of investments

Output: Consistency matrix (metric × document × reported figure) + contradiction register + materiality assessment for each discrepancy

Prompt 4: Targeted Follow-Up Information Request Generation

Generate specific follow-up information requests for the following data room gaps.

Outstanding gaps identified:
1. Category: [Tax] | Missing item: [Corporate income tax returns for FY2021 and FY2022] | Checklist reference: [Tax #3]
2. Category: [Legal] | Missing item: [All litigation pleadings and court filings for the [specific] lawsuit identified in the financial statement footnotes] | Checklist reference: [Legal #12]
3. [Repeat for each gap]

For each request, generate:
1. A precisely worded document request specifying the exact document type, entity, period, and format required
2. A brief explanation of why the document is needed (to include in the formal request to the seller's counsel)
3. Priority level: immediate (required within 48 hours) / standard (required within 5 business days) / background (required before closing)
4. Escalation note: flag any requests where non-response may require deal team escalation or warranty protection

Output: Formatted follow-up request letter with all requests organized by priority tier + tracking register (request # / item / sent date / due date / response status)

Prompt 5: Data Room Completeness Certification for Closing

Generate a data room completeness certification confirming that all required materials have been received before closing.

Due diligence checklist: [attach]
Final data room index: [attach]
Outstanding waivers or escrow carve-outs agreed for unresolved items: [list]

Certification content:
1. Confirm that all critical checklist items have been addressed by documents in the data room — reference specific documents for each
2. List any items that remain outstanding, with explanation of why a waiver or escrow treatment was agreed
3. Confirm that no documents relied upon in the due diligence reports contain known material contradictions that were not resolved
4. State the date through which the data room was reviewed and confirm no material adverse developments were identified in that review
5. List any documents received after the initial due diligence cutoff date and confirm their review status

Output: Formal data room completeness certification memo + final outstanding items register + document relied upon table for deal file

15. AI Cross-Border M&A Regulatory Risk Mapper

Maps all merger control, foreign investment screening, sector-specific regulatory approval, and change-of-control consent requirements triggered by a cross-border transaction — generating a jurisdiction-by-jurisdiction approval roadmap with timeline and strategy recommendations.

Pain Point & How COCO Solves It

The Pain: Unidentified Regulatory Approval Requirements Delay or Block Transactions at the Most Costly Stage

Regulatory approval management is the single most complex coordination challenge in cross-border M&A, and the consequences of mismanaging it are severe: a transaction that reaches signing without a complete regulatory approval roadmap may close months later than planned — or not close at all. The global regulatory environment for M&A has become dramatically more demanding over the past decade. Merger control regimes that once required notification only in a handful of major jurisdictions have proliferated to over 130 countries with active pre-merger filing requirements. Foreign investment screening regimes — the United States' CFIUS, the European Union's FDI screening framework, and equivalent national regimes in the UK (NSI Act), Germany (AWV/AWG), China (SAMR), Australia (FIRB), and India — have expanded their jurisdictional scope and lengthened their review timelines in response to geopolitical concerns about strategic asset ownership. A transaction involving any element of critical infrastructure, technology, natural resources, financial services, or defense-adjacent business may face national security review in multiple jurisdictions simultaneously — and each review is independent, with different standards, different timelines, and different political sensitivities.

The mapping problem begins with the threshold analysis. Merger control notification obligations are triggered by financial thresholds — turnover, transaction value, market share — that differ across jurisdictions, are calculated on different bases, and may require notification in jurisdictions where neither party has significant operations but where the target has customers, employees, or assets above the applicable threshold. A deal team that applies US HSR and EU EUMR analysis without checking the other 90+ active merger control regimes misses the jurisdictions where, in an increasing number of cases, the deal is most likely to face substantive competition concerns or populist political opposition. Similarly, foreign investment screening is triggered by complex combinations of acquirer nationality, target industry classification, asset location, and transaction value that vary across every jurisdiction — and the penalties for completing a notifiable transaction without clearance range from fines to mandatory divestiture.

The change-of-control consent landscape adds a third dimension of complexity. Material contracts — credit agreements, operating licenses, key commercial contracts, real property leases, government concession agreements — frequently contain change-of-control provisions requiring counterparty consent before an acquisition can close. Identifying all such provisions across the target's contract universe, prioritizing which consents are actually required vs. which counterparties are unlikely to exercise their rights, and managing the consent solicitation process within the deal timeline requires systematic contract review and a structured prioritization framework. Missing a required consent in a material government contract can trigger immediate termination of a revenue stream that drove the deal's investment thesis — a risk that is entirely preventable with adequate pre-signing analysis.

How COCO Solves It

Global Merger Control Filing Requirement Analysis: COCO maps all merger control notification obligations:
- Analyzes the transaction against notification thresholds in 100+ jurisdictions using the parties' reported revenues, employee counts, asset values, and market shares by country
- Identifies all jurisdictions where pre-merger notification is mandatory, conditional, or voluntary but strategically advisable
- Calculates applicable waiting periods for each required notification and identifies any jurisdictions with extended second-phase review timelines
- Flags jurisdictions with national security–adjacent merger control review powers that could extend beyond standard competition review
- Generates a consolidated filing requirement register with notification type, threshold basis, filing deadline, standard waiting period, and strategic risk assessment for each jurisdiction
Foreign Investment Screening Obligation Identification: COCO analyzes all applicable FDI review regimes:
- Identifies the acquirer's nationality and ownership chain to determine which national security review regimes are triggered (CFIUS for US-controlled acquirers / EU coordinated screening / national regimes)
- Classifies the target's business activities against jurisdiction-specific covered sector definitions: critical infrastructure, critical technology, sensitive data, defense supply chain, and equivalent national security classifications
- Analyzes the target's physical assets, facilities, and employee locations relative to proximity requirements (e.g., facilities near military installations trigger CFIUS mandatory review under certain acquirer profiles)
- Reviews recent enforcement precedents in each applicable review jurisdiction to assess the probability of mitigation agreements (MNSAs), conditions, or prohibition recommendations for the specific deal profile
- Generates a jurisdiction-by-jurisdiction FDI risk assessment with clearance probability, expected mitigation requirements, and strategic structuring recommendations
Change-of-Control Consent Mapping: COCO identifies all required counterparty consents:
- Reviews the target's material contracts for change-of-control provisions — triggers, consent procedures, and termination rights
- Prioritizes contracts by revenue significance, relationship criticality, and counterparty likelihood to exercise consent rights
- Identifies government contracts and concession agreements with mandatory change-of-control notification requirements
- Analyzes debt instruments (credit agreements, bond indentures) for change-of-control covenants and put rights
- Generates a consent matrix showing every counterparty with consent rights, the applicable contract, the consequence of non-compliance, and a recommended outreach timeline
Sector-Specific Regulatory Approval Analysis: COCO identifies non-merger-control regulatory approvals:
- Identifies all sector-specific change-of-control approvals required in regulated industries: banking and financial services (OCC, Federal Reserve, ECB/national bank regulators), insurance (state DOI, Lloyd's), telecommunications (FCC, national telecom regulators), healthcare, pharmaceutical, energy, and gaming
- Analyzes the jurisdiction-by-jurisdiction regulatory approval timeline and information requirements for each applicable sector regulator
- Identifies any "fit and proper" requirements applicable to the acquirer or its key executives under financial services or other regulated sector approvals
- Flags jurisdictions where regulatory approval applications require extensive documentation — business plans, financial projections, ownership structure disclosure — that must be prepared simultaneously with other deal workstreams
- Summarizes the most critical path regulatory approvals and their impact on the overall transaction timeline
Regulatory Risk and Timeline Modeling: COCO builds a realistic transaction timeline:
- Constructs a critical path analysis showing the regulatory approvals with the longest timelines and the greatest probability of delay
- Models best-case, base-case, and worst-case transaction timelines under different regulatory outcome scenarios (clearance without conditions / clearance with remedies / extended review / prohibition)
- Identifies parallel processing opportunities: regulatory filings that can be submitted simultaneously to minimize total elapsed time
- Flags pre-filing engagement opportunities: jurisdictions where informal pre-filing discussions with regulators can reduce review uncertainty and timeline risk
- Generates a deal structure recommendation: whether the proposed structure optimizes regulatory clearance probability, and whether alternative structures could reduce regulatory risk at acceptable commercial cost
Regulatory Approval Roadmap and Management Report: COCO delivers a comprehensive approval management deliverable:
- Produces a visual regulatory approval roadmap — a Gantt chart showing every required filing, its timeline, predecessor dependencies, and critical path relationship
- Generates jurisdiction-by-jurisdiction filing strategy memos summarizing submission requirements, local counsel coordination needs, and regulator-specific strategic considerations
- Creates a regulatory risk register rating each jurisdiction by probability of delay, probability of prohibition, and potential deal impact
- Drafts a regulatory announcement strategy: the sequence and timing of public announcements required to satisfy legal obligations without prejudicing regulatory review
- Summarizes total estimated regulatory approval cost (filing fees, local counsel, expert witnesses) across all jurisdictions

Results & Who Benefits

Measurable Results

Filing requirement identification completeness: AI-assisted mapping identifies 100% of mandatory merger control filings vs. an estimated 65% when deal teams rely on familiarity with major jurisdictions only
FDI screening risk identification: National security review obligation identified in 37% of cross-border tech and infrastructure acquisitions that were not initially flagged by deal teams as FDI-sensitive
Change-of-control consent coverage: AI contract review identifies change-of-control provisions in 94% of material contracts vs. 60% through targeted manual search under deal timeline pressure
Transaction timeline accuracy: AI-generated regulatory timeline models predict actual clearance timelines within ±3 weeks in 78% of tracked transactions vs. deal team estimates that were off by more than 2 months in 44% of cases
Regulatory preparation time savings: Complete cross-border regulatory mapping delivered in 2–3 business days vs. 4–8 weeks for multi-jurisdiction legal advisor coordination

Who Benefits

Due Diligence Analysts: Produce a comprehensive regulatory approval roadmap without personally maintaining expertise in 100+ merger control regimes and 40+ FDI screening frameworks
M&A Deal Teams and Investment Banks: Price regulatory risk accurately into deal terms — including MAC provisions, outside date structuring, and regulatory risk allocation — before signing rather than discovering filing obligations post-announcement
Antitrust and Regulatory Counsel: Receive a pre-built jurisdiction identification and filing threshold analysis that allows them to focus on substantive competition law and national security strategy rather than threshold mapping
Transaction Management Offices: Manage the regulatory approval process against a complete, AI-generated roadmap with dependencies, critical path identification, and timeline modeling — rather than assembling the roadmap incrementally as obligations become apparent

💡 Practical Prompts

Prompt 1: Global Merger Control Filing Obligation Analysis

Identify all merger control notification obligations for the following transaction.

Transaction: [acquisition of / merger with] [target entity name]
Acquirer: [name, country of incorporation, ultimate parent group]
Target: [name, country of incorporation]
Transaction value: [$amount]

Parties' financials by jurisdiction (provide for both acquirer and target):
- Country: [list] | Revenue: [$amount] | Employees: [number] | Assets: [$amount]

Analysis required:
1. Screen the transaction against notification thresholds in all 100+ jurisdictions with active merger control regimes
2. For each jurisdiction where filing is required: specify the applicable threshold, filing type (mandatory / voluntary), pre-close waiting period, and filing authority
3. Flag any jurisdictions where a second-phase investigation is plausible based on market share overlap
4. Identify any jurisdictions where the transaction value trigger applies even without local revenue (e.g., US HSR value-of-transaction threshold, Germany Section 35 value threshold)
5. Estimate total filing fees and approximate timeline for all required filings

Output: Merger control filing register (jurisdiction / threshold basis / filing type / waiting period / priority) + critical path analysis for longest-timeline jurisdictions

Prompt 2: CFIUS and Foreign Investment Screening Analysis

Analyze the following transaction for foreign investment screening obligations.

Acquirer: [name, country of incorporation, ultimate beneficial owner nationality]
Target: [name, US/country operations description]
Target's business activities: [describe — focus on technology, data, critical infrastructure, defense supply chain]
Transaction structure: [full acquisition / partial investment / joint venture]
Acquirer's ownership: [% stake being acquired]

FDI screening analysis:
1. CFIUS (US): assess whether the transaction constitutes a covered transaction — identify TID US business, sensitive data, or critical infrastructure nexus; assess whether mandatory declaration filing is required
2. European FDI screening: identify EU member states with applicable screening regimes and assess coverage for the target's sector and acquirer's nationality
3. UK NSI Act: assess whether any of the 17 sensitive sectors are present; confirm whether mandatory notification applies
4. Other applicable regimes: [Germany / Australia / India / Japan / Canada — as applicable]
5. National security risk profile: assess the probability of a mitigation agreement requirement or prohibition based on comparable precedents

Output: FDI screening obligation analysis per jurisdiction + clearance probability assessment + recommended structuring options to reduce national security review risk

Prompt 3: Change-of-Control Consent Matrix

Identify all change-of-control consent requirements in the following contract universe.

Entity: [name]
Contract categories to review:
- Material commercial contracts: [list of key customer and supplier contracts, or attach index]
- Debt instruments: [credit agreements, bond indentures — attach or cite]
- Real property leases: [attach or cite key leases]
- Government contracts and licenses: [attach or cite]
- Operating licenses: [list licensed activities and jurisdictions]

For each contract/license:
1. Identify whether a change-of-control provision is present
2. Describe the trigger: [change of direct ownership / ultimate parent change / any transfer of control]
3. Describe the remedy: [consent required / notice required / right of termination / put right / other]
4. Assess likelihood of counterparty exercising consent right — based on relationship importance, commercial leverage, and market conditions
5. Identify the timeline for obtaining consent (if required) relative to the expected closing date

Output: Change-of-control consent matrix (contract / provision / trigger / remedy / consent likelihood / timeline) + critical path consents requiring immediate outreach + recommended consent management approach

Prompt 4: Regulatory Approval Critical Path Analysis

Build a regulatory approval critical path for the following cross-border transaction.

Transaction: [description]
Required approvals identified:
1. [Merger control filing] | Jurisdiction: [country] | Waiting period: [X weeks] | Second-phase risk: [low/medium/high]
2. [CFIUS review] | Expected duration: [X weeks] | Clearance probability: [%]
3. [Sector regulator approval] | Regulator: [name] | Jurisdiction: [country] | Expected timeline: [X months]
4. [Change-of-control consents] | Counterparties: [list] | Timeline: [X weeks]

Critical path analysis required:
1. Plot each approval on a timeline with start date, estimated duration, and latest acceptable end date relative to target closing date
2. Identify the single longest critical path — the sequential combination of approvals determining the earliest possible closing date
3. Identify parallel processing opportunities: approvals that can be filed simultaneously to minimize elapsed time
4. Model best-case (all approvals at standard timeline) / base-case / worst-case (extended review in the most complex jurisdictions) closing dates
5. Identify pre-filing engagement opportunities that can reduce the longest-timeline approvals

Output: Visual Gantt chart regulatory roadmap + critical path identification + scenario-based closing date range + pre-filing engagement recommendations

Prompt 5: Regulatory Risk Allocation and Deal Term Recommendations

Generate regulatory risk allocation recommendations for the following transaction based on the identified regulatory approval profile.

Transaction: [description]
Regulatory risks identified: [paste regulatory assessment summary]
Target closing date: [date]
Parties' respective regulatory risk tolerance: [describe acquirer and target positions]

Recommendations required:
1. Outside date: recommended outside date based on worst-case regulatory timeline, with extension mechanisms for specific scenarios (second-phase review, remedies negotiation)
2. MAC definition: whether regulatory approval failure should constitute a MAC and on whose risk it falls
3. Hell-or-high-water obligations: should the acquirer commit to accepting all regulatory conditions, or carve out conditions that would materially impair the business?
4. Reverse termination fee: appropriate sizing and trigger events based on the probability of regulatory failure
5. Pre-closing regulatory conduct covenants: obligations on both parties to cooperate with regulatory authorities and manage the approval process

Output: Deal term recommendations matrix (provision / recommended language / rationale / party whose risk it addresses) + sensitivity analysis on reverse termination fee sizing

16. AI Supplier Integrity & Third-Party Risk Profiler

Screens the target entity's supplier and vendor base for financial instability, sanctions exposure, corruption risk, and contract concentration — identifying supply chain vulnerabilities that create operational continuity and compliance risk post-acquisition.

Pain Point & How COCO Solves It

The Pain: Undisclosed Supply Chain Vulnerabilities Destroy Post-Acquisition Operating Performance

Acquirers who focus their due diligence on financial statements and corporate structure frequently discover post-close that the business's operational resilience depends critically on supplier relationships that were never properly evaluated. A target company's cost structure may appear robust in its reported financials, but those financials are the product of a supply chain that could be highly concentrated — with three or four suppliers providing 70% of raw materials, components, or services, each of which may have financial vulnerabilities, compliance problems, or contractual terms that do not survive a change of control. When a key supplier discovers that its commercial counterparty has been acquired by a competitor, a private equity firm with a difficult reputation, or a foreign entity that creates compliance concerns, it may exercise contractual termination rights, renegotiate pricing dramatically, or simply reduce service quality — and the new owner inherits an operating problem that was never visible in the pre-close financial data.

The compliance dimension of supplier risk is equally significant and increasingly regulated. Supply chain compliance obligations under the UK Modern Slavery Act, the German Supply Chain Due Diligence Act (LkSG), the US Uyghur Forced Labor Prevention Act (UFLPA), the EU Corporate Sustainability Due Diligence Directive (CSDDD), and equivalent legislation in France, Netherlands, and Norway impose obligations on companies to conduct due diligence on their suppliers' labor practices, environmental standards, and human rights performance. An acquirer who inherits a target with suppliers in high-risk jurisdictions — where forced labor, child labor, or severe environmental violations are documented — faces not only reputational risk but import prohibition, regulatory investigation, and civil liability exposure. In the current regulatory environment, these obligations extend two or three tiers deep into the supply chain, making superficial first-tier supplier review insufficient as a compliance matter.

The financial stability of key suppliers represents a third risk dimension that is almost never analyzed in standard due diligence. A single-source supplier that is itself financially distressed — carrying excess leverage, facing covenant pressure, or operating near insolvency — creates a supply continuity risk that can materialize suddenly and without warning. A supplier bankruptcy or sudden capacity withdrawal leaves the acquirer's business unable to fulfill customer orders, violating its own commercial contracts and triggering its own cascading defaults. This risk is particularly acute in sectors with long lead times, specialized components, or highly skilled labor where qualified alternative suppliers cannot be engaged quickly. Identifying financially vulnerable suppliers before close enables the acquirer to pre-qualify alternative sources or negotiate supply agreement terms that provide early warning and mitigation rights.

How COCO Solves It

Supplier Universe Identification and Concentration Analysis: COCO builds a complete supplier risk map:
- Extracts the full supplier and vendor universe from accounts payable records, purchase order data, and contract registers
- Calculates spend concentration by supplier, category, and geography — identifying single-source suppliers and high-concentration vendor relationships
- Maps supplier relationships to business-critical functions: which products or services would be immediately unavailable if a given supplier failed or terminated the relationship
- Identifies suppliers providing services with long lead times or unique technical capabilities where alternative sourcing is complex
- Generates a Pareto analysis: the 20% of suppliers that represent 80% of critical supply risk by spend and operational dependency
Financial Stability Screening of Key Suppliers: COCO assesses supplier financial health:
- Applies financial distress screening (Altman Z-Score, payment behavior indicators, publicly available credit data) to the highest-concentration suppliers
- Identifies suppliers with publicly disclosed financial difficulties: covenant defaults, credit rating downgrades, auditor going-concern opinions, or news of financial distress
- Reviews supplier payment behavior data (where available) for indicators of cash pressure: requesting extended payment terms, offering early payment discounts, or delaying shipments pending payment
- Identifies privately held suppliers where financial data is limited and recommends enhanced information requests or alternative financial health indicators
- Generates a financial stability risk score for each high-concentration supplier with supporting evidence
Sanctions, Debarment, and Regulatory Compliance Screening: COCO screens the supplier base for compliance risk:
- Screens all identified suppliers against OFAC, EU, UN, and national sanctions lists — with alias and transliteration matching for suppliers in high-risk geographies
- Checks suppliers against US and international government contractor debarment and suspension databases
- Identifies suppliers in jurisdictions subject to import/export restrictions, embargo regimes, or heightened AML/CFT country risk
- Flags suppliers with adverse regulatory history: environmental violations, labor law violations, product safety recalls, or quality fraud investigations
- Generates a per-supplier compliance risk profile with sanctions exposure, regulatory history, and jurisdictional risk rating
Supply Chain Human Rights and Labor Compliance Assessment: COCO evaluates supply chain ESG risk:
- Identifies suppliers operating in or sourcing from jurisdictions with documented forced labor, child labor, or severe labor rights violations
- Cross-references supplier geographies and industry sectors against US UFLPA entity list, OECD guidelines non-compliant sector lists, and published forced labor risk geographies
- Reviews the target's existing supplier code of conduct, audit requirements, and modern slavery reporting for coverage and implementation quality
- Identifies material gaps between the target's stated supply chain compliance program and the actual supplier risk profile identified
- Generates a supply chain human rights risk register rated by severity, regulatory exposure, and remediation urgency
Contract Change-of-Control and Termination Risk Analysis: COCO identifies supplier contract vulnerabilities:
- Reviews material supplier contracts for change-of-control provisions that give suppliers termination or renegotiation rights on acquisition
- Identifies exclusive supply arrangements and single-source agreements that may be disrupted if suppliers exercise change-of-control rights
- Flags supplier contracts with pricing escalation clauses tied to ownership changes or competitive bidding triggers
- Identifies agreements with minimum purchase commitments that will continue to bind the acquirer post-close
- Prioritizes suppliers likely to exercise change-of-control rights based on commercial leverage, competitive dynamics, and the acquirer's strategic profile
Third-Party Risk Report and Post-Close Vendor Management Roadmap: COCO delivers structured findings:
- Generates a comprehensive supplier risk register with financial stability scores, compliance findings, and contract vulnerability flags for all material suppliers
- Produces a supply chain concentration analysis with single-source risk mapping and alternative sourcing recommendations for critical categories
- Drafts a post-close supplier engagement plan: which suppliers require immediate relationship management attention, contract renegotiation, or audit
- Creates a supply chain compliance enhancement roadmap aligned with CSDDD, LkSG, and UFLPA requirements
- Summarizes total supply chain risk exposure for deal team decision-making and deal structuring recommendations

Results & Who Benefits

Measurable Results

Supplier concentration risk identification: AI spend analysis identifies dangerous single-source supplier concentrations (above 40% of category spend) in 61% of manufacturing and product-based acquisitions reviewed
Sanctioned supplier detection: Systematic sanctions screening of the supplier base identifies sanctioned or restricted suppliers in 8% of cross-border acquisitions where supplier screening was not previously conducted
Financial distress detection: AI financial stability screening identifies financially distressed key suppliers in 17% of deals, with average potential disruption impact of $4.2M revenue-at-risk per distressed supplier identified
Supply chain labor risk identification: Human rights and forced labor risk assessment identifies material supply chain exposure in 44% of manufacturing deals involving sourcing from high-risk regions
Post-close operational disruption rate: Acquirers using AI-assisted supplier due diligence experience 38% fewer post-close supplier-related operational disruptions in the first 12 months

Who Benefits

Due Diligence Analysts: Screen the entire supplier universe for financial, compliance, and operational risk without manually searching dozens of databases for thousands of vendors
Supply Chain and Procurement Teams: Receive a complete supplier risk map and post-close vendor management roadmap at deal close, enabling immediate action on the highest-risk supplier relationships
ESG and Sustainability Teams: Assess supply chain human rights and labor compliance obligations before close, enabling pre-close remediation planning and regulatory disclosure preparation
Post-Close Integration Teams: Use AI-generated supplier risk prioritization to allocate limited post-close integration resources to the supplier relationships most likely to create operational disruption

💡 Practical Prompts

Prompt 1: Supplier Universe Mapping and Concentration Analysis

Map the supplier universe of the following entity and identify supply chain concentration risks.

Entity: [name]
Financial data available: [accounts payable extract / purchase order data / contract register — attach or specify]
Review period: [most recent 12 months / fiscal year]

Analysis required:
1. Extract all suppliers with annual spend above [$threshold] and calculate percentage of total supply chain spend
2. Build a Pareto analysis: identify the suppliers comprising the top 80% of total spend
3. Identify single-source suppliers: any product or service category with only one approved supplier
4. Map operational criticality: for each high-spend or single-source supplier, assess the business impact if that supplier became unavailable within [30 / 60 / 90] days
5. Identify geographic concentration: are key suppliers clustered in a jurisdiction exposed to geopolitical, regulatory, or natural disaster risk?

Output: Supplier concentration analysis table + single-source risk register + operational criticality map + concentration risk summary (which supplier failures create immediate business interruption)

Prompt 2: Key Supplier Financial Stability Screening

Assess the financial stability of the following key suppliers.

Suppliers to assess:
1. Supplier name: [name] | Country: [country] | Annual spend: [$amount] | Publicly listed: [yes/no]
2. [Repeat for each key supplier]

Assessment required for each supplier:
1. Altman Z-Score (or equivalent private company distress score) based on available financial data
2. Credit rating and recent rating actions (if rated)
3. Adverse news: any published reports of financial distress, payment problems, or strategic uncertainty
4. Ownership and leverage: recent acquisitions or leveraged buyouts that may have increased debt burden
5. Payment behavior indicators: any reports of late payments, customer complaints, or reduced service delivery

Output: Per-supplier financial health scorecard (score / risk category / supporting evidence) + highest-risk suppliers requiring pre-close contingency planning + recommended alternative sourcing strategies

Prompt 3: Supplier Compliance and Sanctions Screening

Screen the following suppliers for compliance and sanctions risks.

Supplier list: [provide full list of suppliers to screen, with country of operation for each]
Compliance risk focus: [sanctions / debarment / environmental violations / labor violations / product safety / all]

Screening required for each supplier:
1. Sanctions screening: OFAC, EU, UN, HMT, and relevant national lists — with alias matching for suppliers in high-risk geographies
2. Debarment screening: US SAM.gov exclusions, EU procurement debarment, World Bank debarment list
3. Regulatory violations: environmental, labor law, and product safety enforcement actions — search relevant regulatory agency databases
4. Adverse media: financial crime, bribery, corruption, forced labor allegations — past 5 years
5. Country risk: assess the regulatory and political risk of the supplier's country of operation

Output: Per-supplier compliance screening report + risk tier (low / medium / high / critical) + recommended actions for medium-risk and above findings (enhanced diligence / contractual protections / alternative sourcing)

Prompt 4: Supply Chain Human Rights and Modern Slavery Risk Assessment

Assess the human rights and modern slavery risk profile of the following supply chain.

Entity: [company name]
Supply chain summary: [list key suppliers with country of origin and product/service category]
Industry sector: [manufacturing / apparel / electronics / food & agriculture / mining / other]
Regulatory obligations: [UK Modern Slavery Act / German LkSG / EU CSDDD / US UFLPA / other]

Assessment required:
1. Identify suppliers in or sourcing from high-risk jurisdictions for forced labor (using OECD due diligence guidance, UFLPA entity lists, and published risk geographies)
2. Cross-reference against US UFLPA entity list for any suppliers operating in Xinjiang or connected to identified supply chains
3. Review the target's modern slavery statement, supplier code of conduct, and audit procedures for adequacy
4. Identify the most significant gaps between documented compliance program and actual supply chain risk profile
5. Estimate regulatory exposure: import bans, mandatory disclosure obligations, and civil liability risk

Output: Supply chain human rights risk map + UFLPA exposure assessment + compliance program gap analysis + remediation roadmap aligned with applicable legal frameworks

Prompt 5: Supplier Contract Change-of-Control Risk Analysis

Identify and analyze change-of-control provisions in the following material supplier contracts.

Entity: [name]
Material supplier contracts: [provide contract list or attach contracts]

For each contract:
1. Identify whether a change-of-control provision is present and its trigger definition (any transfer of control / majority ownership change / ultimate parent change)
2. Describe the supplier's right upon trigger: termination right / renegotiation right / price increase right / exclusivity termination
3. Assess the supplier's likelihood of exercising their rights based on: commercial leverage, relationship quality, competitive dynamics, and acquirer's strategic profile
4. Estimate the financial impact if the supplier exercises their rights: lost supply / price increase / re-sourcing cost
5. Identify pre-close consent requirements and recommend a supplier outreach strategy

Output: Supplier change-of-control consent matrix (supplier / provision / trigger / remedy / exercise probability / financial impact) + priority outreach list + consent solicitation strategy

17. AI Investment Target Red Flag Screener

Applies a comprehensive red flag framework to investment targets in the pre-LOI phase — identifying structural, financial, legal, and reputational concerns that should inform go/no-go decisions and negotiating position before significant diligence investment is made.

Pain Point & How COCO Solves It

The Pain: Costly Full Due Diligence Is Frequently Invested in Targets That Should Have Been Screened Out Earlier

The traditional M&A due diligence funnel is structurally inefficient: deal teams often invest weeks of expensive legal, financial, and technical due diligence in targets that could have been identified as problematic — or even disqualifying — through a rapid pre-LOI screening process. The typical deal process moves from initial management presentation to letter of intent to full due diligence without an intermediate screening step that applies the most common deal-killing criteria systematically. By the time a full quality of earnings, legal review, and compliance assessment is underway, the deal team has committed significant resources, the seller has expectations, and there is institutional momentum toward completing the transaction. Discoveries that emerge late in full due diligence — a sanctioned UBO, a history of financial restatements, an ongoing regulatory investigation, a concentrated customer base with concentration above 60% — are exponentially more difficult to act on than the same discoveries made in a pre-LOI screen.

The pattern of late-stage deal termination is well-documented and economically costly. In private equity, approximately 30% of transactions that reach full due diligence are eventually abandoned — and the majority of those terminations involve risk factors that, in retrospect, produced early signals detectable through better pre-LOI screening. The cost of each abandoned full-diligence process runs to hundreds of thousands of dollars in advisor fees, management time, and opportunity cost — resources that could have been redirected to higher-quality opportunities. The problem is that pre-LOI screening has traditionally been a qualitative assessment based on the information available in management presentations and financial summaries, which are curated by the seller to present the business favorably. Without AI-assisted independent data gathering and red flag pattern recognition, pre-LOI screening catches only what the seller wants the buyer to see.

The red flag indicators that most commonly predict deal failure or material purchase price reduction fall into recognizable categories: financial irregularities (revenue concentration, margin volatility, cash flow quality gaps), structural complexity (opaque ownership, offshore shells, nominee directors), legal and regulatory history (enforcement actions, serial litigation, compliance program failures), personnel integrity risks (undisclosed executive misconduct, sanctions-connected shareholders), and commercial fragility (customer concentration, key person dependency, contract term exposure). A systematic, AI-driven screen against these categories — applied to every target before LOI issuance — would enable deal teams to redirect resources to high-quality opportunities and enter full due diligence with a pre-identified risk map rather than discovering the landscape from scratch.

How COCO Solves It

Rapid Financial Red Flag Detection: COCO identifies financial risk signals from available pre-LOI data:
- Analyzes management accounts, investor presentations, or CIM financial summaries for revenue concentration (top customer as % of total), margin volatility, and cash flow quality signals
- Identifies revenue recognition patterns that are inconsistent with the claimed business model — particularly in SaaS, services, and subscription businesses
- Flags EBITDA adjustments that appear excessive relative to revenue — a potential indicator of reported earnings being materially above true economic earnings
- Identifies financial disclosure gaps: what material financial information is not provided in the management presentation, and why
- Cross-references any publicly available financial information (Companies House filings, SEC filings if public, credit rating reports) against management-presented metrics for consistency
Corporate Structure and Ownership Red Flag Screening: COCO identifies structural concerns:
- Performs rapid corporate registry queries to verify the described ownership structure and identify any immediate discrepancies
- Flags offshore holding structures in secrecy jurisdictions that indicate deliberate opacity — Cayman, BVI, Marshall Islands structures without apparent commercial rationale
- Identifies nominee directors in the corporate structure and scores the structure on a nominee concentration basis
- Checks the beneficial ownership register for the jurisdiction of incorporation and flags any undisclosed beneficial owners
- Identifies any prior corporate names or predecessor entities with adverse history that would not surface under the current entity name
Regulatory and Enforcement History Rapid Screen: COCO checks for legal and regulatory red flags:
- Runs a rapid regulatory enforcement database search across SEC, DOJ, FCA, and equivalent agencies for any enforcement actions naming the entity or its principals
- Identifies any ongoing regulatory investigations referenced in publicly available court documents or news sources
- Checks business licensing and debarment databases for any license suspensions, revocations, or government contractor exclusions
- Flags industry-specific compliance concerns: FCPA exposure in high-corruption markets, environmental violations in manufacturing, data privacy enforcement in technology
- Identifies any auditor qualifications, restatements, or audit firm changes in recent financial history
Key Personnel Integrity Rapid Screen: COCO screens principals for undisclosed adverse history:
- Performs a rapid background screen on the CEO, CFO, and founding shareholders — regulatory bars, professional sanctions, and adverse media
- Identifies any undisclosed criminal records or civil judgments against key principals through court database queries
- Checks key executives against sanctions and PEP databases
- Reviews disclosed professional history for unexplained gaps, rapid employer changes, or departures from prior employers coincident with regulatory events
- Flags any principals who appear in adverse media coverage related to financial misconduct, fraud, or significant disputes at prior employers
Reputational and Adverse Media Screen: COCO conducts a rapid reputational assessment:
- Runs a comprehensive adverse media search across global news sources in 40+ languages for the entity and all key principals
- Applies AI semantic analysis to distinguish material adverse coverage (fraud allegations, regulatory investigations, significant commercial disputes) from routine negative press
- Identifies customer complaints, employee review patterns, and social media signals that may indicate quality, culture, or governance concerns not visible in financial data
- Checks industry-specific reputation databases and trade association complaints for sectors with self-regulatory oversight
- Generates a reputational risk rating with supporting evidence and significance classification
Red Flag Report and Pre-LOI Decision Support: COCO delivers a structured pre-LOI assessment:
- Generates a consolidated red flag report organized by category (financial / structural / regulatory / personnel / reputational) with severity ratings
- Produces a go/no-go recommendation framework: identifies which flags are potential deal-killers, which require full diligence investigation, and which can be addressed through deal structuring
- Creates a pre-LOI negotiating position: which conditions, representations, or price adjustments should be incorporated into the LOI based on identified red flags
- Drafts a prioritized full due diligence scope: which red flag categories require deepest investigation, calibrated to reduce the most material risks first
- Summarizes the overall pre-LOI risk profile in an investment committee format: the three most significant risks, the probability of a material adverse finding in each, and the recommended next steps

Results & Who Benefits

Measurable Results

Early deal-killer identification rate: AI pre-LOI screening identifies disqualifying red flags in 22% of screened targets, on average — opportunities redirected before full due diligence investment
Full diligence scope optimization: Red flag pre-screening enables deal teams to focus full due diligence on the top 3–5 risk areas rather than uniform coverage, reducing total diligence cost by an estimated 35%
Pre-LOI screen turnaround: Comprehensive red flag screen completed in 4–8 hours for a single target, enabling rapid assessment across a large deal pipeline
Price adjustment capture: Pre-LOI red flag identification leads to purchase price adjustments averaging 8–12% in transactions where risks are identified but the deal proceeds — representing direct economic return on screening cost
Abandoned deal cost avoidance: Organizations using pre-LOI AI screening estimate $400K–$800K per year in avoided full diligence cost on targets that would ultimately have been abandoned

Who Benefits

Due Diligence Analysts: Conduct a structured, comprehensive pre-LOI screen in hours rather than days — enabling evaluation of a larger deal pipeline without proportional resource increase
Private Equity and Corporate Development Teams: Allocate full due diligence resources to the highest-quality opportunities in the pipeline, with pre-qualified risk maps guiding focus rather than starting from scratch
Investment Banks and M&A Advisors: Provide clients with a rapid, systematic pre-LOI risk assessment as part of deal origination services — differentiating from advisory firms that rely solely on management-curated information
Portfolio Company Acquisition Teams: Screen bolt-on acquisition targets against the acquirer's specific risk appetite and post-close integration requirements before committing legal and financial advisor resources

💡 Practical Prompts

Prompt 1: Pre-LOI Red Flag Screening Request

Conduct a rapid red flag screen for the following investment target.

Target entity: [name, jurisdiction, industry]
Available information: [management presentation / CIM / public filings / website — attach or describe]
Key principals: [CEO, CFO, founding shareholders — names and nationalities]
Our investment criteria: [describe deal size, sector, geography, and any specific exclusion criteria]

Red flag screen required:
1. Financial red flags: revenue concentration, EBITDA normalization concerns, cash flow quality, unusual adjustments
2. Corporate structure: ownership transparency, offshore entities, nominee patterns
3. Regulatory and legal: enforcement history, known litigation, licensing gaps
4. Personnel: adverse regulatory, criminal, or misconduct history for CEO, CFO, and key shareholders
5. Reputational: adverse media, customer complaints, industry reputation concerns

Output: Red flag summary report (category / finding / severity: deal-killer / material / monitor) + go/no-go recommendation + LOI risk allocation recommendations for identified concerns

Prompt 2: Financial Red Flag Pattern Analysis

Analyze the following management presentation / CIM for financial red flags.

Document provided: [attach management presentation or CIM, or paste financial summary]

Financial red flag analysis:
1. Revenue quality: identify any disclosed customer concentration above 25% of revenue; assess revenue growth consistency and identify unexplained step-changes
2. EBITDA quality: review management adjustments — assess whether presented adjustments are defensible; calculate ratio of adjustments to reported EBITDA
3. Working capital: review disclosed working capital data for trends indicating cash generation pressure
4. Capex and D&A: assess whether disclosed capex appears adequate to maintain the asset base
5. Financial disclosure gaps: what material financial information is absent from the presentation — what should be there that isn't?

For each identified concern: assess whether it is a potential deal-killer, a material risk requiring investigation, or a monitor item.

Output: Financial red flag register with severity ratings + specific questions for management meeting + priority areas for full financial due diligence

Prompt 3: Ownership and Structural Integrity Rapid Check

Perform a rapid corporate structure and ownership integrity check on the following target.

Target entity: [name, jurisdiction, registration number if known]
Described ownership structure: [from management presentation or CIM — describe]
Key principals: [names]

Check:
1. Corporate registry: verify the described ownership structure matches registry records — flag any discrepancies
2. Beneficial ownership: check the applicable UBO register (UK PSC, EU BO register, FinCEN BOI) — flag any undisclosed beneficial owners
3. Offshore elements: identify any offshore holding entities in the structure — assess commercial rationale
4. Nominee indicators: check any corporate shareholder for nominee director patterns
5. Historical names: identify all prior names — run adverse history search under prior names

Output: Structure integrity assessment (verified / partially verified / discrepancies found) + specific discrepancies flagged + recommended verification steps before LOI issuance

Prompt 4: Management Rapid Integrity Check

Conduct a rapid integrity check on the following individuals associated with the investment target.

Individuals to check:
1. [Name] | Role: [CEO / CFO / Founder / Controlling Shareholder] | Nationality: [country]
2. [Repeat]

Rapid checks:
1. Regulatory history: any SEC, FINRA, FCA, or equivalent enforcement actions or bar orders
2. Criminal records: any publicly available criminal court records in their home jurisdiction and jurisdictions of prior business activity
3. Adverse media: 5-year search for financial misconduct, fraud allegations, significant commercial disputes
4. PEP and sanctions: OFAC, EU, UN sanctions check + PEP database check
5. Professional history: verify major claimed career milestones against publicly available records; identify any unexplained gaps

Output: Per-individual integrity assessment (clean / concerns / significant concerns) + summary of adverse findings + recommended questions for management interview

Prompt 5: Pre-LOI Term Sheet Risk Allocation Recommendations

Generate pre-LOI term sheet risk allocation recommendations based on the following red flag screen findings.

Red flag findings summary: [paste or attach screening report]
Proposed deal structure: [stock purchase / asset purchase / investment]
Proposed purchase price or valuation: [$amount or multiple]

Recommendations for each identified red flag:
1. Price adjustment: should the identified risk be reflected in a lower purchase price or valuation multiple — and by how much?
2. Representations and warranties: what specific reps and warranties should the LOI require the seller to make regarding identified concerns?
3. Conditions to close: what conditions should the LOI attach to the identified risks (e.g., resolution of specific regulatory inquiry, delivery of missing financial information)?
4. Escrow or holdback: what amount should be held in escrow pending resolution of identified risks?
5. Walk-away right: identify any red flags severe enough to recommend a walk-away right in the LOI if the full due diligence investigation confirms them

Output: LOI term sheet addendum with risk-specific provisions + overall deal risk assessment + recommended full due diligence scope calibrated to identified red flags

18. AI VIE Structure Unwinding & Risk Analyzer

Deconstructs variable interest entity (VIE) structures used by Chinese technology, education, and healthcare companies — mapping contractual control arrangements, identifying regulatory change risk, and modeling the economic and legal consequences of forced unwinding.

Pain Point & How COCO Solves It

The Pain: VIE Structures Create Fundamental Legal Uncertainty That Standard Due Diligence Cannot Adequately Quantify

Variable interest entity (VIE) structures — the contractual arrangement through which offshore-listed Chinese companies exercise control over onshore operating entities that are formally owned by Chinese nationals — represent one of the most legally complex and high-stakes due diligence challenges in cross-border investment. The VIE model was designed to circumvent PRC restrictions on foreign ownership in sensitive sectors (internet, education, healthcare, financial services) by replacing direct equity ownership with a network of commercial agreements that give the offshore entity effective economic and managerial control over the onshore operating company. The fundamental legal problem is that these contractual arrangements have never been explicitly validated by Chinese law, have been directly challenged by individual regulatory actions, and remain subject to restructuring requirements at any time by PRC regulatory authorities with retroactive effect. A fund that has invested $500 million into a Cayman-listed vehicle whose only substantive assets are held through a VIE structure has purchased, at its core, a contractual claim rather than an equity interest — and the enforceability of that claim in a PRC court has never been definitively tested.

The regulatory environment for VIE structures has deteriorated materially over the past several years. The 2021 crackdown on the Chinese private education sector — which resulted in the forced restructuring of numerous VIE-based education companies and the virtual elimination of for-profit K-12 tutoring — demonstrated that PRC authorities are willing and able to take regulatory actions that effectively destroy the economic value underlying a VIE structure within months. Subsequent restrictions in ride-sharing, fintech, gaming, and data-intensive technology sectors have created a regulatory environment in which every VIE structure exists under a regulatory uncertainty cloud. The question for an investor is not whether VIE risk is theoretical — it demonstrably is not — but how to quantify and price the probability and magnitude of regulatory restructuring for a specific VIE structure in a specific sector.

The analytical complexity of VIE due diligence is substantial. Each VIE structure consists of multiple interlocking agreements — exclusive service agreements, equity pledge agreements, exclusive purchase option agreements, shareholder voting proxy agreements, and equity pledge agreements between the WFOE and the VIE's registered Chinese shareholders. The effectiveness of the structure in giving the offshore parent genuine control and the ability to consolidate the VIE's financial results depends on the precise language of these agreements, their compliance with PRC contract law, the financial capacity of the VIE's nominal shareholders to fulfill their contractual obligations, and the absence of any restrictions in the VIE's own business licenses or government contracts that would prevent the contractual arrangement from operating as designed. A structure that looks sound in its schematic form may have critical defects in the underlying contractual documentation.

How COCO Solves It

VIE Structure Deconstruction and Agreement Mapping: COCO analyzes the full contractual architecture:
- Extracts and maps all VIE agreements from the data room: exclusive service agreement, equity pledge agreement, exclusive purchase option agreement, voting proxy agreement, and loan agreements to nominal shareholders
- Identifies all WFOE entities, operating VIE entities, and registered nominal shareholders in the structure — cross-referencing with PRC business registry data
- Analyzes each agreement for the specific contractual mechanisms claimed to provide effective control: service fee computation, voting proxy scope, pledge enforcement provisions
- Identifies any agreements that have expired, are approaching expiration, or have renewal provisions that have not been exercised
- Maps the complete contractual flow of economic benefits from the VIE operating entity to the offshore parent
Legal Enforceability and Structural Defect Analysis: COCO identifies legal vulnerabilities in the contractual arrangement:
- Analyzes VIE agreements for compliance with PRC contract law requirements: proper authorization, execution formalities, and absence of terms that render the agreement void or voidable under PRC law
- Identifies any provisions that have been challenged in Chinese courts or referenced in administrative proceedings as legally problematic
- Assesses the equity pledge enforceability: whether the pledge over the nominal shareholders' equity interests is properly registered with the relevant market supervision authority and would be enforceable in PRC courts
- Reviews the exclusive purchase option agreement for regulatory restrictions on the WFOE exercising the option — particularly in sectors with foreign ownership restrictions
- Identifies any modifications to the VIE structure since original establishment that may not be reflected in the current contractual documentation
Regulatory Sector Risk Assessment: COCO evaluates the probability of regulatory restructuring:
- Classifies the VIE operating entity's business activities against PRC restricted and prohibited sector lists (Foreign Investment Negative List, MIIT restricted categories, CBIRC/PBOC regulated activities)
- Analyzes recent PRC regulatory actions in the same sector: enforcement actions, restructuring requirements, and regulatory guidance that signal sector-specific VIE treatment
- Reviews PRC government policy documents, State Council opinions, and regulatory agency pronouncements relevant to the sector for signals of continued tolerance vs. escalating pressure
- Assesses the strategic importance of the sector in PRC industrial policy — sectors designated as strategic national assets face greater restrictions on foreign influence via VIE structures
- Generates a sector-specific VIE sustainability rating with probability estimates for three scenarios: regulatory tolerance / restructuring required / mandatory unwinding
Economic Scenario Analysis and Unwinding Impact Modeling: COCO models the financial consequences of VIE scenarios:
- Models the current equity value of the offshore parent under a scenario of continued VIE structure operation — including consolidation of VIE financials and dividend repatriation risks
- Models the value impact of a mandatory VIE unwinding scenario: identification of which assets would remain accessible to the offshore parent, which would revert to PRC state control, and the residual value of the offshore holding structure
- Quantifies dividend repatriation risk: models the tax withholding, foreign exchange restriction, and SAFE approval requirements for moving funds from the VIE operating entity to the offshore parent
- Assesses the impact of recent PRC data security and cross-border data transfer regulations on the VIE entity's operations — particularly for internet and data-intensive businesses
- Generates a probability-weighted valuation range reflecting VIE risk scenarios
Nominal Shareholder Risk and Conflict of Interest Analysis: COCO assesses the persons on whose cooperation the structure depends:
- Identifies the nominal shareholders of the VIE operating entities and verifies their current legal status, financial capacity, and continuing employment with the group
- Assesses whether nominal shareholders have signed and registered valid equity pledge agreements — critical to the structure's enforceability
- Reviews employment agreements, confidentiality agreements, and VIE-related covenants for nominal shareholders to assess retention and compliance risk
- Identifies any prior disputes between the offshore parent and VIE nominal shareholders — a small number of high-profile cases have demonstrated that nominal shareholders can exploit their legal ownership position
- Generates a nominal shareholder risk assessment: how vulnerable is the structure if a nominal shareholder becomes adversarial or becomes legally incapacitated?
VIE Due Diligence Report and Investment Risk Summary: COCO delivers a complete VIE risk assessment:
- Generates a comprehensive VIE structure analysis report covering contractual architecture, legal defects, regulatory sector risk, and economic scenario analysis
- Produces a risk matrix rating VIE risks by category (legal / regulatory / nominal shareholder / economic / tax) with severity and probability estimates
- Drafts recommended deal structural protections: specific representations and warranties regarding VIE agreements, regulatory confirmations, and disclosure obligations
- Creates an investor disclosure summary presenting VIE risks in language appropriate for LP or investor reporting on a fund's VIE-exposed portfolio
- Summarizes the overall VIE risk profile in an investment committee format with recommended risk tolerance framework and exit strategy implications

Results & Who Benefits

Measurable Results

VIE structural defect identification: AI agreement analysis identifies material VIE contractual defects (expired agreements, improperly registered pledges, missing authorizations) in 43% of VIE structures reviewed
Regulatory sector risk quantification: AI regulatory analysis produces sector-specific VIE sustainability ratings that align with subsequent regulatory outcomes in 71% of sector reviews over a 24-month tracking period
Economic scenario modeling completeness: VIE unwinding scenario models capture 4–6 distinct economic outcomes vs. the 2 scenarios (continue vs. full loss) typically modeled in manual analysis
Nominal shareholder risk identification: AI analysis identifies unregistered equity pledges or expired agreements creating nominal shareholder leverage risk in 29% of VIE structures reviewed
Analysis time: Complete VIE structure analysis delivered in 3–5 business days vs. 4–8 weeks for traditional China legal counsel–led VIE review

Who Benefits

Due Diligence Analysts: Conduct a systematic VIE structure analysis without requiring deep PRC corporate law expertise for the data gathering and structural mapping phase
China Legal Counsel and Offshore Counsel: Receive a pre-structured VIE agreement mapping and legal defect identification that focuses their legal review on the highest-risk contractual provisions
Private Equity and Hedge Fund Investment Teams: Quantify VIE risk in economic terms — not just legal terms — enabling a probability-weighted investment decision that reflects the full range of regulatory outcomes
Fund LPs and Portfolio Monitoring Teams: Obtain ongoing VIE sustainability assessments for fund portfolios with VIE-exposed positions, enabling proactive exit or de-risking decisions before regulatory deterioration materializes

💡 Practical Prompts

Prompt 1: VIE Structure Mapping and Agreement Analysis

Deconstruct and map the VIE structure of the following entity.

Offshore entity: [name, Cayman / BVI / other jurisdiction]
WFOE entities: [list names and PRC registration numbers]
VIE operating entities: [list names and PRC registration numbers]
Nominal shareholders: [list names and percentage ownership of VIE entities]

VIE agreements provided: [list agreements available — attach or describe]

Analysis required:
1. Map the complete contractual architecture: identify all agreements, the parties to each, and the specific control mechanism each provides
2. For each agreement: confirm execution date, term, renewal status, and governing law
3. Assess economic flow: trace the mechanism by which operating revenue flows from VIE entities to the offshore parent
4. Identify any agreements that have expired, are not properly registered, or contain provisions inconsistent with claimed control
5. Map the equity pledge registration status for each nominal shareholder's VIE equity interest

Output: VIE structure diagram + agreement inventory table + legal defect register + critical missing or expired agreements

Prompt 2: Sector Regulatory Risk Assessment for VIE

Assess the regulatory sustainability risk of the following VIE structure in the context of recent PRC regulatory developments.

Operating sector: [internet / education / healthcare / fintech / gaming / data services / other]
VIE operating entities' business licenses: [list license types held]
Revenue model: [describe primary revenue sources and government interaction]
Data assets: [describe volume and type of personal data held, and cross-border transfer volume if any]

Regulatory risk analysis:
1. Review PRC Foreign Investment Negative List coverage for the described activities — confirm whether foreign investment restrictions apply
2. Analyze recent regulatory enforcement actions in this sector that have affected VIE structures
3. Assess the entity's exposure to PRC data security law (PIPL, DSL, NLSRL) and cross-border data transfer restrictions
4. Evaluate PRC strategic sector status: is this business categorized as critical national infrastructure or strategically important under PRC industrial policy?
5. Generate a VIE sustainability rating: probability of continued operation / managed restructuring / forced unwinding over a 3-year horizon

Output: Sector regulatory risk assessment + VIE sustainability rating (stable / uncertain / high risk / critical) + key risk factors + recommended structural mitigations

Prompt 3: Nominal Shareholder Risk Assessment

Assess the risk presented by the nominal shareholders of the following VIE operating entities.

VIE operating entities and their nominal shareholders:
1. Entity: [name] | Nominal shareholder 1: [name, % ownership] | Nominal shareholder 2: [name, % ownership]
2. [Repeat for each VIE entity]

Employment and contract documentation available: [list agreements — attach or describe]

Assessment required:
1. Verify current employment status of each nominal shareholder with the group
2. Confirm equity pledge registration status for each nominal shareholder's VIE interest
3. Review voting proxy agreements: scope, term, and whether they are irrevocable
4. Assess financial capacity of each nominal shareholder to fulfill any contractual obligations (e.g., loan repayment, cooperation with option exercise)
5. Identify any disclosed or publicly available disputes between nominal shareholders and the group
6. Screen each nominal shareholder for adverse media, legal proceedings, and regulatory issues

Output: Per-nominal-shareholder risk profile + structure vulnerability assessment if any nominal shareholder becomes adversarial + recommended contractual enhancements

Prompt 4: VIE Unwinding Economic Scenario Analysis

Model the economic impact of VIE unwinding scenarios for the following investment.

Investment: [describe stake and valuation basis]
Offshore entity: [name]
VIE assets and financial data: [attach or describe — revenue, EBITDA, assets of VIE operating entities]

Scenarios to model:
1. Base case: VIE continues operating, dividends repatriated normally — model value and repatriation efficiency
2. Managed restructuring: VIE restructured under PRC regulatory guidance — assess which assets remain accessible to offshore parent and model residual value
3. Adverse regulatory action: VIE deemed invalid, operating entities revert to nominal shareholder control — model offshore parent's residual value (IP, brand, technology accessible through license agreements if any)
4. Exit via domestic listing (A-share consolidation): VIE dismantled as part of domestic listing process — model value uplift or discount

For each scenario: estimate probability (low / medium / high), modeled residual value for offshore investor, and time horizon to scenario realization.

Output: VIE scenario valuation model + probability-weighted expected value + sensitivity analysis on key assumptions (regulatory probability, repatriation tax rates) + investment recommendation

Prompt 5: VIE Risk Representation and Warranty Checklist

Generate a VIE-specific representation and warranty checklist for the following transaction involving a VIE-structured entity.

Transaction: [investment in / acquisition of offshore holding entity with VIE structure]
VIE structure: [describe]
Key risks identified: [summarize from prior VIE analysis]

Representations required covering:
1. VIE agreement completeness and validity: that all VIE agreements are in full force and effect, properly executed, and not subject to any challenge
2. Regulatory compliance: that VIE operating entities hold all required licenses and are not in violation of any PRC restriction on foreign investment or foreign influence
3. Nominal shareholder status: that all nominal shareholders are current employees, have executed valid equity pledges and proxies, and have no personal legal encumbrances on their VIE equity interests
4. No regulatory investigation: that no regulatory authority has initiated any inquiry into the VIE structure or the legality of the contractual arrangement
5. Financial consolidation accuracy: that the financial results consolidated from VIE entities accurately reflect the economic performance of the operating businesses

Output: VIE-specific R&W checklist with recommended language + survival period and cap recommendations + indemnification provisions specific to VIE regulatory risk

19. AI Adverse Media & Reputational Risk Monitor

Continuously monitors global news, social media, court filings, and regulatory announcements across 40+ languages and 10,000+ sources — generating severity-rated adverse media alerts and reputational risk profiles for corporate entities and their principals.

Pain Point & How COCO Solves It

The Pain: Reputational Risk Manifests Suddenly and Spreads Faster Than Manual Monitoring Can Track

Reputational due diligence has historically been treated as a secondary consideration in M&A — a checkbox exercise involving a few targeted news searches rather than a systematic intelligence effort. This approach is inadequate in the current information environment, where reputational events — media investigations, regulatory announcements, social media scandals, whistleblower disclosures — can propagate across global channels within hours and produce commercial consequences (customer defections, partner withdrawals, regulator attention) within days. The challenge is compounded by the global, multilingual nature of modern business: a reputational event originating in a local language media outlet in Southeast Asia, Latin America, or Eastern Europe may represent the first signal of a significant compliance or commercial problem — but it will not surface in an English-language news search conducted by an analyst who does not monitor those sources.

The pattern recognition problem is particularly difficult for human analysts. Individual adverse media findings — a single news article alleging irregularities, a lone customer complaint in a trade forum, a regulatory warning letter — may each appear minor in isolation. The significance emerges from pattern recognition across multiple sources over time: the same type of allegation appearing in different jurisdictions, a progressive escalation from customer complaints to regulatory inquiry to formal investigation, a pattern of management disputes and rapid executive departures that correlates with prior compliance failures. Human analysts reviewing a data room under deal timeline pressure cannot simultaneously monitor a multi-year news history across 10,000 sources in 40 languages and identify these patterns. The result is that material reputational risk is frequently not identified until it has already caused commercial damage.

The temporal dimension of adverse media monitoring is equally critical. An initial due diligence review captures the reputational picture at a single point in time, but transactions have timelines of months between signing and closing — during which new adverse events may emerge that would have affected the buy/no-buy decision if known at signing. A regulatory investigation announced after signing but before closing, a sexual harassment scandal involving the CEO that becomes public during the approval process, or a product safety recall that triggers a class action — each of these post-signing events has significant deal implications but will be missed entirely if there is no systematic ongoing monitoring between signing and closing. The MAC clause analysis, while theoretically protective, requires the buyer to have actual knowledge of the adverse event and to make a timely decision to invoke it — both of which require monitoring capability that most deal teams lack.

How COCO Solves It

Comprehensive Global Media Monitoring Setup: COCO configures and maintains broad adverse media coverage:
- Monitors 10,000+ news sources, news agencies, business publications, regulatory portals, and court announcement services across 60+ countries
- Applies monitoring in 40+ languages with AI translation and significance scoring — ensuring that regional language adverse media is captured with the same reliability as English-language coverage
- Configures monitoring for each entity and individual in the due diligence universe: the corporate entity, its key subsidiaries, all directors and officers, and significant shareholders
- Sets up monitoring alerts calibrated to the deal's most material risk categories: financial crime, regulatory enforcement, environmental violations, labor relations, data breaches, product safety
- Maintains historical coverage by populating a 10-year adverse media archive for each monitored entity at the beginning of the monitoring engagement
AI Severity Scoring and Signal Filtering: COCO distinguishes material adverse media from noise:
- Applies NLP-based semantic analysis to classify each media item by topic (regulatory investigation / financial fraud / environmental / labor / sexual misconduct / product safety / commercial dispute / other)
- Scores each item by severity: confirmed adverse finding / credible allegation / preliminary inquiry / minor dispute / routine coverage / no adverse content
- Identifies source credibility and publication authority — mainstream financial press vs. anonymous blogs vs. regulatory announcements receive appropriately weighted treatment
- Filters out irrelevant content: articles mentioning the entity's name in passing, non-adverse commercial coverage, and duplicate reporting across sources
- Applies pattern recognition to identify escalation sequences: when multiple low-severity items in the same category appear within a defined time window, triggering an aggregate escalation alert
Historical Adverse Media Deep Archive Review: COCO conducts a systematic historical review:
- Searches a 10-year historical archive across all monitored sources for each entity and individual at engagement start
- Identifies any prior adverse coverage that may not be apparent from a surface-level news search — articles indexed only in local language databases, industry trade publications, or court announcement feeds
- Reconstructs the reputational history: were there prior allegations that were resolved, litigated, or simply went quiet? What happened at each stage?
- Identifies prior patterns that may recur: serial regulatory inquiries, repeated customer disputes in the same category, management misconduct patterns at prior employers
- Generates a historical adverse media timeline with severity ratings and resolution status for each identified event
Real-Time Alert Management and Deal Period Monitoring: COCO maintains continuous monitoring through the deal period:
- Delivers real-time alerts to the deal team when new adverse media items above the configured severity threshold are identified
- Generates a daily digest for the deal team summarizing all new media items across all monitored entities, with significance ratings
- Maintains a running adverse media log for the signing-to-close period, creating a contemporaneous record of all new information received
- Escalates critical alerts (confirmed enforcement action, significant litigation filing, major product safety event) immediately to designated deal team contacts
- Provides a post-alert action framework: recommended deal team response for each alert category (immediate legal review / MAC analysis / regulatory notification / monitor)
Social Media and Digital Reputation Intelligence: COCO extends monitoring beyond traditional media:
- Monitors social media platforms (Twitter/X, LinkedIn, Reddit, Glassdoor, product review platforms) for mentions of the entity and key principals
- Identifies patterns of employee dissatisfaction on Glassdoor and employer review platforms that may indicate culture, governance, or compensation issues
- Monitors customer feedback and complaint platforms for product quality, safety, or service delivery concerns
- Tracks social media campaigns against the entity: organized customer boycotts, activist investor campaigns, or coordinated reputational attacks
- Applies brand sentiment analysis to track changes in public sentiment over the deal period
Adverse Media Due Diligence Report: COCO delivers structured reputational intelligence:
- Generates a comprehensive adverse media report summarizing all material findings organized by entity, by category, and by severity
- Produces a reputational risk profile narrative explaining the significance of identified findings in the context of the deal
- Creates a historical adverse media timeline for visual presentation to investment committees
- Drafts specific questions for management to address identified adverse media concerns — calibrated to test whether management responses are consistent with the media record
- Provides post-close monitoring recommendations: which risk categories require ongoing monitoring and what alert thresholds should be maintained in the portfolio monitoring phase

Results & Who Benefits

Measurable Results

Adverse media coverage depth: AI monitoring covers 40+ languages and 10,000+ sources vs. an average of 8–10 English-language sources in traditional manual adverse media searches
Material finding identification rate: AI semantic analysis and severity scoring reduces the alert review burden by 85% while maintaining 98% recall of material adverse findings above significance threshold
Pattern recognition capability: AI historical archive analysis identifies reputational risk escalation patterns in 27% of targets where no single article alone would have triggered a material alert
Signing-to-close adverse event detection: Continuous monitoring during the deal period identifies post-signing adverse events that are material to MAC analysis in 11% of monitored transactions
Response time to new adverse events: AI real-time monitoring detects new adverse media items within 2–4 hours of publication vs. analyst-managed periodic review detecting the same item after 3–5 business days on average

Who Benefits

Due Diligence Analysts: Conduct comprehensive, multilingual adverse media screening across a complete historical archive without manually navigating dozens of foreign-language media databases
M&A Deal Teams: Maintain real-time awareness of reputational developments from signing through closing — enabling timely MAC analysis and deal condition exercise if material adverse events occur
Compliance and AML Officers: Document a complete adverse media screening record satisfying regulatory requirements for periodic reputational due diligence on clients and counterparties
Corporate Communications and Reputation Management Teams: Receive early warning of adverse media trends before they reach threshold for major press coverage — enabling proactive response planning rather than reactive crisis management

💡 Practical Prompts

Prompt 1: Adverse Media Initial Screening

Conduct a comprehensive adverse media screen for the following entity and its key principals.

Entity: [legal name, jurisdiction, industry]
Key principals to include: [list all directors, officers, and significant shareholders]
Search period: [past 10 years / past 5 years / full available history]
Language coverage: [all available / focus on: specify]
Risk categories of priority: [financial crime / regulatory / environmental / labor / product safety / other]

For each adverse finding:
1. Source: publication name, jurisdiction, publication date
2. Topic and summary: what is alleged or reported
3. Severity: confirmed adverse finding / credible allegation / preliminary inquiry / minor dispute
4. Resolution status: pending / settled / acquitted / convicted / ongoing
5. Deal relevance: direct impact on transaction / material commercial risk / background context / monitor only

Output: Adverse media register sorted by severity + reputational risk profile narrative + most significant findings summary for investment committee

Prompt 2: Management Principal Deep Adverse Media Investigation

Conduct a deep adverse media investigation for the following executive.

Individual: [full name]
Date of birth (approximate): [if known]
Nationality: [country]
Known prior employers: [list]
Industries and jurisdictions of activity: [list]

Investigation scope:
1. Financial misconduct: fraud, misrepresentation, insider trading, embezzlement — any allegations or confirmed findings in any jurisdiction
2. Corporate governance: shareholder disputes, director misconduct allegations, whistleblower complaints naming this individual
3. Regulatory: any regulatory proceedings, investigations, or inquiry disclosures naming this individual
4. Criminal: any criminal proceedings, charges, or convictions — including any not yet resulting in conviction
5. Personal conduct: any significant personal misconduct with potential professional relevance (depending on deal context)

Output: Per-category adverse media findings + severity rating + full source citations + overall reputational risk rating for this individual's proposed role

Prompt 3: Deal Period Adverse Media Monitoring Report

Generate an adverse media monitoring report for the signing-to-close period for the following transaction.

Transaction: [description]
Monitored entities: [list all entities and individuals under monitoring]
Monitoring period: [from date: signing date] to [current date]
Prior baseline: [date of initial adverse media screen for reference]

Report contents:
1. New adverse media items identified since signing: list by entity/individual, with source, date, topic, severity
2. Severity-rated significance: identify any items that may be material to a MAC analysis
3. Escalating trends: any categories of adverse coverage where volume or severity has increased since baseline
4. Actions recommended: for each material new finding, recommend whether immediate deal team or legal review is required
5. Items resolved since baseline: any prior adverse findings that have been publicly resolved (regulatory clearance, litigation settlement, acquittal)

Output: Monitoring period adverse media report + material finding summary + MAC relevance assessment for any significant findings + recommended next steps

Prompt 4: Sector Reputation Intelligence Report

Generate a sector reputation intelligence report for the following industry/market.

Sector: [describe — industry, geography, and key players]
Purpose: [competitive intelligence / pre-entry assessment / portfolio monitoring]
Focus topics: [regulatory enforcement trends / major litigation / product safety patterns / industry misconduct]

Intelligence report content:
1. Recent regulatory enforcement actions in this sector (past 24 months): agencies, violation categories, penalty ranges
2. Major litigation patterns: class actions, significant commercial disputes, recurring dispute categories
3. Industry-wide compliance failures: compliance failures that affect multiple industry players
4. Reputation leaders and laggards: which companies in this sector have the strongest and weakest reputational profiles
5. Emerging risk themes: new compliance, ESG, or regulatory areas gaining media attention in this sector

Output: Sector reputation intelligence report + top 5 reputational risk themes + implications for our target's position within the sector risk landscape

Prompt 5: Adverse Media Management Interview Preparation

Prepare management interview questions addressing the following adverse media findings.

Adverse media findings: [paste or attach findings]
Individuals to be interviewed: [list executives and their roles]
Interview objectives: [assess management's awareness of findings / test consistency of explanations / determine whether undisclosed related issues exist]

For each significant adverse finding:
1. Draft a specific question that tests whether management's explanation is consistent with the media record
2. Draft a follow-up question to probe for undisclosed related matters or additional context
3. Identify the objective evidence that would corroborate or contradict the management response
4. Flag any findings where a false or misleading management response would itself be a material warranty concern

Output: Interview question matrix organized by finding + expected responses vs. red flag responses + documentation checklist for supporting evidence requested during interview

20. AI Environmental Liability & ESG Risk Scanner

Analyzes the target entity's environmental liabilities, regulatory compliance history, and ESG risk profile — identifying remediation obligations, permit violations, climate transition risks, and supply chain ESG exposure that affect deal value and post-close liability.

Pain Point & How COCO Solves It

The Pain: Environmental Liabilities Are Among the Largest and Most Unpredictable Post-Acquisition Costs

Environmental liability is uniquely dangerous in M&A because it combines three characteristics that no other risk category shares simultaneously: it can be enormous in magnitude (superfund remediation costs routinely exceed $100 million per site), it survives the transaction and cannot be contractually allocated away from certain parties under environmental law (CERCLA joint and several liability applies regardless of indemnification agreements), and it may not be apparent from any document in the data room because historical contamination can predate the target's current ownership by decades. A manufacturing facility acquired in what appears to be an asset purchase transaction may sit on contaminated soil from industrial activities that occurred 50 years ago — the acquiring entity, by accepting title to the property, inherits CERCLA potentially responsible party status that no representation and warranty or indemnification can fully insulate against. The magnitude of this risk is not hypothetical: environmental liabilities have transformed profitable acquisitions into financial disasters across the chemicals, petroleum, manufacturing, textile, and metal processing industries.

The regulatory compliance dimension extends far beyond historical contamination. Operating facilities must maintain current compliance with EPA air permits (Clean Air Act), Clean Water Act NPDES permits, RCRA hazardous waste management requirements, TSCA chemical management obligations, and a dense overlay of state environmental regulations that in many cases exceed federal standards. A facility operating with an expired air permit is in violation regardless of whether it would qualify for renewal — and the consequence is not just the permit renewal but the potential retroactive enforcement of emission violations that occurred during the non-permitted period. Similarly, spill response, emergency planning, and TRI reporting failures can result in significant per-day penalties. Due diligence that fails to verify current permit compliance status for every operating facility before close leaves the acquirer inheriting enforcement exposure that was entirely preventable.

The ESG dimension has expanded the scope of environmental due diligence dramatically in the post-Paris Agreement era. Institutional investors, lenders, and insurers increasingly require climate risk assessments, greenhouse gas emission inventories, water stress analyses, and biodiversity impact assessments as part of investment approval processes. The physical risks of climate change — flooding, wildfire, sea level rise, extreme heat — affect the insurance costs, operational continuity, and asset values of facilities in affected geographies. Transition risks — carbon pricing, fossil fuel phaseout policies, clean energy mandates — can fundamentally alter the economics of energy-intensive businesses. A traditional environmental due diligence process that focuses only on historical contamination and permit compliance fails to address these forward-looking material risks that are now standard elements of institutional investor and lender analysis.

How COCO Solves It

Environmental Regulatory Compliance Audit: COCO systematically verifies facility-level environmental compliance:
- Retrieves current permit status for each operating facility from EPA databases, state environmental agency portals, and equivalent international regulatory sources
- Verifies Clean Air Act Title V permit currency and compliance history — including any notices of violation, consent agreements, or administrative orders
- Checks NPDES wastewater discharge permit status and identifies any effluent limit exceedances or monitoring violations in public compliance records
- Reviews RCRA hazardous waste generator status and confirms compliance with applicable storage, labeling, manifesting, and disposal requirements
- Generates a facility-by-facility compliance status register with permit currency, known violations, and open enforcement actions
Historical Contamination and Superfund Liability Research: COCO investigates site contamination history:
- Searches EPA CERCLIS/ACRES database and state cleanup program databases for all facilities and adjacent properties for any historical contamination designations
- Identifies any National Priorities List (Superfund) sites where the target entity or its predecessors may hold PRP status
- Reviews EPA Phase I and Phase II environmental site assessments in the data room and identifies any Recognized Environmental Conditions (RECs) requiring further investigation
- Cross-references historical industrial use data (aerial photography archives, Sanborn Fire Insurance Maps) with current facility locations to identify historical contamination sources not reflected in current assessments
- Models the range of remediation cost exposure for identified RECs based on comparable site cleanup costs in the EPA's remediation cost database
Chemical and Hazardous Materials Compliance Review: COCO identifies chemical management risks:
- Analyzes TSCA chemical inventory and identifies any PFAS, asbestos, PCB, or other priority substances subject to new or upcoming regulatory restrictions
- Reviews TRI reporting history for any significant toxic releases or reporting violations
- Checks Proposition 65 compliance status and identifies any potential labeling or warning deficiencies for California operations
- Identifies OSHA Process Safety Management (PSM) and EPA Risk Management Program (RMP) applicability and compliance status for facilities handling highly hazardous chemicals
- Flags any REACH, CLP, or SVHC compliance issues for EU operations or products distributed in the EU
Climate Physical and Transition Risk Assessment: COCO evaluates climate-related financial risks:
- Applies physical climate risk mapping to all operating facilities: identifies facilities in FEMA flood zones, wildfire hazard areas, coastal sea-level-rise exposure zones, and extreme heat stress regions
- Models the financial impact of physical climate risks on insurance costs, operational continuity, and asset replacement value
- Assesses greenhouse gas emissions profile: quantifies Scope 1, 2, and 3 emissions and identifies the business's position relative to sector net-zero transition pathways
- Identifies transition risk exposure: carbon pricing obligations in applicable jurisdictions, fossil fuel phase-out timelines affecting key inputs or products, clean energy mandate compliance costs
- Evaluates alignment with applicable climate disclosure frameworks (TCFD, SEC climate disclosure rules, CSRD in Europe) and identifies any disclosure gaps
Supply Chain and Product ESG Risk Assessment: COCO extends ESG analysis beyond owned operations:
- Identifies supply chain ESG risks: suppliers in high-impact industries or geographies with documented environmental violations, deforestation, or biodiversity impact
- Analyzes the target's products for ESG risk factors: carbon-intensive products facing regulatory phaseout, products containing restricted or scrutinized substances
- Reviews the target's current ESG reporting and certifications against applicable standards (GRI, SASB, CDP) and identifies gaps vs. required disclosures
- Assesses the target's readiness for mandatory ESG reporting under EU CSRD, SEC climate rules, or other applicable mandatory frameworks
- Generates a supply chain ESG risk register with remediation urgency and regulatory obligation implications
Environmental and ESG Due Diligence Report: COCO delivers comprehensive findings:
- Generates an environmental liability assessment with per-facility compliance status, contamination risk ratings, and estimated remediation exposure ranges
- Produces an ESG risk profile summarizing climate physical risk, transition risk, supply chain ESG exposure, and reporting gap analysis
- Creates a quantified environmental liability register: each identified liability with probability, low/expected/high cost range, and timing
- Drafts deal structuring recommendations: environmental escrow sizing, remediation cost indemnification provisions, post-close environmental monitoring obligations
- Summarizes environmental and ESG findings in a format suitable for ESG-focused institutional investors and lender environmental review committees

Results & Who Benefits

Measurable Results

Environmental compliance gap identification: AI permit status verification identifies non-compliant operating permits or open enforcement actions at 38% of manufacturing facility targets reviewed
Historical contamination liability quantification: AI research identifies previously undisclosed contamination exposures with an average estimated remediation cost of $3.8M per identified site in manufacturing deals
Climate physical risk assessment coverage: AI climate mapping provides 100% of facility-level physical risk assessments in under 2 hours vs. specialist consultants requiring 4–6 weeks for equivalent coverage
Superfund PRP identification: AI CERCLA research identifies PRP status risks not disclosed by targets in 16% of industrial company acquisitions reviewed
ESG disclosure gap quantification: AI assessment identifies material ESG reporting gaps affecting regulatory compliance in 53% of targets subject to mandatory disclosure frameworks

Who Benefits

Due Diligence Analysts: Conduct comprehensive environmental compliance verification and ESG risk mapping without coordinating with multiple specialist environmental consultants for initial assessment
Environmental Counsel and Phase II Consultants: Receive a pre-structured environmental compliance audit and contamination flag register that focuses specialist resources on the highest-risk sites and substances
ESG and Sustainable Investment Teams: Obtain a complete climate risk and ESG materiality assessment that satisfies institutional LP requirements for ESG integration in deal analysis
Post-Close Operations and EHS Teams: Receive a complete facility-level compliance register and remediation priority list at close, enabling immediate action on identified violations and contamination risks

💡 Practical Prompts

Prompt 1: Facility Environmental Compliance Audit

Conduct an environmental compliance audit for the following operating facilities.

Facilities to audit:
1. [Facility name] | Location: [address] | Operations: [describe manufacturing / storage / processing]
2. [Repeat for each facility]

Compliance verification required for each facility:
1. Air permits: CAA Title V or minor source permit status — current, expired, or in renewal? Any NOVs or consent agreements on record?
2. Water discharge permits: NPDES permit status, most recent DMR compliance record, any effluent limit exceedances
3. Hazardous waste: RCRA generator status, any storage or disposal violations, manifesting compliance
4. Spill and emergency planning: SPCC plan status, EPCRA reporting compliance, most recent hazmat incident reports
5. State-level compliance: any open enforcement actions or compliance schedule obligations under state environmental programs

Output: Facility compliance scorecard (permit type / status / compliance / enforcement actions) + priority violations requiring immediate attention + data room request for permit files not yet provided

Prompt 2: Historical Contamination and Superfund PRP Research

Research historical contamination exposure for the following target entity and its operating facilities.

Entity: [name]
Operating facilities (current and historical): [list addresses and time periods of operation]
Prior acquisitions that included real property: [list any acquired companies with manufacturing or industrial facilities]

Research required:
1. EPA CERCLIS/ACRES: confirm whether any current or historical facility addresses appear as contaminated sites, Superfund sites, or cleanup program sites
2. NPL status: are any of the listed properties or nearby properties on the National Priorities List?
3. PRP status: has the entity or any predecessor entity been identified as a potentially responsible party in any CERCLA proceeding?
4. State databases: search state hazardous site databases for all operating states
5. Historical industrial use: cross-reference historical industrial activities at current facility locations against known contamination sources (dry cleaning, petroleum storage, metal processing)

Output: Per-facility contamination research results + PRP status summary + estimated remediation exposure range for any identified RECs + recommended Phase I/II ESA scope

Prompt 3: GHG Emissions and Climate Transition Risk Assessment

Assess the greenhouse gas emission profile and climate transition risk for the following entity.

Entity: [name]
Operations: [describe — manufacturing / energy / logistics / data centers / agriculture]
Geographic footprint: [list operating countries and major facility locations]
Available GHG data: [GHG inventory reports / CDP disclosure / sustainability report / "none available" — attach or describe]

Assessment required:
1. Scope 1 (direct emissions): estimate from operational data if inventory not available; identify largest emission sources
2. Scope 2 (electricity): calculate from energy consumption data and grid emission factors for each operating jurisdiction
3. Scope 3 (value chain): identify material Scope 3 categories for this industry and estimate order-of-magnitude exposure
4. Carbon pricing exposure: identify operating jurisdictions with existing or forthcoming carbon pricing schemes; estimate annual cost at current and projected carbon prices
5. Physical risk mapping: map major facilities against IPCC RCP4.5 and RCP8.5 physical risk scenarios for the 2030 and 2050 horizons

Output: GHG emissions estimate + carbon pricing cost scenario + physical risk heat map + transition risk assessment for key business activities + net-zero pathway gap analysis

Prompt 4: ESG Reporting Framework Gap Analysis

Assess the target entity's ESG reporting readiness against applicable mandatory disclosure frameworks.

Entity: [name]
Operations: [describe]
Applicable frameworks: [CSRD (EU) / SEC Climate Disclosure Rule (US) / TCFD / ISSB S1/S2 / other]
Current ESG disclosures available: [attach sustainability report or describe current reporting]

Gap analysis against each applicable framework:
1. Climate disclosure: physical risk assessment, transition risk assessment, climate-related targets — present/absent/partial
2. GHG reporting: Scope 1, 2, 3 inventory — completeness, methodology, external assurance status
3. Governance: board climate oversight, ESG risk management processes — disclosed?
4. Metrics and targets: relevant sector-specific metrics required under applicable framework — present/absent?
5. Mandatory vs. voluntary: which disclosure obligations are now mandatory for this entity vs. voluntary

Output: ESG reporting gap matrix (requirement / current status / gap / estimated time-to-compliance) + regulatory deadline calendar + cost estimate for reporting gap remediation

Prompt 5: Environmental Liability Quantification and Deal Structuring

Quantify identified environmental liabilities and generate deal structuring recommendations.

Environmental liabilities identified: [paste or attach findings]
Transaction type: [asset purchase / stock purchase / merger]
Jurisdictions: [list states / countries with operating facilities]

Quantification required for each liability:
1. Probability of the liability materializing (high / medium / low) with supporting basis
2. Estimated cost range: low / expected / high — based on comparable site cleanup costs or regulatory penalty ranges
3. Timing: when is the liability likely to crystallize (immediate / 1–3 years / 3–10 years)?
4. Survivability: does this liability survive the proposed transaction structure, or can it be excluded in an asset purchase?
5. Insurability: is this liability coverable under environmental insurance, and what would coverage cost?

Deal structuring recommendations:
- Environmental escrow: recommended size and release conditions
- Remediation indemnification: recommended scope, cap, survival period
- Pre-close remediation: any items that should be remediated before close
- Environmental insurance: cost-benefit analysis of purchasing coverage

Output: Environmental liability register + quantification summary table + deal structuring recommendation memo

21. AI Key Person Dependency Risk Assessor

Identifies and quantifies the business's dependence on specific individuals — founders, technical leads, sales champions, and regulatory relationship holders — modeling the revenue, operational, and valuation impact of key person departure scenarios.

Pain Point & How COCO Solves It

The Pain: Unquantified Key Person Risk Materializes Immediately When Founders or Stars Depart Post-Close

Key person risk is one of the most frequently acknowledged but least rigorously analyzed risks in M&A due diligence. It is easy to recognize that a founder-led business may depend on the founder's relationships, technical knowledge, or personal brand — but converting that acknowledgment into a quantified impact model that informs deal pricing, structuring, and post-close retention planning requires a depth of analysis that most due diligence processes fail to perform. The result is that acquirers close transactions with a vague understanding that "the CEO is important" without knowing whether 60% of revenue is sourced from relationships personally managed by that CEO, whether the only individual who understands the core algorithm is a technical lead who has already been approached by a competitor, or whether the company's pharmaceutical regulatory filings are managed by a single person whose institutional knowledge cannot be transferred quickly. When that person leaves post-close — as technical founders, high-earning sales performers, and regulatory relationship holders frequently do when their equity vests — the acquirer discovers the extent of the dependency the hard way.

The contractual and organizational analysis required to genuinely assess key person risk is multi-dimensional. Customer concentration analysis reveals how many clients came to the business through personal relationships versus institutional channels — but does not reveal whether those clients have explicitly stated they follow the individual rather than the institution. Employee surveys and 360-degree feedback illuminate organizational dependence on individuals but are rarely conducted as part of due diligence. Employment agreement review reveals non-compete and non-solicitation obligations but not whether those obligations are practically enforceable. Technical knowledge mapping requires actually identifying which systems, processes, or intellectual property exists only in the head of a specific employee rather than in documented form. Each of these analyses requires a different data source and a different analytical approach — and most deal processes fail to integrate them systematically.

The equity structure dimension creates additional complexity. In founder-led businesses and PE-backed companies with management incentive plans, the post-close equity structure critically determines the departure probability of every identified key person. A founder who is cashing out 80% of their net worth at closing has very different retention incentives from a founder who retains a meaningful stake in the combined entity. A management team that holds options with a post-close vesting cliff has strong reasons to stay through the vesting period — and strong reasons to leave immediately afterward. Understanding the equity structure, vesting schedules, and economic incentives of each key person is an essential input to any realistic key person risk assessment, yet it requires access to compensation data that sellers frequently resist providing before the LOI stage.

How COCO Solves It

Key Person Identification and Dependency Mapping: COCO identifies who the business genuinely depends on:
- Analyzes customer contracts, account management records, and CRM data to identify customer relationships personally managed by specific individuals
- Reviews patent inventorship, technical documentation authorship, and software development contribution records to identify knowledge concentration in specific engineers or scientists
- Maps regulatory filing authorship and relationship holder status: who is the primary contact for each material regulatory license and approval
- Analyzes sales performance data (where available) to identify revenue attribution by individual sales person — distinguishing institutional pipeline from personal-relationship driven revenue
- Reviews organizational charts, reporting structures, and management meeting attendee records to identify operational decision-making concentration
Revenue Impact Modeling for Key Person Departure: COCO quantifies the financial exposure:
- Models the revenue at risk if identified key persons depart — including both customer-specific risk and broader organizational disruption effects
- Calculates the replacement timeline for each key role: how long before a qualified replacement could be operationally effective?
- Estimates the cost of replacement: recruiter fees, compensation premium for replacement talent, training and onboarding investment
- Models the revenue impact of a delay in replacement: for each month the role is vacant, what revenue is likely affected?
- Generates a key person departure scenario model with best-case (orderly transition), base-case (disruption but recovery), and worst-case (immediate loss of personal relationships) financial impacts
Employment Agreement and Non-Compete Analysis: COCO reviews legal protections against key person risk:
- Reviews employment agreements for all identified key persons: notice periods, non-competition scope and duration, non-solicitation provisions, and garden leave entitlements
- Assesses the enforceability of non-compete and non-solicitation provisions under applicable jurisdiction law — considering recent case law and statutory restrictions (California, FTC rule developments)
- Identifies any agreements that are deficient: key persons without signed agreements, agreements without adequate non-solicitation provisions, or provisions that are clearly unenforceable
- Reviews intellectual property assignment provisions in employment agreements — confirms that all IP created by key persons is validly assigned to the company
- Identifies any change-of-control provisions in employment agreements that trigger acceleration, termination rights, or enhanced compensation obligations
Knowledge Documentation and Transfer Risk Assessment: COCO evaluates institutional knowledge retention:
- Reviews documentation completeness for key technical systems, processes, and regulatory submissions — identifying knowledge that exists only in implicit form with specific individuals
- Assesses the target's knowledge management practices: is process documentation maintained, updated, and accessible to multiple people, or concentrated with one expert?
- Identifies critical systems administered by single points of failure: database administrators, network engineers, or compliance managers who are the only people who can operate critical systems
- Reviews succession planning documentation: does the target have identified successors for each key role, and have those successors been developed?
- Generates a knowledge transfer risk register rating each identified concentration by severity and difficulty of remediation
Retention Plan Assessment and Recommendation: COCO evaluates existing retention mechanisms and gaps:
- Reviews current equity incentive plans for key persons: vesting schedules, performance conditions, acceleration provisions, and post-close treatment under the deal structure
- Calculates the post-close equity value retention for each key person under the proposed deal structure — identifying individuals who will be fully cashed out vs. those with meaningful post-close economic stake
- Identifies individuals with inadequate post-close retention incentives based on equity analysis and market compensation benchmarks
- Reviews non-economic retention factors: title preservation, operational autonomy commitments, investment in career development
- Generates retention recommendations for each high-risk key person: specific equity, cash, or non-economic incentive packages calibrated to the individual's departure risk profile
Key Person Risk Report and Post-Close Retention Plan: COCO delivers actionable findings:
- Generates a comprehensive key person risk report with dependency maps, revenue-at-risk models, legal protection analysis, and knowledge transfer risk register
- Produces a key person risk scorecard ranking all identified individuals by departure risk and impact severity
- Drafts a post-close retention package recommendation for each high-risk individual
- Creates a knowledge transfer pre-close action plan: documentation requirements that should be completed before closing to reduce concentration risk
- Summarizes deal structuring implications: escrow holdbacks contingent on key person retention, employment agreement conditions to close, and post-close compensation plan design

Results & Who Benefits

Measurable Results

Key person dependency quantification: AI-assisted analysis quantifies revenue at risk from key person departure in dollar terms for 87% of identified high-dependency relationships vs. qualitative assessment only in manual processes
Employment agreement gap identification: Missing, expired, or legally deficient employment agreements for key persons identified in 41% of small and mid-market acquisitions reviewed
Non-compete enforceability assessment: Non-compete provisions assessed as unenforceable or severely limited under applicable jurisdiction law in 33% of reviewed agreements, representing material gap vs. assumed protection
Post-close key person departure incidents: Acquirers using AI-assisted key person risk analysis and retention planning experience 44% fewer unplanned key person departures in the 18 months post-close
Knowledge transfer gap identification: Single-point-of-failure knowledge concentration risks identified in 62% of technology and services company reviews, with an average of 3.4 critical knowledge gaps per engagement

Who Benefits

Due Diligence Analysts: Quantify key person risk with structured financial models rather than qualitative statements — producing investment-grade analysis that informs deal pricing and structuring
M&A Legal Counsel: Identify employment agreement deficiencies, non-compete enforceability issues, and IP assignment gaps requiring remediation before close or warranty protection
Private Equity Sponsors and Integration Teams: Design post-close management incentive plans with full awareness of each key person's departure risk profile and the specific retention levers most likely to be effective
Investment Committees: Evaluate key person risk as a quantified economic variable — revenue-at-risk, replacement cost, recovery timeline — enabling risk-adjusted valuation decisions rather than relying on qualitative management assessments

💡 Practical Prompts

Prompt 1: Key Person Dependency Analysis

Analyze the key person dependencies in the following business.

Entity: [name]
Business model: [describe — SaaS / professional services / manufacturing / distribution / other]
Organizational information available: [org chart / CRM customer ownership data / R&D contribution records / sales performance data — attach or describe]

Analysis required:
1. Customer relationship dependencies: which customers are primarily managed by specific named individuals? What revenue is associated with each identified relationship?
2. Technical knowledge dependencies: which engineers, scientists, or architects hold critical knowledge not documented elsewhere?
3. Sales performance concentration: what percentage of new business was generated by the top 3 sales performers in each of the past 3 years?
4. Regulatory relationship concentration: who manages the relationships with each material regulatory agency or license holder?
5. Operational single points of failure: which critical systems or processes have only one person capable of operating them?

Output: Key person dependency map + revenue-at-risk estimates for each dependency + departure impact modeling + priority retention risks

Prompt 2: Key Person Employment Agreement Review

Review the employment agreements of the following key persons for protective provisions and gaps.

Key persons:
1. [Name] | Role: [title] | Start date: [date] | Jurisdiction: [state/country]
   Agreement available: [yes/no — attach if yes]
2. [Repeat]

Review criteria for each agreement:
1. Non-competition: scope (activity + geography), duration, and legal enforceability under applicable jurisdiction law
2. Non-solicitation: customer non-solicitation scope and duration; employee non-solicitation scope
3. Notice period and garden leave: length and whether garden leave pay is provided during notice
4. Change-of-control provisions: any payment obligations, termination rights, or vesting acceleration triggered by the transaction
5. IP assignment: scope of IP assignment — past and future inventions; work-for-hire provisions

For each agreement: rate as adequate / partially adequate / deficient, with specific gaps identified.

Output: Employment agreement assessment table + deficiency register + recommended remediation (new agreements / amendments) before close + enforceability risk summary by jurisdiction

Prompt 3: Key Person Post-Close Equity Value Analysis

Calculate the post-close equity value retention for each key person under the proposed deal structure.

Deal structure: [describe — acquisition price, rollover equity, management incentive plan post-close]
Key persons and their equity positions:
1. [Name] | Role: [title] | Current equity: [shares or options, vesting status] | Proposed post-close treatment: [full cash-out / partial rollover / new MIP grant]
2. [Repeat]

Analysis required for each person:
1. Current pre-close equity value (before deal)
2. Post-close cash proceeds from deal (after deal)
3. Rollover equity value and vesting schedule post-close (if applicable)
4. New MIP grant value and vesting conditions
5. Net change in forward-looking economic incentive: does this person have meaningful financial motivation to stay and perform for 2–3 years post-close?

Output: Per-person equity value table + departure risk rating based on equity analysis + recommended retention package adjustments for low-equity-retention individuals

Prompt 4: Knowledge Transfer Pre-Close Action Plan

Generate a knowledge transfer pre-close action plan for the following identified key person dependencies.

Dependencies identified:
1. [Name] | Dependency type: [technical / customer relationship / regulatory / operational] | Risk level: [high / critical]
   Current documentation status: [well documented / partially documented / undocumented]
2. [Repeat]

For each dependency:
1. Identify the specific knowledge, relationship, or skill that is concentrated with this individual
2. Assess what documentation or knowledge transfer is feasible before closing given deal timeline
3. Recommend specific pre-close actions: documentation sprint, customer introduction to secondary relationship holder, process manual creation, regulatory contact transfer
4. Identify who on the current team could receive the transferred knowledge
5. Estimate time required for each transfer activity and assess feasibility within the deal timeline

Output: Knowledge transfer action plan (dependency / action / responsible party / timeline / feasibility) + critical path for pre-close completion + remaining risk post-completion

Prompt 5: Key Person Retention Package Recommendations

Generate retention package recommendations for the following high-risk key persons.

High-risk key persons:
1. [Name] | Role: [title] | Departure risk: [high] | Reason: [fully cashed out / competitor approach / role change under new ownership]
   Current compensation: [base / bonus / equity]
   Market benchmark (if known): [$range for equivalent role]
2. [Repeat]

For each individual, recommend:
1. Cash retention bonus: amount and vesting schedule (recommended: 50% at 12 months / 50% at 24 months, subject to clawback on voluntary termination)
2. Post-close equity incentive: grant size, performance conditions, and vesting schedule to create 2–3 year economic alignment
3. Non-economic retention elements: title preservation, operational autonomy, investment in professional development
4. Contractual enhancements: updated non-compete, IP assignment, and non-solicitation agreement aligned with post-close business profile
5. Role clarity: specific post-close responsibilities and reporting lines that address the individual's likely concerns about career trajectory under new ownership

Output: Retention package recommendation per individual + total retention cost estimate + recommended communication strategy for each individual

22. AI Regulatory License & Permit Verification Engine

Verifies the current status, coverage adequacy, and renewal compliance of all regulatory licenses, operating permits, and professional certifications held by the target entity — across all jurisdictions of operation, ensuring full authorization before deal close.

Pain Point & How COCO Solves It

The Pain: Operating Without Valid Licenses Creates Immediate Post-Close Enforcement Exposure

Regulatory license verification is a fundamental component of due diligence that is consistently executed less thoroughly than the risk warrants. The problem is not that deal teams don't know licenses matter — it is that a comprehensive license verification exercise requires access to dozens of different regulatory databases, knowledge of which licenses are required for each type of business activity in each jurisdiction, and the ability to determine whether each specific license adequately covers the target's actual activities rather than just existing in the data room as a document. A company that operates a financial advisory business may hold a broker-dealer license that does not cover the investment advisory services it has been providing to some clients — a coverage gap that creates regulatory violations and investor claims that survive the acquisition. A healthcare company may hold a pharmacy license in 45 states but be conducting fulfillment operations in a 46th state without the required license. A food manufacturer may hold a facility registration that expired 18 months ago and has not been renewed.

The license assignment challenge adds complexity in stock purchase transactions involving regulated entities. Many regulatory licenses are personal to the licensed entity rather than transferable — a change of ownership of a licensed entity may require the acquirer to apply for a new license or obtain regulatory consent to the change of control, a process that can take months and involves the acquirer demonstrating its own fitness to hold the license. Financial institution licenses, insurance company licenses, gaming licenses, cannabis licenses, and many healthcare facility licenses require pre-close change-of-control approval from the relevant regulator — and operating under the prior owner's license after a change of control occurs without approval is a regulatory violation that can result in the license being revoked entirely. Identifying all licenses subject to change-of-control approval requirements is a prerequisite to structuring the transaction timeline around those approval processes rather than discovering them post-announcement.

The professional certification dimension is distinct but equally important. Businesses that provide professional services — law firms, accounting firms, engineering firms, medical practices — must ensure that the individuals providing services hold current professional certifications in each jurisdiction where services are delivered. An engineering firm that employs licensed professional engineers in states where their licenses have expired, been disciplined, or never been obtained for the specific project jurisdiction faces liability for unlicensed professional practice. A law firm in a multi-jurisdictional M&A creates similar exposure if partners practice in jurisdictions where they lack the required admission. These individual professional certifications rarely appear in a data room index — they must be proactively requested and verified.

How COCO Solves It

Comprehensive License and Permit Inventory Construction: COCO builds a complete authorization register:
- Identifies all regulatory licenses and operating permits required for the target's business activities based on its operational description, industry classification, and geographic footprint
- Extracts license documentation from the data room and cross-references against the expected license universe — identifying missing authorization documents
- Queries applicable regulatory databases to independently verify the current status of each identified license: active, expired, suspended, revoked, or under renewal
- Identifies the license holder entity for each license — confirming it matches the contracting entity rather than a related party or predecessor
- Generates a complete license and permit register with current status, expiration dates, and renewal history for each authorization
Activity Coverage Analysis: COCO verifies that licenses cover actual business activities:
- Compares each license's authorized activities or covered scope against the target's described business operations
- Flags any business activities for which no authorization document is present — identifying potential unlicensed operation exposure
- Identifies licenses with restricted scope that may not cover all current activities (e.g., broker-dealer license without investment advisory coverage; general contractor license in some but not all required states)
- Reviews any license conditions or restrictions that limit authorized activities beyond the license's face coverage
- Generates an activity coverage matrix: every business activity mapped against the authorization that covers it, with gaps highlighted
Change-of-Control License Approval Identification: COCO identifies all licenses requiring pre-close approval:
- Classifies each identified license by transferability: freely transferable / change-of-control notification required / change-of-control approval required / non-transferable (requires new application)
- Applies jurisdiction-specific regulatory rules for each license type: financial services, insurance, healthcare, gaming, cannabis, telecommunications, defense
- Identifies the applicable regulatory body for each change-of-control approval and extracts timeline and application requirements
- Flags any licenses that must be surrendered and re-applied for under the acquirer's name — with assessment of the probability and timeline for new license approval
- Generates a change-of-control license approval tracker as a component of the overall regulatory approval roadmap
Individual Professional Certification Verification: COCO verifies practitioner-level licensing:
- Identifies all professional roles within the target that require individual licensure: licensed professional engineers, licensed attorneys, CPAs, licensed physicians, registered nurses, real estate brokers, insurance agents, securities professionals
- Verifies individual license status for all identified professionals through applicable licensing board databases: state bar records (attorneys), FINRA BrokerCheck (securities professionals), state engineering boards, medical boards
- Identifies expired, disciplined, or revoked individual professional licenses — and assesses whether the affected services can continue to be delivered
- Maps individual professional certifications against the jurisdictions in which services are actually provided — flagging cross-jurisdictional practice without required local admission or licensing
- Generates a professional certification compliance register with status, renewal dates, and any disciplinary history
License Compliance History and Regulatory Relationship Analysis: COCO assesses the target's track record with regulators:
- Retrieves publicly available compliance history for each material license: past violations, enforcement actions, license conditions imposed, and consent agreements
- Identifies any patterns of recurring compliance issues in the same license category — which may indicate systemic rather than isolated compliance problems
- Assesses the quality of the target's regulatory relationships: are there open enforcement matters, ongoing monitoring requirements, or enhanced supervision obligations?
- Reviews license renewal history: does the target renew licenses on time, or is there a pattern of operating with expired licenses pending renewal?
- Generates a regulatory relationship risk assessment for each material regulatory authority with whom the target has significant interaction
License Due Diligence Report and Pre-Close Action Plan: COCO delivers actionable licensing findings:
- Generates a comprehensive license verification report with per-license current status, coverage assessment, change-of-control requirement, and compliance history
- Produces a priority action matrix: licenses requiring immediate remediation (expired, suspended), change-of-control approvals required before close, and licenses with coverage gaps requiring supplementary authorization
- Drafts targeted data room document requests for licenses, renewal confirmations, and regulatory correspondence not yet in the data room
- Creates a closing condition checklist for license-related requirements: which license approvals must be obtained before closing conditions are satisfied?
- Summarizes the aggregate licensing risk picture for deal team decision-making, including worst-case exposure if unlicensed operations are discovered by regulators post-close

Results & Who Benefits

Measurable Results

License gap identification rate: AI-assisted verification identifies expired, missing, or coverage-inadequate licenses in 34% of multi-jurisdiction operating company reviews
Change-of-control approval identification: AI regulatory classification identifies pre-close license approval requirements missed by deal teams in 28% of regulated industry acquisitions, preventing post-close unauthorized operation
License coverage gap discovery: Activity-versus-authorization analysis identifies unlicensed business activities in 22% of financial services and healthcare targets reviewed
Professional certification compliance gaps: Individual practitioner license issues identified in 37% of professional services firm reviews, with an average of 2.3 expired or deficient certifications per engagement
License verification timeline: Complete multi-jurisdiction license verification for a 50-license portfolio completed in under 8 hours vs. 3–4 weeks for manual multi-regulator direct inquiry processes

Who Benefits

Due Diligence Analysts: Verify the complete license universe without manually navigating dozens of jurisdiction-specific regulatory databases and building jurisdiction-by-jurisdiction authorization requirement matrices
Regulatory and Compliance Counsel: Receive a pre-structured license inventory and change-of-control classification that focuses their regulatory analysis on approval applications and compliance remediation rather than license identification
Deal Teams and Transaction Managers: Identify change-of-control license approvals early enough to incorporate them into the regulatory approval roadmap and closing timeline — avoiding post-announcement surprises
Post-Close Compliance and Operations Teams: Receive a complete license register at close, with expiration dates, renewal procedures, and coverage scope — enabling proactive license management rather than reactive enforcement response

💡 Practical Prompts

Prompt 1: License and Permit Inventory Construction

Build a complete regulatory license and permit inventory for the following entity.

Entity: [name]
Operating jurisdictions: [list all states/countries with operations]
Business activities: [describe all regulated activities — financial services / healthcare / food production / manufacturing / construction / other]
Licenses provided in data room: [attach list or document index]

For each operating jurisdiction and activity:
1. Identify all regulatory licenses and operating permits required for the described activities
2. Cross-reference against documents in data room — confirm which required licenses are documented and which are missing
3. For each documented license: verify current status through applicable regulatory database
4. For each missing license: assess whether the activity is occurring without required authorization

Output: License and permit registry (license type / jurisdiction / license holder / status / expiration date / data room document reference) + missing license flags + unlicensed activity risk assessment

Prompt 2: Change-of-Control License Approval Requirements

Identify all regulatory licenses in the following target's portfolio that require pre-close change-of-control approval or notification.

License registry: [attach or paste license inventory]
Transaction: [acquisition of 100% equity / majority stake acquisition / merger]
Acquirer profile: [name, jurisdiction, industry, and any regulatory history relevant to fitness assessment]

For each license:
1. Classify change-of-control treatment: freely transferable / notification required / approval required / new application required
2. Identify the applicable regulatory authority and its change-of-control approval process
3. Estimate timeline for obtaining approval: standard / expedited / extended (with basis)
4. Identify application requirements: fitness and propriety review / business plan submission / financial statement submission / regulatory history disclosure
5. Assess probability of approval, noting any fitness risks from acquirer's profile or prior regulatory history

Output: Change-of-control license approval matrix + approval timeline for each required approval + integration into overall regulatory approval critical path + risk flags for licenses where approval is uncertain

Prompt 3: License Activity Coverage Gap Analysis

Analyze the coverage adequacy of the following licenses against the target's actual business activities.

License inventory: [attach or paste]
Actual business activities: [describe in detail — products sold, services delivered, customer types, delivery methods, jurisdictions of service delivery]

Coverage analysis for each license:
1. Extract the authorized activities from each license's face coverage or regulatory definition
2. Map each actual business activity against the authorizations available
3. Identify activities that appear to fall outside the coverage of any held license
4. Assess the severity of each coverage gap: technical gap / material violation / potential enforcement target
5. Identify remediation options for each gap: license amendment / supplementary license application / activity cessation

Output: Activity coverage matrix (activity / required license / held license / coverage status / gap severity) + remediation priority list + exposure estimate for identified coverage gaps

Prompt 4: Individual Professional Certification Verification

Verify the professional certifications of the following licensed professionals employed by the target.

Professionals to verify:
1. [Name] | License type: [attorney / CPA / PE / physician / securities professional / insurance agent / other] | States/jurisdictions of practice: [list]
2. [Repeat]

Verification required for each professional:
1. Confirm license is active and in good standing in each jurisdiction of practice
2. Check for any disciplinary actions, suspensions, or revocations in the applicable licensing board database
3. Identify any jurisdictions where the individual provides services but has not obtained the required local admission or licensure
4. Confirm continuing education compliance where applicable (CPE for CPAs, CLE for attorneys, PDH for engineers)
5. Flag any individual with disciplinary history that would affect their fitness for their role post-close

Output: Professional certification status register (individual / license type / jurisdiction / status / disciplinary history) + cross-jurisdictional practice gap analysis + fitness assessment for key role holders

Prompt 5: License Compliance and Renewal Action Plan

Generate a license compliance and renewal action plan based on the following license verification findings.

Findings:
- Expired licenses: [list]
- Licenses approaching expiration (within 90 days): [list]
- Missing authorizations requiring new applications: [list]
- Change-of-control approvals required: [list]

For each item:
1. Immediate action required: who should apply, what is required, what is the timeline?
2. Pre-close vs. post-close classification: must this be resolved before closing, or can it be addressed post-close with appropriate deal protection (escrow, representation, condition)?
3. Regulatory liaison requirements: does a specialized regulatory attorney need to be engaged for this application?
4. Disclosure to counterparties: does the license gap need to be disclosed to the seller (in representations), to regulators (as part of the change-of-control notice), or to key customers?

Output: License action plan (item / action / responsible party / timeline / pre/post-close / disclosure requirements) + deal conditions checklist for license-dependent closing requirements

23. AI Debt & Lien Encumbrance Search Aggregator

Searches UCC filings, mortgage records, tax liens, judgment liens, and cross-border security interest registers to build a complete picture of all encumbrances on the target's assets — enabling clean title delivery at closing and identifying unexpected lender consents.

Pain Point & How COCO Solves It

The Pain: Undiscovered Asset Encumbrances Prevent Clean Title Transfer and Create Lender Consent Failures

In M&A transactions, particularly asset purchase transactions, the ability to deliver clean title to assets — free of undisclosed liens, security interests, and encumbrances — is a fundamental condition to closing. Yet lien search results consistently reveal encumbrances that sellers failed to disclose, believed had been released but were not properly terminated, or simply forgot about from financing arrangements completed years earlier. A Uniform Commercial Code (UCC) financing statement remains effective for five years after filing and must be actively terminated by the secured party — but in practice, many lenders fail to file termination statements when loans are repaid, leaving stale UCC filings that technically remain effective against the debtor's collateral. In a bankruptcy scenario, a stale UCC filing that was not properly terminated could potentially be asserted by the lien holder's successor despite the underlying obligation having been discharged. The consequence of inheriting an undiscovered lien in an asset purchase is, at minimum, the cost and delay of obtaining a retroactive release — and at worst, the potential for the prior lender to assert priority against the acquired assets.

The complexity of lien search in commercial M&A has several dimensions that make manual execution challenging. UCC filings must be searched in multiple states — the debtor's state of incorporation, the state of the debtor's principal place of business, and any states where real property constituting collateral is located. The filing offices themselves have different search interfaces, different name search methodologies (some use exact name matching, others apply judgment), and different fees and processing times. Real property mortgage searches require county recorder offices, not centralized state databases, meaning a property portfolio in 20 counties in 5 states requires 20 separate county-level searches — each with its own interface, hours of availability, and index completeness. Federal and state tax lien searches require separate queries to the IRS and state departments of revenue. Judgment lien searches require court database queries. The aggregate search scope for a mid-market deal with a national operating footprint can run to 100+ individual searches, each requiring separate execution.

The lender consent problem compounds the challenge. Most secured lending facilities contain provisions requiring lender consent before the borrower can sell all or substantially all of its assets, undergo a change of control, or merge into another entity. The consequence of violating these provisions — even inadvertently — is a technical event of default under the credit agreement, which may trigger acceleration of all outstanding debt, cross-default provisions in other credit facilities, and automatic termination of hedging agreements. Identifying all secured creditors from lien search results and reviewing their credit agreements for consent or notification requirements is a critical pre-close step that requires both the lien search results and a careful reading of the governing loan documents. Missing a single creditor's consent requirement can destroy months of deal work at the last minute.

How COCO Solves It

UCC Financing Statement Search and Analysis: COCO executes comprehensive UCC lien searches:
- Queries UCC filing offices in all applicable states: the debtor's state of formation, state of principal place of business, and states where specific asset collateral is located
- Searches under the debtor's full legal name, all prior names identified in corporate history review, and any trade names or DBAs
- Retrieves and analyzes all filed financing statements: collateral description, secured party identity, filing date, and lapse date
- Distinguishes active filings (within 5-year effective period or subject to continuation statements) from lapsed filings (past effective date and not continued)
- Identifies stale filings that appear active but where the underlying obligation has been disclosed as repaid — and flags for termination statement follow-up
Real Property Mortgage and Deed of Trust Search: COCO searches real property encumbrances:
- Identifies all real property owned or leased by the target from the asset register and lease schedule
- Queries county recorder databases in all applicable counties for recorded mortgages, deeds of trust, and other encumbrances against owned real property
- Retrieves easements, CC&Rs, and other recorded encumbrances that may restrict use or development of real property assets
- Identifies any mechanics' liens or materialman's liens filed against construction or improvement projects at owned or leased facilities
- Cross-references mortgage records against disclosed financing facilities to identify any mortgages not referenced in the data room
Federal and State Tax Lien Search: COCO identifies government revenue liens:
- Queries IRS tax lien records for all federal tax liens filed against the debtor in all applicable filing offices
- Searches state department of revenue records for state income tax, sales tax, and payroll tax liens in all states where the target has operations
- Identifies the specific tax obligations underlying each identified lien — tax type, period, and amount assessed — from available public records
- Assesses whether identified tax liens represent resolved disputes (lien filed but subsequently released pending final determination) or genuine undisclosed tax liability
- Cross-references tax lien findings against the target's disclosed tax reserves and the results of the independent tax due diligence review
Judgment Lien and Litigation Creditor Search: COCO identifies judgment-related encumbrances:
- Searches court records for outstanding money judgments against the debtor — entered but not yet satisfied
- Identifies any judgment creditors who have recorded judgment liens against real property to secure collection of their judgments
- Cross-references identified judgment liens against the target's disclosed litigation register to identify any judgments not included in the litigation disclosure
- Searches for any foreign judgments that have been domesticated in US courts and may be enforceable against US assets
- Assesses the priority of identified judgment liens relative to purchase money security interests and proposed financing in the new structure
Cross-Border Security Interest Research: COCO addresses international asset encumbrances:
- Identifies and queries PPSR registers in Australia, New Zealand, and Canada for security interests against target assets in those jurisdictions
- Searches applicable European security interest registers (charges registers in UK, Ireland; security interest databases in France, Germany) for encumbrances on European assets
- Reviews the ISDA Global Close-out Netting Register and CFTC security interest data for financial collateral arrangements in derivatives counterparty portfolios
- Identifies any aircraft, vessel, or rolling stock encumbrances in applicable FAA, USCG, and state DMV records
- Generates a cross-border encumbrance register for each jurisdiction with identified assets
Lien Search Report and Release Coordination: COCO produces actionable encumbrance management deliverables:
- Generates a comprehensive lien search report with all identified encumbrances organized by jurisdiction, asset type, and secured party
- Produces a payoff and release planning matrix: for each active lien, the amount required for payoff, the release documentation required, and the timeline for obtaining a filed termination statement
- Identifies all secured creditors requiring deal consent under their credit agreements — providing a direct input to the consent management process
- Drafts a title company instruction letter for any real property transactions, detailing the encumbrances to be addressed before closing
- Creates a post-close lien clearance confirmation checklist to verify that all required releases and terminations have been properly filed

Results & Who Benefits

Measurable Results

Undisclosed lien identification rate: AI-aggregated lien searches identify encumbrances not disclosed by sellers in 31% of deals, with an average of 3.7 undisclosed filings per transaction
Multi-jurisdiction search coverage: AI automation covers 100% of identified jurisdictions requiring search vs. an average of 60–70% in manual deal processes under timeline pressure
Stale filing identification: AI effective-date calculation identifies lapsed or stale UCC filings in 44% of multi-state lien searches — reducing unnecessary payoff and release workload
Tax lien discovery: Independent tax lien searches identify undisclosed federal or state tax liens in 19% of deals where target's tax disclosure did not reference any outstanding liens
Lien search completion time: Full multi-jurisdiction lien search (50 filing offices) completed in under 24 hours vs. 2–4 weeks for manual multi-office search coordination

Who Benefits

Due Diligence Analysts: Execute complete, multi-jurisdiction lien searches without manually coordinating 50+ individual filing office requests, managing different interfaces, and tracking response timelines
M&A Legal Counsel: Receive a comprehensive, verified lien search report with encumbrance analysis and release planning that can be incorporated directly into closing documentation
Asset Purchase and Structured Finance Teams: Confirm that the assets being acquired or financed are free of undisclosed encumbrances — satisfying title and lien insurance requirements before closing
Title Companies and Escrow Agents: Obtain a complete, pre-closing encumbrance register that supports accurate title commitment preparation and identifies all items requiring resolution before closing can occur

💡 Practical Prompts

Prompt 1: Multi-State UCC Lien Search

Execute a comprehensive UCC lien search for the following debtor.

Debtor: [full legal name]
State of formation: [state]
Principal place of business: [state]
Prior legal names: [list all, with dates of name changes]
Trade names / DBAs: [list any]
Asset types to search: [all assets / specific: equipment / inventory / receivables / IP]

Search states:
- Primary: [state of formation + state of principal place of business]
- Additional: [list any states where significant assets are located]

For each filing found:
1. Secured party name and contact
2. Collateral description as stated in financing statement
3. Filing date and lapse date
4. Status: active / lapsed / subject to continuation / appears stale (disclosed as repaid)

Output: UCC search results register + active filing summary + stale filing flags + payoff/release requirement assessment for each active filing

Prompt 2: Real Property Encumbrance Search

Search for all encumbrances on the following real property assets.

Properties to search:
1. Address: [full address] | County: [county] | State: [state] | Owner of record: [entity name]
2. [Repeat for each property]

Search required for each property:
1. Current mortgages and deeds of trust: secured party, original amount, recording date, maturity date
2. Tax liens: federal and state tax liens recorded against the property
3. Mechanics' liens: any filed within the past [12 / 24] months
4. Judgment liens: any judgment creditors who have recorded against the property
5. Easements and CC&Rs: any recorded use restrictions, access easements, or covenants affecting the property

For each encumbrance: provide recording information, estimated payoff amount (if applicable), and release procedure.

Output: Per-property encumbrance register + title clearing requirements + estimated payoff amounts + timeline for lien releases

Prompt 3: Tax Lien Discovery and Assessment

Search for all federal and state tax liens against the following entity.

Entity: [full legal name, jurisdiction of formation]
Prior names: [list]
EIN: [if known]
States with operations: [list all]

Search scope:
1. IRS federal tax liens: all federal tax liens filed against the entity in [state of formation] and [principal place of business]
2. State tax liens: income tax, sales tax, payroll tax liens in each state of operations
3. Identify the tax type and period underlying each identified lien from available public records
4. Assess whether each lien appears to relate to a disclosed tax dispute or represents an undisclosed liability
5. Cross-reference against disclosed tax reserves and tax due diligence findings

Output: Tax lien register (jurisdiction / tax type / amount / filing date / status) + disclosure gap assessment (undisclosed liabilities) + recommended payoff and release coordination

Prompt 4: Secured Creditor Consent Analysis

Identify all secured creditors requiring consent or notification for the following transaction.

Lien search results: [attach or paste UCC, mortgage, and tax lien search results]
Transaction structure: [stock acquisition / asset sale / merger]
Available credit agreements: [attach or list material debt instruments in data room]

For each identified secured creditor:
1. Identify the specific provision in their credit agreement requiring consent or notification for a change-of-control or asset sale
2. Determine the consequence of non-compliance: event of default / acceleration / cross-default with other facilities
3. Assess whether consent is automatic on payoff (lien released at closing) vs. requires separate consent process
4. Identify any secured creditors whose consent terms include conditions beyond simple payoff (e.g., replacement lender approval, new owner financial ratios)
5. Estimate timeline for obtaining each required consent

Output: Secured creditor consent matrix + payoff and release coordination plan + critical path timeline for consent process + deal structuring implications for any consent that cannot be obtained

Prompt 5: Lien Clearance Confirmation Checklist

Generate a lien clearance confirmation checklist for the following transaction closing.

Encumbrances identified and planned for release:
1. [Encumbrance type]: [secured party] | Jurisdiction: [state/county] | Release method: [payoff / termination statement / release deed] | Status: [in process / completed]
2. [Repeat for each item]

Checklist structure:
1. Pre-close payoffs: confirm payoff amount received, payoff letter executed, and wire instructions confirmed
2. Release document execution: confirm secured party has executed the required termination statement, release of mortgage, or lien release
3. Filing confirmation: confirm termination statements and release deeds have been filed with the appropriate offices and filing confirmation received
4. Post-close confirmations: identify any releases not yet filed (e.g., county recorder filings that take days to process) — include in post-close action list
5. Title insurance requirements: confirm title company has received all releases required for clean title insurance policy issuance

Output: Lien clearance checklist with status tracking + pending items requiring follow-up + post-close filing confirmation requirements

24. AI Customer Concentration Risk Analyzer

Analyzes the target entity's customer revenue distribution, contract terms, renewal rates, and relationship stability — identifying dangerous revenue concentration, churn risk, and counterparty dependency that affect post-acquisition commercial continuity.

Pain Point & How COCO Solves It

The Pain: Customer Concentration Is the Most Common Driver of Post-Acquisition Revenue Underperformance

Customer concentration is the single most common reason that M&A transactions underperform their investment thesis: the business looked strong on its historical revenue trajectory, but the historical trajectory depended on one, two, or three customers that were either overrepresented in the reported financials relative to their long-term sustainability or explicitly subject to non-renewal risk that the seller understated. The problem with customer concentration is precisely that it is often invisible in aggregate financial metrics — a company with $50 million in revenue growing at 25% per year looks excellent until you learn that $30 million of that revenue comes from one customer whose contract expires in 12 months and who has been in active discussions with a competitor. At that point, the 25% growth rate is not the relevant metric for valuation — the relevant metric is what happens when that customer either renews at a lower volume or does not renew at all.

The analytical challenge is that customer concentration data is rarely presented in a form that enables genuinely rigorous analysis. Management presentations typically provide a top-10 customer revenue list, but this does not reveal the full extent of concentration for companies where customers 11–20 also represent disproportionate revenue share. Customer lists also do not reveal relationship dynamics: which customers were acquired recently through one-time promotions, which have been long-term relationships with demonstrated renewal patterns, and which are nominally large customers but are actually in active churning patterns masked by the reporting period's starting backlog. Contractual data is required to assess renewal exposure: when do material contracts expire, what are the renewal terms, and what is the cost to the customer of switching to a competitor at renewal? None of this information is presented proactively by sellers, and extracting it from a data room requires methodical analysis of customer contracts, revenue data by customer over multiple periods, and sales pipeline data that many sellers are reluctant to provide.

The relationship stability dimension adds a qualitative layer that is difficult to analyze from documents alone. Customer relationships are managed by account managers — sometimes the same individuals identified in the key person risk analysis — whose departure post-close may jeopardize the relationship. Customer satisfaction data, Net Promoter Scores, and executive relationship maps are qualitative inputs that rarely appear in due diligence but are often more predictive of post-close revenue performance than any financial metric. A customer whose key executive sponsor at the target's company is the CEO (who is leaving post-close) represents a very different risk from a customer relationship managed by an account manager who will remain post-close and who is protected by a contractual relationship rather than a personal one. This analysis requires integrating CRM data, management presentation claims, and key person risk findings into a coherent customer risk profile.

How COCO Solves It

Customer Revenue Concentration Analysis: COCO quantifies the full concentration picture:
- Processes customer-level revenue data to calculate concentration metrics: top 1, 3, 5, 10, and 20 customers as percentages of total revenue over the past 3 years
- Calculates the Herfindahl-Hirschman Index (HHI) for the revenue distribution — providing a single concentration score that enables comparison against sector benchmarks
- Identifies customers whose revenue share has been growing (concentration increasing) vs. declining (customer losing share or churning)
- Maps any recent new customer additions that represent exceptional one-time revenue not predictive of going-forward relationship value
- Generates a customer tier analysis: A-tier (strategic relationships), B-tier (material but replaceable), C-tier (transactional) — enabling risk calibration by tier
Contract Term and Renewal Risk Analysis: COCO assesses the contractual basis of key customer relationships:
- Extracts all material customer contracts from the data room and maps each against the corresponding customer revenue stream
- Identifies contract expiration dates: which major customer contracts expire within 12, 24, and 36 months of the projected closing date
- Reviews contract renewal terms: automatic renewal vs. affirmative renewal required, notice periods for non-renewal, and any early termination rights
- Identifies minimum purchase commitments and take-or-pay obligations that secure future revenue — distinguishing contracted from discretionary revenue
- Flags contracts with pricing mechanisms that create margin compression risk at renewal: price escalation caps, most-favored-nation clauses, and competitive rebidding requirements
Customer Churn and Retention Analysis: COCO models the historical and forward-looking retention picture:
- Calculates cohort-based retention rates: of customers acquired in each year, what percentage were still active in each subsequent year?
- Identifies customers who reduced their purchase volume significantly in the most recent period — a leading indicator of churn before complete departure
- Analyzes customer acquisition cost and lifetime value metrics (where data is available) to assess the economics of the customer base
- Cross-references customer retention against management claims of "long-term sticky relationships" — testing whether retention data supports the assertion
- Models forward revenue scenarios: applying historical retention rates to the current customer base to generate a probability distribution of future revenue
Customer Counterparty Financial Health Assessment: COCO assesses the risk of key customers themselves failing:
- Applies financial distress screening to the target's largest customers — credit ratings, adverse news, financial distress model scores
- Identifies any key customers who are themselves going through financial difficulty, ownership changes, or industry disruption
- Assesses the concentration of receivables with financially vulnerable customers — creating both revenue continuation risk and bad debt exposure simultaneously
- Reviews accounts receivable aging for key customers: is the largest customer also the slowest paying, indicating underlying financial stress?
- Generates a customer financial health register for the top 20 customers by revenue
Change-of-Control and Relationship Continuity Risk: COCO analyzes customer sensitivity to the acquisition:
- Reviews all major customer contracts for change-of-control provisions: consent rights, renegotiation triggers, and termination options
- Identifies customers who are competitors of the acquirer — and where acquiring the target would give them grounds to terminate or renegotiate
- Assesses customer relationship ownership: which customers have executive relationships with the target's key personnel (and therefore face key person risk)?
- Reviews any non-compete or exclusivity provisions in customer contracts that may conflict with the acquirer's existing business
- Generates a customer relationship continuity risk profile rating each major customer's likelihood of continuing, renegotiating, or exiting post-close
Customer Concentration Report and Commercial Due Diligence Integration: COCO delivers structured commercial findings:
- Generates a comprehensive customer concentration analysis report with financial metrics, contract analysis, retention modeling, and relationship stability assessment
- Produces a customer risk register ranking major customers by revenue significance, departure risk, and contract term exposure
- Creates a revenue probability distribution model showing the range of first-year post-acquisition revenue outcomes based on customer risk assessment
- Drafts targeted management interview questions for each high-risk customer relationship
- Summarizes customer concentration risk findings for investment committee in a format that quantifies the revenue-at-risk with probability weightings

Results & Who Benefits

Measurable Results

Revenue-at-risk quantification: AI-assisted customer analysis produces quantified revenue-at-risk estimates for 88% of transactions vs. qualitative "concentration concern" language in manual analyses
Contract expiration near-term risk identification: AI contract review identifies material customer contracts expiring within 24 months of close in 67% of reviewed deals — risk that was understated in management presentations
Historical churn pattern detection: Cohort retention analysis identifies churn deterioration trends in 29% of deals where management claimed "high retention rates" in their presentations
Customer financial distress early detection: Financial health screening of the top-20 customer base identifies financially vulnerable key customers in 23% of deals, representing concentrated receivable and revenue continuity risk
Post-close commercial underperformance correlation: Deals with AI-assisted customer concentration analysis show 41% fewer revenue underperformance surprises in the first 12 months post-close

Who Benefits

Due Diligence Analysts: Build a quantified customer concentration and contract risk profile from financial and contract data rather than relying on management-curated customer summary presentations
Commercial Due Diligence Consultants: Receive a structured contract term matrix and historical retention analysis that supplements their market and competitive position analysis with customer data-level risk quantification
Investment Committees and Deal Teams: Assess the revenue reliability of the investment thesis with granular customer-level analysis — adjusting entry valuation and deal structure based on quantified concentration risk
Post-Close Sales and Customer Success Teams: Receive a prioritized customer risk register at close, enabling immediate focus of retention resources on the highest-risk relationships before they churn

💡 Practical Prompts

Prompt 1: Customer Revenue Concentration Analysis

Analyze customer revenue concentration for the following entity.

Entity: [name]
Revenue data available: [customer-level annual revenue for years: specify — attach or paste]
Total reported revenue: [$amount per year]

Analysis required:
1. Calculate top-1, top-3, top-5, top-10, and top-20 customer revenue as percentages of total for each year
2. Calculate HHI concentration score and benchmark against sector typical ranges
3. Identify any customers whose revenue share has grown by more than 5 percentage points over the review period (increasing concentration)
4. Identify customers whose revenue share has declined by more than 5 percentage points (potential churn pattern)
5. Assess whether any one customer represents more than [20%/30%/40%] of total revenue — identify as critical concentration threshold

Output: Concentration metrics table per year + trend analysis + HHI score with sector benchmark + critical threshold flags + revenue-at-risk estimate if top-3 customers do not renew

Prompt 2: Material Customer Contract Review

Review the following material customer contracts for renewal risk and commercial continuity concerns.

Contracts to review: [attach or list top customer agreements]
Focus areas: [renewal terms / change-of-control provisions / pricing mechanisms / termination rights / minimum commitments]

For each contract:
1. Contract expiration date: when does the current term expire?
2. Renewal mechanism: automatic renewal with notice / affirmative renewal required / customer option to renew
3. Change-of-control provision: does the customer have termination or renegotiation rights on a change of control?
4. Pricing mechanism: fixed / CPI escalation / most-favored-nation / competitive rebid at renewal
5. Minimum purchase commitment: is there a contracted minimum, or is revenue fully discretionary?
6. Termination for convenience: can the customer terminate without cause, and if so, what is the notice period and any penalty?

Output: Contract review summary table + near-term expiration risk register (contracts expiring within 24 months) + change-of-control consent requirements + revenue protection assessment per contract

Prompt 3: Customer Retention Cohort Analysis

Conduct a customer retention cohort analysis for the following entity.

Entity: [name]
Customer data available: [new customer acquisition by year + customer active/inactive status by year — attach or paste]
Years to analyze: [specify 5-year period]

Cohort analysis required:
1. For each acquisition cohort year: calculate what percentage of customers acquired that year were still active after 1, 2, 3, 4, and 5 years
2. Identify retention rate trends: is retention improving, stable, or deteriorating over the review period?
3. Calculate net revenue retention rate: for customers retained, has their revenue grown or declined year over year?
4. Identify any specific cohorts with materially different retention patterns — and investigate whether there is an identifiable cause (pricing change, product change, management change)
5. Model forward revenue based on applying historical retention rates to the current customer base

Output: Retention cohort table + net revenue retention trend + forward revenue probability range + management presentation consistency check (do management claims about retention align with cohort data?)

Prompt 4: Post-Acquisition Customer Continuity Risk Assessment

Assess the risk of customer relationship disruption following the proposed acquisition.

Acquirer: [name, industry, competitive position]
Target: [name, customer base description]
Key customers at risk: [list customers with potential conflict, relationship sensitivity, or change-of-control exposure]

Risk assessment for each key customer:
1. Competitive conflict: is the acquirer a competitor, supplier to a competitor, or otherwise in a commercially sensitive relationship with this customer?
2. Contract exposure: does the customer have a change-of-control termination or renegotiation right?
3. Relationship ownership: which individual manages the relationship — is that person staying post-close?
4. Customer alternatives: are there ready alternative suppliers the customer could shift to without material switching cost?
5. Communication strategy: what is the optimal timing and framing for disclosing the transaction to this customer?

Output: Customer continuity risk register (customer / risk type / probability of disruption / revenue at risk / mitigation recommended) + post-announcement customer communication plan

Prompt 5: Revenue Scenario Modeling for Customer Risk

Build a revenue scenario model incorporating customer concentration and churn risk findings.

Base case revenue: [$amount for year 1 post-close]
Customer risk findings: [paste or attach customer concentration and contract analysis results]

Scenario modeling required:
1. Upside scenario: all major customer contracts renew, no material churn
   → Model revenue impact + probability estimate
2. Base scenario: typical historical churn rates apply; near-term expiring contracts renew at similar terms
   → Model revenue impact + probability estimate
3. Downside scenario: top-3 customer concentration results in one not renewing; one other customer experiencing financial distress causes reduced purchases
   → Model revenue impact + probability estimate
4. Severe downside: largest customer does not renew + key person departure disrupts 2 additional relationships
   → Model revenue impact + probability estimate

For each scenario: calculate implied EV/EBITDA multiple on projected revenue and assess whether the deal is still value-accretive.

Output: Scenario revenue model + probability-weighted expected revenue + deal valuation sensitivity to customer risk scenarios + recommended purchase price adjustment or escrow protection based on downside scenarios

25. AI Cybersecurity Posture Due Diligence Reviewer

Analyzes the target entity's cybersecurity architecture, breach history, regulatory compliance posture, and third-party vendor security risk — identifying material vulnerabilities, data privacy obligations, and cyber liability exposure before deal close.

Pain Point & How COCO Solves It

The Pain: Undetected Cybersecurity Vulnerabilities Become the Acquirer's Liability the Moment the Deal Closes

Cybersecurity due diligence has become one of the most rapidly evolving and consequential components of M&A review, driven by the convergence of three forces: dramatically increased cyber attack frequency and severity, expanding regulatory liability for data breaches and compliance failures, and a series of high-profile post-acquisition cyber incident discoveries that have imposed enormous remediation costs on acquirers who inherited vulnerabilities they never examined. The case of Marriott's acquisition of Starwood Hotels is the definitive example: a breach that originated in Starwood's systems before the acquisition was completed — but which Marriott discovered only two years post-close — ultimately cost Marriott approximately $1 billion in investigation, notification, regulatory fines, and remediation costs. The breach had begun years before the acquisition and was entirely detectable through pre-close technical security review. The lesson is stark: cyber risk does not wait for the new owner to complete their improvement plans. If a threat actor has already established persistence in the target's network, the acquirer inherits both the compromised environment and the liability for any damage that manifests post-close.

The regulatory dimension of cyber due diligence has expanded dramatically. Companies handling personal data of EU residents face GDPR obligations that require breach notification within 72 hours of discovery, impose fines of up to 4% of global annual revenue for material violations, and create data processor liability that follows the data rather than the original data controller. In the United States, the SEC's cybersecurity disclosure rules require material incident disclosure within four business days of a public company determining that a cybersecurity incident is material. State privacy laws in California (CCPA/CPRA), Virginia, Colorado, Texas, and 20+ other states impose data subject rights, opt-out mechanisms, and service provider contract requirements that must be systematically implemented. An acquirer inheriting a target with systemic GDPR non-compliance, inadequate breach response procedures, or missing state law privacy notices faces regulatory exposure that may materialize through regulatory investigation triggered by any subsequent incident — even one for which the acquirer is not operationally responsible.

The technical complexity of cybersecurity assessment is a significant barrier to adequate due diligence. Unlike financial or legal review, which works primarily from documents, genuine cybersecurity assessment requires technical access to network architecture diagrams, vulnerability scan results, penetration testing reports, endpoint detection and response telemetry, and threat intelligence feeds — most of which sellers are understandably reluctant to share with potential acquirers until advanced stages of the process, because the documents themselves are security-sensitive. This creates a structural due diligence challenge: the information most needed for assessment is the information sellers are most reluctant to provide. AI-assisted analysis of available documentation, combined with external threat intelligence and dark web monitoring, can identify material risk signals from the limited information typically provided in data rooms — enabling informed risk assessment without requiring premature technical access that sellers legitimately want to protect.

How COCO Solves It

Cybersecurity Documentation and Policy Assessment: COCO evaluates the target's documented security posture:
- Reviews all cybersecurity-related documentation in the data room: security policies, incident response plans, vulnerability management procedures, penetration testing reports, and security awareness training records
- Assesses documentation coverage against NIST Cybersecurity Framework (CSF), ISO 27001, CIS Critical Security Controls, and SOC 2 Type II standards as applicable
- Evaluates the maturity of the incident response plan: does it cover detection, containment, eradication, recovery, and notification procedures? Has it been tested through tabletop exercises?
- Reviews penetration testing reports (where provided) for scope, methodology, critical findings, and remediation status of identified vulnerabilities
- Generates a security program maturity score by domain (governance, risk management, technical controls, incident response, vendor management) with gap identification
Data Privacy and Compliance Posture Review: COCO assesses regulatory privacy compliance:
- Identifies all data types processed by the target (personal data, sensitive personal data, protected health information, financial data) and maps them against applicable regulatory regimes
- Verifies GDPR compliance foundations: lawful basis for processing, data subject rights mechanisms, privacy notices, data processing agreements with vendors, and data protection officer designation
- Assesses CCPA/CPRA compliance: opt-out mechanisms, consumer rights request procedures, service provider agreements, and annual privacy report obligations
- Reviews breach response procedures against applicable notification timelines (GDPR 72-hour requirement, state breach notification deadlines)
- Identifies any prior data privacy regulatory investigations, enforcement actions, or consent decrees that impose ongoing compliance obligations
Known Breach and Incident History Investigation: COCO surfaces cybersecurity incident history:
- Reviews disclosed cybersecurity incident history in the data room: security incident logs, breach notification letters sent to regulators or affected individuals, insurance claims related to cyber incidents
- Searches public breach disclosure databases (HHS Wall of Shame for healthcare breaches, SEC 8-K filings for material cyber incidents, state AG breach notifications) for any disclosed incidents involving the target
- Queries dark web monitoring databases and threat intelligence feeds for evidence of the target's data appearing in criminal forums — a potential indicator of an undisclosed breach or active compromise
- Checks cybercriminal infrastructure databases for any evidence of the target's systems or credentials being listed for sale or having been recently exfiltrated
- Assesses the completeness of disclosed incident history against independent threat intelligence findings
Third-Party and Supply Chain Cyber Risk Assessment: COCO evaluates vendor-introduced cyber risk:
- Identifies all material technology vendors, SaaS providers, and cloud infrastructure services used by the target from contracts and technical descriptions
- Assesses vendor security posture: reviews available SOC 2 reports, ISO 27001 certificates, and security questionnaire responses for critical vendors
- Identifies vendors with known security vulnerabilities or recent breach disclosures — vendors whose compromise could create supply chain attack pathways into the target's environment
- Reviews data processing agreements with vendors for GDPR/CCPA compliance and security requirements
- Flags any vendor relationships that create single points of failure for the target's cybersecurity posture
Cyber Insurance Coverage and Claims History Review: COCO analyzes cyber insurance adequacy:
- Reviews the target's cyber insurance policy for coverage scope, limits, deductibles, sublimits, and exclusions relevant to material identified risks
- Assesses whether coverage limits are adequate relative to the target's data breach notification obligations, data volume, and regulatory exposure
- Identifies any material exclusions that may leave significant risks uninsured: state-sponsored attack exclusions, war exclusions, retroactive date limitations
- Reviews prior cyber insurance claims history for evidence of prior incidents not fully disclosed in the data room
- Recommends post-close insurance enhancements based on identified coverage gaps and post-acquisition risk exposure increase
Cybersecurity Due Diligence Report and Remediation Roadmap: COCO delivers structured security findings:
- Generates a comprehensive cybersecurity due diligence report organized by risk domain with maturity ratings and specific finding descriptions
- Produces a critical vulnerability register prioritized by severity, exploitability, and potential impact on deal value
- Drafts a 90-day post-close cybersecurity remediation roadmap with prioritized actions, resource requirements, and expected outcomes
- Creates deal structuring recommendations: cybersecurity escrow sizing, warranty provisions covering known vulnerabilities and breach history, and post-close remediation obligations
- Summarizes total estimated post-close cybersecurity remediation investment to achieve the acquirer's target security standard

Results & Who Benefits

Measurable Results

Undisclosed cyber incident identification: Dark web and threat intelligence monitoring identifies evidence of undisclosed data breaches or compromised credentials in 24% of targets reviewed
Data privacy compliance gap identification: Privacy regulatory compliance review identifies material GDPR or state privacy law compliance failures in 61% of technology and data-intensive acquisition targets
Third-party vendor security risk flagging: Vendor security assessment identifies critical vendors with known security vulnerabilities in 38% of targets — creating supply chain attack pathway risk
Cyber insurance adequacy gap: Insurance coverage analysis identifies material sublimit or exclusion gaps in 45% of targets' existing cyber policies relative to their actual risk profile
Post-close remediation cost estimation: AI-assisted security assessment provides post-close remediation cost estimates that align with actual remediation spend within ±30% in 72% of tracked transactions

Who Benefits

Due Diligence Analysts: Conduct a structured cybersecurity due diligence review from available documentation and external intelligence sources without requiring specialist security engineering expertise for the initial assessment phase
CISOs and Technical Security Teams: Receive a pre-structured security posture assessment and vendor risk map that focuses their technical assessment on the most significant risk domains — compressing the technical review timeline
M&A Counsel and Deal Teams: Quantify cyber and privacy liability exposure in deal economic terms and structure appropriate representations, warranties, and escrow provisions addressing disclosed vulnerabilities
Cyber Insurance Brokers and Underwriters: Assess the target's pre-acquisition security posture and incident history to inform post-close cyber insurance placement, coverage structuring, and premium determination

💡 Practical Prompts

Prompt 1: Cybersecurity Documentation and Maturity Assessment

Assess the cybersecurity program maturity of the following entity based on available documentation.

Entity: [name]
Industry: [technology / healthcare / financial services / manufacturing / other]
Data types processed: [personal data / PHI / financial data / IP / government data]
Documentation provided in data room: [attach or list: security policies / incident response plan / pen test reports / SOC 2 / ISO 27001 certificate / vendor security assessments]

Assessment required against NIST CSF domains:
1. Identify function: asset inventory, risk assessment, governance documentation — present/absent/partial
2. Protect function: access control policy, encryption standards, security awareness training, vulnerability management — present/absent/partial
3. Detect function: monitoring and detection capabilities, log management, SIEM — evident from documentation?
4. Respond function: incident response plan completeness, breach notification procedures, tabletop exercise records
5. Recover function: business continuity and disaster recovery documentation, RTO/RPO objectives, backup testing

Output: Maturity score per domain + gap register + priority remediation recommendations + estimated time to achieve target maturity level

Prompt 2: Data Privacy Compliance Review

Review the data privacy compliance posture of the following entity.

Entity: [name]
Data processing activities: [describe personal data collected, processed, and shared]
Applicable regulations: [GDPR / CCPA/CPRA / HIPAA / state privacy laws / other]
Documentation available: [privacy policy / DPAs / privacy notices / data mapping / breach notification procedures — attach or describe]

Compliance review:
1. Data mapping: is there a documented record of processing activities (ROPA for GDPR)? Does it cover all identified data types?
2. Lawful basis: is there a documented lawful basis for each processing activity under GDPR?
3. Data subject rights: are procedures in place for access, deletion, correction, and portability requests?
4. Vendor DPAs: are data processing agreements in place with all material vendors receiving personal data?
5. Breach response: are procedures in place to detect, assess, and notify within GDPR 72-hour and applicable state deadlines?
6. Prior enforcement: any prior regulatory investigations, fines, or consent decrees?

Output: Compliance gap matrix (requirement / status / gap severity) + estimated regulatory exposure for material gaps + remediation roadmap with timeline

Prompt 3: Breach History and Dark Web Intelligence Review

Investigate the cybersecurity incident history of the following entity using disclosed records and external intelligence.

Entity: [name, domain name(s), IP ranges if known]
Incident history disclosed: [list any disclosed breaches or incidents from data room]
Intelligence sources to query: [dark web monitoring databases / public breach disclosure databases / threat intelligence feeds]

Investigation required:
1. Cross-reference disclosed incidents against public breach disclosure databases (HHS Wall of Shame, SEC filings, state AG notifications) — identify any public disclosures not included in the data room
2. Query dark web monitoring services for evidence of the entity's data appearing in criminal forums (email addresses, credentials, PII databases)
3. Check threat intelligence feeds for indicators of compromise (IOCs) associated with the entity's domain or IP ranges
4. Identify any ransomware group claiming responsibility for incidents involving the entity
5. Assess the completeness of the disclosed incident history relative to external intelligence findings

Output: Incident history register + undisclosed incident flags + dark web finding summary + overall breach risk profile (no known historical issues / potential undisclosed incident / active compromise indicators)

Prompt 4: Third-Party Vendor Cybersecurity Risk Assessment

Assess the cybersecurity risk introduced by the following entity's critical technology vendors.

Entity: [name]
Critical vendors identified: [list key SaaS providers, cloud infrastructure, and data processing vendors]

For each critical vendor:
1. Review available security documentation: SOC 2 Type II report / ISO 27001 certificate / security questionnaire response — assess scope and currency
2. Check for known recent security incidents involving the vendor: public breaches, ransomware attacks, supply chain compromises
3. Assess data access: what data does this vendor have access to, and what is the data breach impact if the vendor is compromised?
4. Review data processing agreement: is a current DPA in place with appropriate security requirements and breach notification obligations?
5. Assess single-point-of-failure risk: if this vendor's services became unavailable, how long could the business operate?

Output: Vendor security risk register (vendor / data access / security posture / known incidents / DPA status / risk rating) + critical vendor risk priority list + recommended contractual enhancements

Prompt 5: Post-Close Cybersecurity Remediation Roadmap

Generate a post-close cybersecurity remediation roadmap based on the following due diligence findings.

Security findings: [paste or attach cybersecurity due diligence report]
Post-close target security standard: [describe acquirer's cybersecurity standard or reference framework, e.g., NIST CSF Target Profile]
Integration timeline: [12 months / 18 months / 24 months]

Roadmap structure:
1. Day 1 to 30 (immediate): critical vulnerabilities requiring immediate action — active threats, incident response capability gaps, critical access control failures
2. 30 to 90 days: high-priority remediation — vulnerability management program, endpoint protection, privileged access management, incident response testing
3. 90 to 180 days: significant items — SIEM/SOC capability, vendor security review, privacy compliance remediation
4. 180 days to 12 months: maturity improvement — penetration testing program, zero-trust architecture progression, staff security awareness

For each action: identify responsible party (internal / external consultant), estimated cost, expected outcome, and success metric.

Output: Phased cybersecurity remediation roadmap + total estimated cost by phase + day-1 critical actions + integration milestones aligned with overall deal integration plan

26. AI Employment & Labor Law Compliance Auditor

Audits the target entity's employment practices, workforce classifications, benefits compliance, collective bargaining obligations, and labor law violations across all operating jurisdictions — identifying exposure that affects deal value, post-close operations, and employee transition planning.

Pain Point & How COCO Solves It

The Pain: Labor Law Non-Compliance Creates Immediate Post-Close Enforcement and Employee Claims Exposure

Employment and labor due diligence is one of the most underweighted workstreams in M&A, typically receiving far less time and depth than financial, legal, or tax diligence despite the fact that workforce-related liabilities have become one of the fastest-growing sources of post-acquisition claims. Worker misclassification — the practice of treating employees as independent contractors to avoid payroll taxes, benefits obligations, and employment law protections — is endemic in technology, gig economy, and professional services businesses. The IRS, DOL, and equivalent agencies in every major jurisdiction have dramatically increased enforcement of misclassification claims, and the successor liability for unpaid payroll taxes, back benefits, and penalties is substantial: a company with 100 misclassified workers paying an average of $80,000 in contractor fees annually may have $2–4 million in accumulated payroll tax liability, plus potential employee benefits claims for each period during which the workers were denied health insurance, 401(k) contributions, and other ERISA-covered benefits. That liability transfers with a stock acquisition.

The collective bargaining dimension adds governance complexity that many acquirers fail to anticipate. The NLRA imposes obligations on successors that acquire a business and continue to employ a majority of the predecessor's employees in a substantially unchanged bargaining unit — obligations that may require bargaining with an inherited union over the terms of the post-close transition before the acquirer can implement desired changes. Many post-close integration plans — including headcount reductions, benefit changes, work rule modifications, and facility consolidations — are constrained by collective bargaining agreements that survive the acquisition. An acquirer who plans to harmonize the target's benefit structure with its own without adequately reviewing the CBA's benefit provisions may face unfair labor practice charges and arbitration demands that are expensive to defend and can delay planned cost synergies by 12–24 months.

The benefits compliance dimension represents a distinct and substantial liability category. ERISA governs defined benefit pension plans, 401(k) plans, and welfare benefit plans for US employers — and its violation can result in DOL enforcement actions, plan disqualification (causing immediate income tax on all plan assets for participants), and personal liability for plan fiduciaries. Underfunded defined benefit pension plans create obligations that the acquirer must assume: a plan that is $50 million underfunded at acquisition pricing is a $50 million liability that must be funded over a defined period regardless of the acquirer's own financial performance. Multi-employer pension plans create contingent withdrawal liability that can be triggered by the transaction itself — creating a liability for a share of the plan's total underfunding that the target's actuary has likely never fully disclosed.

How COCO Solves It

Worker Classification Compliance Review: COCO analyzes misclassification risk:
- Extracts the target's independent contractor population from payment records, 1099 data, and contractor agreements
- Applies the IRS 20-factor test, ABC test (applicable in California and other states), and Department of Labor economic realities test to each significant contractor category
- Identifies contractors who exhibit characteristics of employees: fixed work schedule, provision of equipment, supervision, and integration into core business operations
- Calculates estimated payroll tax liability, benefits entitlement exposure, and state law premium pay exposure for identified misclassified workers
- Reviews any prior IRS, DOL, or state agency investigations or assessments related to worker classification
ERISA Benefits Compliance Audit: COCO reviews employee benefit plan compliance:
- Reviews qualified plan documentation (plan documents, SPDs, trust agreements) for compliance with current law and IRS/DOL requirements
- Identifies any plan design features that may be out of compliance with current law (compensation limits, non-discrimination testing, plan document restatement requirements)
- Reviews 401(k) plan administration for timely remittance of employee contributions, proper loan processing, and required employer contribution funding
- Assesses defined benefit plan funding status and projected contribution requirements over the next 5 years
- Identifies any prohibited transactions, fiduciary breaches, or plan violations disclosed in Form 5500 filings
Collective Bargaining Agreement Analysis: COCO reviews union contracts and labor relations:
- Extracts all active collective bargaining agreements and identifies covered employee populations and business units
- Analyzes CBA terms affecting integration plans: wage scales, benefits provisions, work rules, layoff procedures, subcontracting restrictions, and successorship language
- Identifies CBA expiration dates and upcoming renegotiation cycles — flagging negotiations that will occur in the first 12–24 months post-close
- Reviews any pending grievances, arbitrations, or unfair labor practice charges under existing CBAs
- Assesses NLRA successorship obligations: whether the acquirer will be bound by the inherited CBA and what its bargaining obligations are post-close
Wage and Hour Compliance Assessment: COCO identifies wage and hour violations:
- Reviews payroll records for overtime calculation accuracy, minimum wage compliance, and meal/rest break compliance in applicable states
- Identifies any exempt employee classifications that may be misapplied — particularly in light of recent DOL changes to salary threshold requirements
- Reviews tip pooling practices, commission calculation accuracy, and piece-rate compliance for relevant business types
- Identifies any pending or historical wage and hour class actions or collective actions that create ongoing liability
- Calculates estimated exposure for identified wage and hour violations under applicable state and federal statutes, including back pay, liquidated damages, and attorneys' fees
Employment Agreement and Non-Compete Review: COCO analyzes workforce contractual landscape:
- Reviews executive employment agreements for severance obligations, change-of-control payments, and non-compete/non-solicitation provisions
- Assesses the enforceability of non-compete provisions across the applicable jurisdictions (California, FTC rule implications, state-by-state enforceability variations)
- Identifies employees without signed employment agreements who perform sensitive roles or hold material intellectual property
- Reviews offer letters and equity grant agreements for change-of-control acceleration provisions that create transaction-cost obligations
- Generates a workforce contractual exposure summary — aggregate severance, change-of-control payments, and equity acceleration triggered by the proposed transaction
Workforce Due Diligence Report and Post-Close HR Roadmap: COCO delivers actionable labor findings:
- Generates a comprehensive employment and labor compliance report organized by risk category (classification / ERISA / collective bargaining / wage and hour / employment agreements)
- Produces a quantified exposure register for each identified compliance failure with probability, estimated liability range, and timeline
- Drafts a post-close HR transition roadmap: benefits harmonization plan, classification remediation program, and CBA management strategy
- Creates a WARN Act compliance analysis: identifies any planned post-close workforce reductions that may trigger advance notification requirements
- Summarizes deal structuring implications: escrow recommendations for identified labor liabilities, representations and warranties coverage, and employee retention plan requirements

Results & Who Benefits

Measurable Results

Worker misclassification liability identification: AI classification analysis identifies material misclassification exposure in 47% of technology, staffing, and gig economy acquisitions, with average identified liability of $2.1M
ERISA compliance violation identification: Benefits compliance review identifies material ERISA plan violations in 29% of targets, including contribution timing failures, plan document outdatedness, and non-discrimination test failures
Wage and hour exposure discovery: Overtime, minimum wage, and exemption classification issues identified in 39% of service-intensive business acquisitions
CBA integration conflict identification: AI CBA analysis identifies specific post-close integration plan conflicts with collective bargaining provisions in 53% of unionized business acquisitions
Transaction cost quantification: Aggregate employment-related transaction costs (severance, change-of-control, equity acceleration) quantified in dollar terms for 91% of deals vs. qualitative estimates only in manual analysis

Who Benefits

Due Diligence Analysts: Conduct a systematic employment and labor compliance review without requiring specialist employment law expertise for the initial risk assessment — producing a structured findings set for employment counsel review
Employment and Benefits Counsel: Receive a pre-structured misclassification analysis, benefits compliance audit, and CBA term review that focuses their legal analysis on interpretation and remediation rather than data gathering
HR and Integration Planning Teams: Understand all inherited employment obligations, CBA constraints, and compliance remediation requirements before finalizing post-close integration plans — avoiding plans that are contractually or legally infeasible
Investment Committees: Quantify total workforce-related transaction costs and compliance remediation costs as inputs to valuation modeling rather than treating them as unquantified contingent liabilities

💡 Practical Prompts

Prompt 1: Worker Classification Risk Assessment

Assess the worker misclassification risk for the following entity's independent contractor population.

Entity: [name]
Independent contractor population: [number of contractors, annual spend, functional areas]
Geographic locations: [list states where contractors work — California, New York, New Jersey present elevated risk]
Available documentation: [contractor agreements / payment records / 1099 data — attach or describe]

For the highest-risk contractor categories:
1. Apply IRS 20-factor test: which indicators support employee status vs. contractor status?
2. Apply ABC test (for California and applicable states): can the company satisfy all three prongs?
3. Identify the specific conduct indicators creating misclassification risk (company equipment, fixed schedule, integration into core business)
4. Calculate estimated exposure: back payroll taxes (FICA employer share), benefits entitlement claims, state premium pay exposure, wage and hour violations
5. Identify any prior agency investigations or assessments on record

Output: Classification risk assessment per contractor category + quantified exposure estimate + recommended pre-close remediation options (reclassification / contract restructuring / voluntary disclosure program)

Prompt 2: Employee Benefits Plan Compliance Review

Review the employee benefit plans of the following entity for ERISA compliance issues.

Entity: [name]
Plans to review:
- 401(k) plan: [plan name, current year Form 5500 status, employee/employer contribution structure]
- Defined benefit pension plan (if applicable): [funded status, actuary report — attach or describe]
- Health and welfare plans: [medical, dental, vision, life insurance — describe]

Review required:
1. Plan documents: confirm plan documents are current (restated for SECURE Act, SECURE 2.0, and other recent legislative changes)
2. Non-discrimination testing: confirm most recent 401(k) ADP/ACP test results; assess DB plan non-discrimination compliance
3. Contribution timing: confirm employee deferrals are remitted within the DOL's 7-business-day safe harbor (small plans) or as soon as administratively feasible (large plans)
4. DB funding status: confirm pension funding level and projected minimum required contribution over the next 5 years
5. Multi-employer plan exposure: identify any multi-employer pension plan participation and estimate withdrawal liability

Output: Benefits compliance assessment + identified violations with DOL/IRS correction program recommendations + DB funding liability quantification + transaction cost impact of inherited benefits obligations

Prompt 3: Collective Bargaining Agreement Integration Analysis

Analyze the following collective bargaining agreements for post-close integration implications.

CBAs in scope:
1. [Union name] | Covering: [employee group] | Expiration: [date] | Employees covered: [number]
2. [Repeat]

Integration plan elements to analyze against CBA terms:
- Headcount reductions: [planned number and location]
- Benefit harmonization: [description of planned changes to align with acquirer's benefit structure]
- Work rule changes: [describe]
- Facility consolidations: [locations affected]
- Subcontracting plans: [describe any planned work being moved to third parties]

For each integration element:
1. Identify relevant CBA provisions that may constrain or prohibit the planned action
2. Assess whether the CBA requires bargaining before the change can be implemented
3. Estimate delay to implementation if bargaining is required
4. Identify successorship obligations: will the acquirer be bound by the inherited CBA as a successor employer?

Output: Integration constraint register (planned action / CBA restriction / bargaining required / timeline impact) + successorship obligation analysis + recommended labor relations strategy

Prompt 4: Wage and Hour Compliance Assessment

Assess the wage and hour compliance of the following entity.

Entity: [name]
Workforce profile: [number of employees, exempt vs. non-exempt breakdown, hourly vs. salaried, states of employment]
Available data: [payroll records / time-keeping records / employee classification list — attach or describe]

Assessment areas:
1. Overtime compliance: are non-exempt employees receiving overtime at 1.5x for all hours over 40 per week (FLSA) and applicable state premium pay rates?
2. Exempt classification accuracy: are employees classified as exempt meeting salary threshold (currently $684/week federal; higher in some states) and duties test requirements?
3. Meal and rest break compliance: California, New York, and other mandatory break states — are required breaks provided and paid correctly?
4. Off-the-clock work: any evidence of employees performing work before/after clock-in or being pressured not to record all hours?
5. Tip and commission calculation: for tipped or commissioned employees — are tip credits applied correctly and commission calculations compliant with state law?

Output: Wage and hour compliance assessment + estimated exposure per violation category + identification of any pending class actions or collective actions + priority remediation items

Prompt 5: Transaction-Triggered Employment Cost Quantification

Quantify all employment-related costs triggered by the proposed transaction.

Transaction: [stock purchase / asset purchase / merger]
Entity: [name]
Employment agreements and equity plans: [attach or describe key agreement terms]

Costs to quantify:
1. Severance obligations: any employment agreements providing change-of-control severance — calculate aggregate payout if triggered
2. Equity acceleration: identify all equity awards with change-of-control acceleration provisions — calculate fair value of accelerated awards
3. Change-of-control bonus obligations: any standalone change-of-control bonuses in employment or retention agreements
4. Retention bonuses: any retention agreements already in place that will vest at or after closing
5. WARN Act obligations: if post-close headcount reductions are planned, calculate WARN Act notice periods and potential pay-in-lieu obligations for affected employees by jurisdiction

Output: Employment cost summary table (cost category / employees affected / aggregate amount) + total transaction-triggered employment cost + treatment in purchase price allocation + recommended deal structuring to optimize costs

27. AI Real Property & Asset Title Verification Tool

Verifies legal title, encumbrances, zoning compliance, and lease assignment rights for all real property and material tangible assets held by the target — identifying title defects, restriction violations, and landlord consent requirements before deal close.

Pain Point & How COCO Solves It

The Pain: Real Property Title Defects and Lease Assignment Failures Create Post-Close Operational and Legal Crises

Real property due diligence sits at the intersection of title law, land use regulation, and commercial contract law — three disciplines that most deal teams underweight relative to financial and legal review, despite the fact that real property issues have a unique ability to render a post-close business non-operational. A manufacturing facility whose title is encumbered by an undisclosed easement giving a utility company access rights that interfere with planned expansion cannot be developed without expensive litigation. A retail location operating under a lease whose assignment requires landlord consent cannot legally be transferred to the acquirer without that consent — and a landlord who exercises their consent rights may demand lease renegotiation on substantially less favorable terms. An industrial property discovered post-close to be in violation of its zoning designation may face stop-work orders that halt operations while regularization proceedings are pursued. Each of these scenarios is discoverable through adequate pre-close real property due diligence — and each is expensive and disruptive when discovered after the deal closes.

The complexity of real property due diligence is geometric in deals involving multi-location operating businesses. A retail chain with 200 store locations, a healthcare network with 50 facilities, or a logistics company with 30 distribution centers represents a massive real property portfolio — each with its own lease, its own property record, its own zoning history, and its own set of recorded encumbrances. The aggregate burden of verifying title, reviewing leases, confirming zoning compliance, and searching for encumbrances at each location is enormous. Most deal processes respond to this burden by performing detailed review on only the most significant properties and accepting management representations for the remainder — a risk-management approach that is understandable but creates genuine exposure. The locations receiving cursory review are often the ones with problems: they are the older facilities, the recently acquired properties, or the locations in less familiar markets where the target's own property management may have been inadequate.

The commercial lease landscape creates a distinct layer of complexity in asset purchases and acquisitions of multi-location businesses. Commercial leases frequently contain assignment restrictions that prohibit the tenant from assigning the lease without landlord consent — and many leases define "assignment" broadly enough to include indirect assignments triggered by a change of control of the tenant entity. The consequences of a non-consented assignment vary: some leases make the assignment void, some give the landlord a termination right, some require the assignor to remain liable as a guarantor. In a retail or hospitality acquisition where the entire business model depends on maintaining the current location portfolio, a landlord who exercises their rights to terminate a group of leases — or demands substantial rent increases as the price of consent — can destroy the economics of the deal. Identifying these provisions before signing, and managing the consent solicitation process as part of the pre-close timeline, is a fundamental deal management task.

How COCO Solves It

Real Property Asset Inventory Construction: COCO builds a complete property register:
- Extracts all owned and leased real property from the target's property register, lease schedules, balance sheet, and data room documentation
- Identifies all properties by legal description, address, county, state, and title holder entity — cross-referencing against corporate registry records to confirm entity alignment
- Categorizes properties by type (owned fee / ground lease / commercial lease / license / easement) and by operational significance (critical / significant / non-core)
- Flags any properties where the title holder entity differs from the operating entity — identifying title held in a related party entity not immediately apparent in the corporate structure
- Generates a complete property register as the foundation for all subsequent property-level due diligence
Title Search and Encumbrance Analysis: COCO investigates title quality for owned properties:
- Queries county recorder databases and title plant records for all owned properties to retrieve the full chain of title, recorded mortgages, liens, easements, and restrictions
- Identifies any gaps or breaks in the chain of title that may create title defect issues requiring curative action
- Reviews recorded easements for scope and impact: utility easements, access easements, conservation easements, and road right-of-way
- Identifies restrictive covenants in deeds or CC&Rs that may restrict the use, development, or disposition of the property
- Generates a per-property title risk assessment with specific defects identified and curative action recommendations
Commercial Lease Assignment and Change-of-Control Analysis: COCO analyzes lease transfer requirements:
- Reviews all material leases for assignment restriction provisions: defines "assignment," specifies consent procedure, and describes landlord's rights on non-consented assignment
- Identifies leases with change-of-control definitions that capture indirect transfers through corporate ownership changes
- Classifies each lease by consent requirement: freely assignable / notice required / consent required / consent not to be unreasonably withheld / absolute consent required
- Prioritizes consent requirements by property operational significance and landlord market leverage
- Generates a lease assignment consent matrix as input to the pre-close consent management process
Zoning and Land Use Compliance Verification: COCO verifies that properties comply with applicable zoning:
- Identifies the current zoning designation for each material property from county assessor, planning department, and zoning map databases
- Verifies that the current use of each property is a permitted use in its zoning designation — or a lawful non-conforming use
- Flags any recently issued zoning amendments or pending re-zoning applications that may affect the property's current use
- Identifies properties requiring special use permits or conditional use permits — and confirms those permits are current and transferable
- Reviews any building code violations, open permits, or certificate of occupancy issues that may restrict current operations or require remediation
Key Lease Term Review and Risk Assessment: COCO extracts and analyzes critical commercial lease provisions:
- Extracts key economic terms: rent and rent escalation, free rent periods, operating expense pass-throughs, CAM cap provisions
- Identifies lease expiration dates, renewal options (exercised or unexercised), and holdover provisions
- Reviews tenant default provisions and cure periods — assessing current compliance and any pending default risk
- Identifies any lease provisions affected by the target's financial condition: cross-default provisions, financial covenant requirements, and letter of credit or deposit obligations
- Summarizes aggregate lease obligation profile: total minimum lease payments by year, upcoming lease expirations, and unexercised renewal options that represent value if timely exercised
Real Property Due Diligence Report and Closing Requirements: COCO delivers structured property findings:
- Generates a portfolio-level real property report with owned property title analysis, leased property consent matrix, zoning compliance summary, and key lease terms
- Produces a pre-close action matrix: title curative items, landlord consent solicitations, zoning compliance corrections, and survey updates required before closing
- Creates a post-close property management transition plan: lease assignment filings, title insurance policy updates, and landlord notification obligations
- Drafts representations and warranty recommendations for real property: title, lease compliance, zoning, and no material default
- Summarizes aggregate real property risk exposure for deal economic analysis, including any properties where pre-close issues cannot be resolved and post-close remediation costs apply

Results & Who Benefits

Measurable Results

Lease assignment requirement identification: AI lease review identifies change-of-control consent requirements in 78% of deals involving multi-location operating businesses with commercial lease portfolios
Title defect identification rate: AI county recorder database review identifies undisclosed title encumbrances in 26% of owned property reviews — including easements, recorded restrictions, and stale mortgages
Zoning compliance gap detection: Zoning verification identifies current-use compliance issues at 14% of reviewed properties in multi-facility portfolio reviews
Portfolio lease review efficiency: AI extraction of key lease terms from a 200-lease portfolio completed in under 3 business days vs. 6–8 weeks for manual attorney lease review
Landlord consent management lead time: Early identification of consent requirements enables consent solicitation beginning 3–4 months earlier in the deal process, reducing closing delay risk by an estimated 60%

Who Benefits

Due Diligence Analysts: Execute portfolio-level lease extraction, zoning verification, and title flag identification without manually reviewing each property file across multiple county databases
Real Estate and Property Counsel: Receive a pre-structured property inventory, lease consent matrix, and title flag register that focuses their legal review on interpretation and curative action rather than data gathering
Commercial Real Estate Teams: Use the AI-generated lease term matrix and expiration schedule to plan post-close portfolio management — renewals, relocations, and optimization decisions — before the close
Transaction Management Teams: Identify all landlord consent requirements early in the process, enabling a structured consent solicitation timeline that doesn't compress against the closing date

💡 Practical Prompts

Prompt 1: Real Property Asset Inventory and Prioritization

Build a complete real property inventory for the following entity and prioritize properties for detailed due diligence.

Entity: [name]
Property information available: [lease schedule / fixed asset register / property list — attach or describe]

Inventory requirements:
1. For each property: address, legal description (if available), property type (owned / leased / licensed), title holder entity, operational use
2. Map title holder entities against the corporate structure — flag any properties held in entities not identified in the main corporate structure
3. Categorize each property by operational significance: critical (operations would cease without it) / significant (important but alternatives exist) / non-core (ancillary or non-operational)
4. Identify the top 20% of properties by operational significance for detailed due diligence priority
5. Identify any properties where title information is incomplete or where the entity's ownership or lease status is uncertain

Output: Complete property register + operational significance tier + detailed review priority list + data room request for missing property documentation

Prompt 2: Commercial Lease Assignment Consent Analysis

Analyze the following commercial leases for assignment and change-of-control consent requirements.

Transaction structure: [stock acquisition / asset purchase]
Leases to review: [attach or paste lease extracts — specifically Section [X] (Assignment and Subletting)]
Top leases by importance: [identify top 10 by rent/importance]

For each lease:
1. Definition of assignment: does the lease define "assignment" to include indirect transfers through corporate ownership changes?
2. Consent requirement: freely assignable / notice only / landlord consent required / consent not to be unreasonably withheld / absolute landlord approval
3. Landlord remedies on breach: void the assignment / right to terminate / recapture the space / impose rent increase
4. Reasonableness standard: if consent "not to be unreasonably withheld," what conditions qualify as reasonable?
5. Proposed approach: request consent / provide notice only / legal opinion that no consent needed / deal structure workaround

Output: Lease consent matrix (lease / property / consent requirement / breach consequence / recommended approach) + priority consent solicitations + timeline for completion before closing

Prompt 3: Title Search Flag Analysis for Owned Properties

Analyze the title search results for the following owned properties.

Properties: [list with addresses]
Title search/preliminary title report results: [attach or paste for each property]

Analysis required for each property:
1. Chain of title: identify any gaps, breaks, or missing conveyances that create title risk
2. Recorded mortgages: identify any mortgages that need to be released at closing — confirm payoff required
3. Easements: describe the nature, location, and impact of each recorded easement on the property's current and planned use
4. Restrictive covenants: identify deed restrictions or CC&R provisions that limit use or development
5. Judgment and tax liens: identify any recorded liens that will not be released as part of normal deal closing

For each title exception: recommend whether the exception is insurable (title insurance exception), curable (specific curative action available), or material risk requiring deal team attention.

Output: Per-property title exception analysis + curative action plan + title insurance recommendation + material risk summary

Prompt 4: Zoning Compliance Verification

Verify the zoning compliance of the following properties.

Properties to verify:
1. Address: [address] | Current use: [manufacturing / retail / office / warehouse / healthcare / other] | Zoning district: [if known]
2. [Repeat]

Verification required for each property:
1. Current zoning designation: confirm from county/municipal planning database
2. Permitted use: confirm that the current use is a permitted use in the current zoning designation — or a lawful non-conforming use established before the current zoning took effect
3. Special use permits: identify any conditional use permits or special exceptions required for the current use — confirm currency and transferability
4. Pending zoning changes: search for any pending re-zoning applications, municipal plan amendments, or eminent domain proceedings affecting the property
5. Building code compliance: check for any open building permits, stop-work orders, or code violation notices on record

Output: Per-property zoning compliance assessment + non-conforming use risk analysis + special use permit transfer requirements + priority properties for physical inspection or local counsel engagement

Prompt 5: Lease Portfolio Key Terms Extraction and Risk Summary

Extract key terms from the following commercial lease portfolio and generate a risk summary.

Lease portfolio: [attach leases or provide data room index for lease files]

Extract for each lease:
1. Parties: landlord and tenant (confirm tenant entity matches the contracting entity in the deal)
2. Premises: address and square footage
3. Term: commencement, expiration, and any renewal options (terms and notice requirements)
4. Base rent: current rent per square foot, annual escalation rate or CPI adjustment
5. Operating expenses: gross lease / net lease / modified gross — CAM structure and any caps
6. Early termination options: any tenant rights to terminate before expiration (and associated penalties)
7. Assignment restriction: brief summary of consent requirements

Generate a portfolio-level risk summary:
- Leases expiring in next 12, 24, and 36 months (renewal decision urgency)
- Total annual minimum rent commitment
- Leases with above-market rent (potential renegotiation opportunity)
- Leases with below-market rent (value at risk if landlord seeks to terminate or not renew)

Output: Lease portfolio key terms table + portfolio risk summary + renewal priority calendar + above/below-market rent flags

28. AI Post-Merger Integration Risk Pre-Assessment

Evaluates integration risks before deal close — analyzing cultural compatibility, systems architecture complexity, organizational structure conflicts, and regulatory integration timeline — producing a pre-close integration risk register and Day-1 readiness assessment.

Pain Point & How COCO Solves It

The Pain: Integration Failures Drive More Value Destruction Than Due Diligence Failures

Research consistently finds that post-merger integration is where M&A value is most frequently destroyed: a majority of deals that underperform do so not because the due diligence was wrong but because the integration was inadequately planned and executed. The root cause is a structural problem with the traditional M&A process: due diligence and integration planning are treated as sequential activities, with integration planning beginning only after deal close, by which time the acquirer has limited ability to influence deal structure, price, or the conditions that govern the first 90 days of ownership. By the time the integration team is resourced and oriented — typically weeks after close — the target organization is already experiencing uncertainty, the best employees are fielding competing offers, and the cultural dynamics that will determine integration success have been set by the absence of communication rather than by a proactive integration strategy.

Integration risk is not a single risk category but an aggregate of overlapping challenges: organizational — how do you combine two management structures, eliminate redundancy, and make role clarity decisions without destroying morale or triggering mass departures?; technological — how do you integrate ERP systems, CRM databases, financial consolidation tools, and HR information systems that may be fundamentally incompatible, requiring months of expensive technical work to bridge?; cultural — how do you align organizations that have different decision-making styles, accountability norms, customer service philosophies, or values around work-life balance?; and regulatory — how do you satisfy all the regulatory consents, license assignments, employee transition obligations, and data transfer restrictions that apply in the post-close period? Each of these dimensions has its own timelines, its own dependencies, and its own failure modes — and they all interact with each other in ways that are difficult to manage without a pre-close integration risk assessment.

The financial cost of integration failure is quantifiable and substantial. Failed ERP integrations in major M&A transactions have cost hundreds of millions of dollars and taken years longer than planned. Cultural clashes that result in mass departures of the acquired company's top performers can destroy the very asset that drove the deal's investment thesis. Regulatory consents that require employee-by-employee re-badging in each jurisdiction, or that impose employment law constraints on how the workforce can be restructured, can delay cost synergy realization by 12–24 months. Organizations that invest adequately in pre-close integration planning — identifying these risks before close, preparing the remediation approaches, and ensuring Day-1 readiness for the most critical operational transitions — consistently outperform those that begin integration planning at Day 1.

How COCO Solves It

Organizational Structure Compatibility Analysis: COCO maps integration complexity in human structure:
- Compares acquirer and target organizational charts across functions — identifying duplicate roles, span-of-control mismatches, and reporting line conflicts
- Maps the decision-making authority levels across both organizations for key functions (finance, legal, HR, operations) — identifying cultural authority-level disparities
- Identifies key integration leadership decisions: which functions will be led by acquirer vs. target personnel post-close, and what is the impact of those decisions on retention risk
- Reviews both organizations' stated values and culture assessments (employee engagement surveys, Glassdoor profiles) for compatibility indicators
- Generates an organizational integration complexity score — a measure of the structural distance between the two organizations that predicts integration timeline and conflict risk
Technology Systems Architecture Analysis: COCO maps system integration requirements:
- Inventories the target's material IT systems: ERP, CRM, HRIS, financial consolidation, supply chain management, and industry-specific applications
- Compares the target's systems landscape against the acquirer's existing systems environment — identifying overlaps, gaps, and incompatibilities
- Assesses the data migration complexity for each system: structured data migration vs. legacy system decommissioning vs. parallel operation requirement
- Identifies systems with third-party dependencies (SaaS agreements, data center contracts, software licenses) whose assignment requires vendor consent
- Generates a technology integration risk map rating each system by integration complexity and operational criticality
Day-1 Readiness Assessment: COCO identifies the minimum requirements for operational continuity at close:
- Identifies all systems and processes that must be operational from Day 1 — financial reporting, payroll processing, customer order management, compliance monitoring
- Reviews transition service agreement (TSA) requirements: which services does the acquirer need to receive from the seller post-close while integration is underway?
- Identifies any regulatory or contractual deadlines that apply immediately at close: employee re-badging requirements, license assignments, change-of-control notifications to customers and vendors
- Assesses the acquirer's readiness to absorb the target: does the acquirer's own systems, finance, HR, and IT infrastructure have the capacity to onboard the acquired business from Day 1?
- Generates a Day-1 operational readiness checklist with critical path items requiring pre-close completion
Regulatory and Compliance Integration Timeline: COCO maps post-close regulatory requirements:
- Identifies all regulatory consents that remain outstanding at close — their completion timelines and operational restrictions during the interim period
- Maps data transfer and privacy compliance requirements for integrating HR, customer, and operational data systems across jurisdictional boundaries
- Identifies employment law requirements in each jurisdiction for the workforce integration: TUPE protections in the EU/UK, consultation obligations, works council rights in Continental Europe
- Reviews any regulatory-imposed separation or firewalls between the target and acquirer businesses during the regulatory review period
- Generates a compliance integration calendar with all regulatory deadlines affecting the integration timeline
Cost and Revenue Synergy Risk Assessment: COCO evaluates synergy achievability:
- Reviews the acquirer's stated synergy assumptions against the organizational, technology, and contractual findings from due diligence — identifying where synergies are at risk
- Models the timeline to synergy realization for each synergy category, incorporating identified integration risk factors (CBA constraints, system integration timelines, key person retention)
- Identifies one-time integration costs not fully reflected in the deal model: IT system integration, employee transition costs, facility consolidation, brand transition
- Flags synergies dependent on contract modifications (customer re-pricing, supplier renegotiation) that may not be achievable within the assumed timeline
- Generates an adjusted synergy model showing probability-weighted achievable synergies with realistic timing
Integration Risk Register and Planning Report: COCO delivers pre-close integration planning outputs:
- Generates a comprehensive integration risk register with 50+ identified risks, rated by probability and impact, across organizational, technology, regulatory, commercial, and cultural dimensions
- Produces a 100-day integration plan framework with key workstreams, milestones, and dependencies pre-populated from due diligence findings
- Creates an integration governance recommendation: integration management office structure, decision-making authority, and escalation protocol
- Drafts a Day-1 employee communication framework aligned with key person risk findings and regulatory communication obligations
- Summarizes the overall integration complexity score and its implications for the integration timeline, cost, and synergy achievability assumptions

Results & Who Benefits

Measurable Results

Integration risk pre-identification: AI pre-close integration risk assessment identifies 40% more integration risks before close than are typically identified in post-close integration kickoff workshops
Technology integration cost estimation: AI systems architecture analysis produces IT integration cost estimates that are within ±35% of actual costs in tracked transactions — significantly more accurate than management estimates
Synergy achievability adjustment: Pre-close risk-adjusted synergy modeling identifies average 18–25% reduction in achievable near-term synergies vs. base case deal model assumptions
Day-1 readiness gap identification: Pre-close assessment identifies Day-1 operational readiness gaps requiring remediation in 71% of transactions reviewed
Integration planning lead time: Pre-close AI-assisted planning enables integration teams to begin execution 6–8 weeks earlier post-close than organizations that begin planning at Day 1

Who Benefits

Due Diligence Analysts: Produce a pre-close integration risk assessment as a natural output of due diligence findings — creating deliverables that directly serve the integration planning team
M&A Integration Management Offices: Receive a pre-built integration risk register and 100-day framework that enables immediate execution planning rather than weeks of post-close fact-finding
Investment Committees: Assess integration risk and synergy achievability as quantified inputs to the deal investment case — not just qualitative management assurances
Deal Teams and Boards: Structure deal documentation to reflect integration risk findings — escrow provisions for integration costs, synergy milestone-based earnouts, and management retention plans calibrated to integration risk

💡 Practical Prompts

Prompt 1: Organizational Integration Complexity Assessment

Assess the organizational integration complexity between the acquirer and target.

Acquirer profile: [describe size, organizational structure, management style, culture]
Target profile: [describe size, organizational structure, management style, culture]
Organizational charts: [attach or describe both organizations' structures]

Assessment required:
1. Structural complexity: how many duplicate functional roles exist across both organizations?
2. Reporting line conflicts: are there conflicting accountability structures in the combined organization?
3. Decision-making authority gap: are there material differences in approval authorities and decision-making speed?
4. Cultural indicators: Glassdoor ratings, employee reviews, stated values — identify compatibility indicators and tension points
5. Leadership decision priorities: which leadership decisions (CFO selection, sales leadership, technology lead) are most critical to integration success?

Output: Organizational integration complexity score + top 5 organizational integration risks + leadership decision priority matrix + cultural compatibility assessment

Prompt 2: Technology Systems Integration Risk Map

Map the technology integration risks between the acquirer and target systems environments.

Acquirer's key systems: [list ERP, CRM, HRIS, financial systems, and industry-specific applications]
Target's key systems: [list — attach or describe from IT due diligence]

For each target system:
1. Identify whether the acquirer has an equivalent system or will need to onboard the target's system
2. Classify integration approach: replace with acquirer system / retain target system / best-of-breed selection / parallel operation during transition
3. Assess data migration complexity: structured migration / legacy decommission required / extended parallel run
4. Identify third-party dependencies requiring vendor consent: SaaS licenses, data center contracts, software agreements
5. Estimate integration timeline and cost range for each critical system

Output: Technology integration risk map (system / approach / complexity / timeline / cost estimate) + critical path systems requiring Day-1 resolution + total IT integration cost range

Prompt 3: Day-1 Operational Readiness Assessment

Assess Day-1 operational readiness requirements for the following transaction.

Transaction: [description]
Closing date target: [date]
Critical operations that must continue uninterrupted from Day-1: [list — payroll / customer order management / financial reporting / compliance monitoring / supply chain]

Day-1 readiness assessment:
1. Payroll processing: confirm how employees will be paid on the first cycle after close — acquirer system, TSA from seller, or target's stand-alone system
2. Financial reporting: can the target's financials be consolidated into the acquirer's systems from Day 1, or is a TSA required?
3. Customer-facing systems: any systems or processes visible to customers that could be disrupted at close?
4. Compliance monitoring: any compliance processes (sanctions screening, regulatory reporting) that cannot have a gap at the transition
5. Transition Service Agreement requirements: identify all services the acquirer needs to receive from the seller post-close and the required duration for each

Output: Day-1 readiness checklist + TSA requirements list + critical path items requiring pre-close resolution + operational continuity risk summary

Prompt 4: Synergy Risk-Adjustment Analysis

Risk-adjust the following synergy assumptions based on integration due diligence findings.

Deal model synergies:
1. Cost synergies: [$amount] | Description: [describe — headcount, facility consolidation, vendor renegotiation]
2. Revenue synergies: [$amount] | Description: [describe — cross-sell, geographic expansion, pricing improvement]
3. Technology/system savings: [$amount] | Description: [describe]
Timeline assumed: [Year 1 / Year 2 / Year 3]

Risk adjustment required for each synergy:
1. Identify integration dependencies that could delay or reduce the synergy
2. Assess probability of achieving 100% of stated synergy by the assumed timeline
3. Model probability-weighted achievable synergy and realistic timeline
4. Identify one-time integration costs to be incurred in achieving each synergy

Output: Synergy risk-adjustment model (synergy / stated amount / probability-weighted amount / realistic timeline / integration cost to achieve) + adjusted deal model inputs + total integration cost estimate

Prompt 5: 100-Day Integration Plan Framework

Generate a 100-day integration plan framework based on the following due diligence findings.

Key due diligence findings affecting integration: [paste summary of key organizational, technology, commercial, and regulatory findings]
Transaction type: [full acquisition / merger / majority investment]
Integration approach: [full integration / partial integration / standalone with shared services]

100-day plan structure:
Phase 1 (Day 1 to 30): stabilization
- Leadership decisions and communication
- Day-1 operational continuity confirmation
- Employee orientation and uncertainty management
- Regulatory notification and transition completion

Phase 2 (Day 31 to 60): consolidation planning
- Organizational design decisions
- Systems integration design and vendor engagement
- Synergy initiative mobilization
- Customer and supplier relationship management

Phase 3 (Day 61 to 100): early execution
- First organizational changes implemented
- System migration begins
- First synergy realization tracked
- Integration risk register updated with actual vs. planned progress

Output: 100-day integration plan with milestones, owners, and dependencies + critical path analysis + key risk watch list for IMO monitoring

29. AI Insurance Coverage Gap & Claims History Reviewer

Transform insurance due diligence from a clerical exercise into a strategic risk transfer assessment that surfaces hidden liabilities before they become your problem.

Pain Point & How COCO Solves It

The Pain: Insurance Due Diligence Is Chronically Underdone and Dangerously Incomplete

Insurance review in M&A transactions is frequently delegated to junior analysts who lack the specialized actuarial and coverage expertise needed to identify material gaps. Target companies present sanitized summaries — a single-page insurance schedule listing policy names and premium amounts — that reveal nothing about exclusions, sublimits, retentions, or the adequacy of limits relative to actual exposure. Industry data from Marsh & McLennan indicates that over 40% of post-acquisition insurance claims are denied or only partially covered due to coverage gaps that were present at closing but never identified during diligence.

The problem compounds dramatically when claims history is fragmented across multiple brokers, captive arrangements, and legacy carriers from prior corporate structures. A company that has undergone three ownership changes in eight years may have claims filed under five different policy towers, each with its own broker and documentation system. Tail coverage for prior acts, environmental incidents, and product liability can extend 10 or 20 years beyond policy expiration, meaning the acquirer inherits liabilities that were technically "closed" claims under policies long canceled. Runoff exposures from discontinued product lines and former subsidiaries are routinely missed.

Analysts processing this material typically spend four to six hours per target manually requesting certificates, contacting brokers, and building comparison spreadsheets — only to produce a coverage summary that a seasoned insurance professional would consider superficial. The real work — identifying whether D&O limits are sufficient given the litigation environment, whether cyber coverage aligns with the target's actual data footprint, whether the general liability tower has adequate umbrella layers — requires domain expertise and comparative benchmarking that a standard financial analyst cannot provide. The cost of getting this wrong is existential: a single uninsured major claim post-close can exceed the deal premium paid.

How COCO Solves It

Policy Inventory Extraction & Normalization: COCO ingests raw insurance policy documents, binders, endorsements, and certificates and structures them into a standardized coverage matrix:
- Extracts carrier, policy number, effective dates, limits, deductibles, and retention levels from unstructured policy language
- Identifies all endorsements and maps which base policy provisions they modify or exclude
- Flags sublimits buried in policy schedules (e.g., $500K sublimit for mold within a $10M property policy)
- Categorizes policies by line of business: GL, D&O, E&O, cyber, property, workers' comp, EPLI, crime, marine, aviation
- Builds a consolidated coverage tower visualization showing primary, excess, and umbrella layer relationships
Exposure-to-Coverage Gap Analysis: COCO benchmarks current coverage limits against the target's actual operational risk profile:
- Quantifies property insured values against replacement cost estimates using RSMeans or equivalent construction cost databases
- Compares D&O limits against peer-company benchmarks for companies of similar revenue, headcount, and regulatory complexity
- Assesses cyber policy limits against the target's data inventory — records count, PII volume, payment card data — using CISO-standard exposure modeling
- Evaluates product liability limits against historical claim severity in the target's industry vertical using ISO loss statistics
- Maps workers' compensation experience modifier (X-MOD) trends and identifies state-specific compliance gaps
Claims History Deep Dive & Pattern Recognition: COCO analyzes multi-year loss runs to identify patterns that underwriters use to price risk:
- Aggregates loss runs from all carriers and brokers, normalizing claim descriptions and categorization across different reporting formats
- Computes frequency and severity trends by line of business and identifies deteriorating loss ratios
- Flags large open reserves that may not have been disclosed in financial statements and quantifies IBNR (incurred but not reported) exposure
- Identifies claims involving regulatory agencies, environmental incidents, or employment practices that signal systemic risk
- Detects prior coverage denials and reservation-of-rights letters that indicate disputed coverage positions with carriers
Tail & Runoff Exposure Identification: COCO maps legacy liabilities that survive policy cancellation:
- Traces occurrence-basis policies from prior years that remain open to claims arising from incidents during the policy period
- Identifies discontinued products still within their statute of limitations for product liability claims in all states of distribution
- Evaluates adequacy of extended reporting period (ERP/tail) endorsements for claims-made policies (D&O, E&O, cyber) at change of control
- Flags environmental site histories that may trigger legacy general liability coverage and assesses applicable pollution exclusions
- Reviews indemnification obligations under prior acquisition or divestiture agreements that backstop insurance coverage
Captive & Alternative Risk Structure Assessment: COCO evaluates non-standard risk financing arrangements:
- Analyzes captive insurance subsidiary financials — loss reserves, investment portfolio, reinsurance arrangements, and surplus adequacy
- Reviews self-insured retention programs and large deductible policies for adequacy of collateral posted (letters of credit, surety bonds)
- Evaluates group captive participation agreements for exit provisions, assessments, and ongoing obligations post-acquisition
- Assesses retrospective premium programs and understands downside exposure if loss development exceeds base premium
- Identifies fronting arrangements and verifies that the fronting carrier's credit quality meets buyer's standards
Actionable Recommendations & Representations & Warranties Insurance Coordination: COCO translates findings into deal-specific recommendations:
- Prioritizes coverage gaps by financial materiality and likelihood of claim realization within 24 months post-close
- Generates specific escrow, indemnification, or price adjustment recommendations to address uninsured exposure
- Produces a coverage enhancement checklist — policies to be canceled, replaced, supplemented, or renegotiated at close
- Coordinates with R&W insurance underwriters to identify which insurance-related representations need carve-outs or enhanced diligence
- Prepares post-close Day 1 insurance action plan with broker instructions and timeline

Results & Who Benefits

Measurable Results

Coverage Gap Identification Rate: Manual review detects 12% of material coverage gaps; COCO-assisted review achieves 87% detection rate, preventing an average of $3.2M in uninsured post-close exposure per transaction
Review Cycle Time: Insurance diligence timeline reduced from 5–7 business days to 18–24 hours, enabling parallel workstreams in compressed deal timelines
Claims Pattern Analysis: Multi-year loss run analysis that previously required a specialist actuary (3–5 days, $15,000–$25,000 fee) completed in under 2 hours with comparable analytical depth
Tail Exposure Quantification: Legacy runoff exposure identification improved from 34% detection rate to 91%, reducing unexpected post-close claims by an estimated 58%
R&W Insurance Coordination: Insurance-related representations review time reduced by 70%, with underwriter query response time cut from 72 hours to same-day turnaround

Who Benefits

M&A Due Diligence Analysts: Gain insurance-specialist-level analytical capability without requiring actuarial credentials, enabling comprehensive coverage review without engaging costly external advisors on every deal.
Deal Partners and Transaction Counsel: Receive insurance gap summaries formatted for direct integration into deal memos and SPA indemnification schedules, enabling faster negotiation of insurance-related reps and warranties.
Chief Risk Officers and Insurance Managers: Use COCO's post-acquisition coverage enhancement plan to execute broker transitions, policy replacements, and limits adjustments within the Day 1 integration window.
CFOs and Finance Teams: Obtain quantified insurance liability exposure that feeds directly into purchase price adjustment models, escrow sizing decisions, and financial statement reserve assessments.

💡 Practical Prompts

Prompt 1 — Full Coverage Gap Analysis

You are an insurance due diligence specialist reviewing coverage for an M&A transaction. Analyze the following insurance schedule and identify all material coverage gaps.

Target company: [Company Name]
Industry: [Industry — e.g., medical device manufacturer, SaaS company, food distributor]
Annual revenue: [$X]
Employee count: [X]
Operations: [Brief description — e.g., manufactures in 3 US states, sells in 47 states and EU]
Known litigation/claims environment: [Any pending litigation, regulatory investigations, or prior major claims]

Insurance schedule provided:
[Paste full insurance schedule, policy list, or certificate data]

Analysis required:
1. Map each policy to the operational risks it is intended to cover
2. Identify any major risk category with no coverage or inadequate limits (benchmark against industry peers at similar revenue scale)
3. Flag sublimits, exclusions, or retentions that create material uninsured exposure
4. Assess whether umbrella/excess layers attach at appropriate primary limits
5. Identify any coverage that will be disrupted by change of control (e.g., claims-made policies requiring tail, group captive exit obligations)

Output: Coverage gap matrix (line of business / current limit / recommended minimum / gap / estimated cost to remedy) + top 5 priority coverage remediation actions + deal risk narrative for executive summary

Prompt 2 — Claims History Pattern Analysis

You are an insurance actuary conducting a loss run analysis for M&A due diligence. Analyze the following multi-year claims data and identify patterns that create post-acquisition risk.

Target company: [Company Name]
Loss run period: [Years, e.g., 2019–2024]
Lines of business in loss runs: [GL, WC, Auto, Property, Cyber, D&O, E&O — list which are included]

Loss run data:
[Paste loss run data — claims list with dates, descriptions, paid amounts, reserves, and status]

Analysis required:
1. Compute annual loss frequency and severity by line of business
2. Calculate 5-year average loss ratio per line and compare to industry benchmarks
3. Identify any claim patterns suggesting systemic issues (recurring injury types, specific products, geographic clusters, management practices)
4. Flag all open claims with reserves exceeding $[threshold] and assess whether reserve adequacy is conservative or optimistic
5. Identify any large deductible or retention amounts that remain unpaid by the insured and quantify balance sheet exposure
6. Assess whether IBNR tail exposure from the loss runs warrants additional due diligence or purchase price adjustment

Output: Loss trend summary by line of business + top 5 claims requiring deeper investigation + IBNR exposure range estimate + underwriting implications for post-acquisition coverage placement

Prompt 3 — D&O and Management Liability Coverage Assessment

You are a management liability insurance specialist conducting D&O due diligence for an acquisition. Review the following policy details and assess adequacy of director and officer protection.

Target company: [Company Name]
Transaction type: [Public-to-private / Private acquisition / Merger]
Target board composition: [Number of independent directors, investor board members, management directors]
Known regulatory exposure: [Any SEC investigations, state AG inquiries, CFPB/FTC matters, foreign regulatory proceedings]
Known litigation: [Shareholder suits, derivative actions, former executive disputes]

D&O policy details:
[Paste policy summary — carrier, limits, retention, coverage parts A/B/C, exclusions, definition of claim]

Analysis required:
1. Assess whether Side A limits are adequate given the litigation environment and transaction-related claims exposure (selling process, fairness opinion, disclosure adequacy)
2. Identify any exclusions that could impair coverage for transaction-related claims (prior acts, deliberate fraud, insured vs. insured)
3. Evaluate whether a run-off (tail) policy is needed and assess appropriate tail period (6-year standard for transactions)
4. Assess whether the policy's definition of "claim" captures regulatory investigations and formal SEC/DOJ inquiries (not just filed lawsuits)
5. Review any Side C entity coverage and confirm limits are available separately from individual coverage

Output: D&O adequacy assessment + tail policy recommendation with estimated premium range + top 5 coverage concerns for deal counsel negotiation + suggested D&O representation language for the SPA

Prompt 4 — Cyber Insurance Coverage vs. Actual Risk Profile

You are a cyber insurance specialist conducting technology and privacy risk due diligence. Assess whether the target company's cyber coverage is adequate for its actual digital risk exposure.

Target company: [Company Name]
Business model: [e.g., SaaS platform, healthcare data processor, e-commerce retailer, financial services]
Data inventory:
- PII records: [approximate count]
- Payment card data (PCI): [Yes/No — approximate transaction volume]
- Protected health information (PHI/HIPAA): [Yes/No — approximate records]
- Regulated financial data: [Yes/No — type]
Third-party access: [Number of third-party integrations with system access]
Known incidents: [Any prior breaches, ransomware events, regulatory notices]

Cyber policy details:
[Paste cyber policy summary or certificate]

Analysis required:
1. Calculate exposure under GDPR, CCPA, HIPAA, and PCI-DSS based on data inventory — estimate regulatory fine range and notification cost
2. Assess whether policy limits cover worst-case breach scenario (full data inventory compromised + regulatory investigation + class action)
3. Identify exclusions relevant to target's risk profile: war/nation-state exclusion, infrastructure failure, prior acts, unencrypted data
4. Review incident response, forensics, and breach counsel sublimits — flag if sublimits are below realistic costs
5. Assess ransomware coverage: extortion payment sublimit, business interruption waiting period, system restoration coverage

Output: Cyber risk quantification summary + coverage adequacy assessment + top 3 gaps requiring remediation + post-acquisition cybersecurity integration priorities

Prompt 5 — Insurance Representation & Warranty Carve-Out Analysis

You are an insurance due diligence advisor working alongside R&W insurance underwriters. Review the following insurance-related representations from the SPA and identify which require carve-outs, enhanced diligence, or specific indemnification provisions.

Target company: [Company Name]
SPA insurance representations: [Paste the insurance section of the representations and warranties]
Known insurance issues from diligence: [Summarize any gaps, claims, disputed coverage, or captive complications identified]
R&W insurance policy attachment: [$X excess of $Y retention]

Analysis required:
1. Identify each insurance representation and assess whether current diligence evidence supports it
2. Flag representations that are factually unsupportable based on diligence findings
3. Recommend specific carve-outs to the R&W policy for known insurance risks
4. Identify insurance matters that should be handled via specific indemnity rather than R&W insurance
5. Draft supplemental disclosure language for Schedule X to adequately disclose known insurance issues

Output: Representation-by-representation assessment table + list of R&W carve-out recommendations + specific indemnity candidates with suggested basket and cap language + disclosure schedule draft language

30. AI Management Team Credibility & Track Record Verifier

Go beyond LinkedIn profiles and reference calls — systematically verify what management actually delivered versus what they claim to have built.

Pain Point & How COCO Solves It

The Pain: Management Due Diligence Relies on Self-Reported Credentials That Are Rarely Verified

Private equity and strategic acquirers routinely cite "backing the management team" as the primary investment thesis, yet management due diligence receives a fraction of the rigor applied to financial or legal review. The standard process — reviewing CVs, conducting structured interviews, and calling two or three references provided by the executives themselves — is fundamentally compromised by selection bias and information asymmetry. A 2023 survey by Kroll found that 85% of executives exaggerated or fabricated elements of their professional history, with the most common embellishments involving revenue figures they "personally drove," companies they claim to have founded when they were early employees, and academic credentials that do not exist.

The consequences of management misrepresentation in M&A are severe and well-documented. The Theranos case remains the most visible, but smaller-scale management fraud — CEOs claiming to have built and sold successful companies who were in fact terminated for cause, CFOs hiding prior SEC enforcement actions, COOs overstating turnaround credentials — occurs across every deal size and sector. Post-acquisition discovery of material misrepresentation triggers expensive litigation, destroys value, and often results in abrupt leadership vacuums that destabilize the business at the worst possible time. Buy-side legal teams consistently underinvest in management background verification because they lack structured frameworks and specialized tools.

The verification problem is fundamentally a data aggregation challenge. A CEO's actual track record is distributed across SEC filings, court records, state corporate databases, former employer press releases, Glassdoor reviews from direct reports, patent filings, bankruptcy court documents, and hundreds of other public sources. No single analyst can efficiently search all of these sources, cross-reference the findings, and surface contradictions against the executive's claimed narrative within a compressed deal timeline. Diligence teams typically rely on a single third-party background check provider that returns a standardized report — adequate for employment screening, wholly inadequate for evaluating whether an executive actually built the $200M revenue business they credit to themselves.

How COCO Solves It

Credential and Employment History Verification: COCO cross-references stated credentials against authoritative public sources:
- Verifies academic degrees via National Student Clearinghouse data patterns and university public records, flagging diploma mill institutions using accreditation databases
- Cross-references claimed employment dates and titles against SEC EDGAR filings (proxy statements, 10-Ks listing named executive officers with compensation), Bloomberg executive profiles, and corporate press release archives
- Identifies gaps between stated employment periods and verifiable public record of employment — particularly gaps that overlap with known regulatory investigations or company distress periods
- Searches state bar databases, CPA license registries, medical board records, FINRA BrokerCheck, and professional certification bodies for license status and disciplinary history
- Reviews LinkedIn profile history using archived versions to detect retroactive credential inflation
Actual Performance Attribution Analysis: COCO separates management contribution from market and macro factors:
- Pulls SEC filings and public financial data for any company the executive led during their tenure and computes revenue growth, EBITDA margin trajectory, and return on capital during their specific tenure period
- Benchmarks their company's performance against sector peers during the same period to distinguish manager alpha from favorable industry tailwinds
- Identifies whether growth occurred before, during, or after the executive's arrival — distinguishing inheritors of momentum from actual builders
- Reviews press releases and investor day transcripts during their tenure to understand what strategic initiatives they championed and whether those initiatives succeeded
- Maps capital raises, acquisitions, and divestitures the executive led and assesses transaction outcomes using post-close public data
Regulatory, Enforcement, and Litigation History: COCO conducts systematic legal history searches:
- Searches SEC EDGAR for enforcement actions, administrative proceedings, and bars named by the executive (not just their companies)
- Reviews PACER federal court filings and state court databases for civil litigation naming the executive personally as defendant — particularly fraud, breach of fiduciary duty, and employment-related claims
- Searches FINRA BrokerCheck, CFTC enforcement database, FinCEN SAR-related public actions, and OCC enforcement history
- Reviews state AG enforcement databases across all states where the executive has resided or operated businesses
- Identifies bankruptcy filings by the executive personally and by companies during their leadership tenure
Reference Intelligence: Beyond the Provided List: COCO expands reference sourcing beyond executive-selected contacts:
- Identifies former colleagues, board members, direct reports, and major customers from LinkedIn network analysis, company alumni communities, and press release archives
- Generates structured reference interview guides calibrated to the specific claims the executive has made about their role and contributions
- Provides sentiment analysis frameworks for detecting coached or evasive reference responses
- Cross-references reference providers to assess potential conflicts of interest (co-investors, friends, family members)
- Designs back-channel reference outreach strategy for industry contacts who are likely to provide candid assessments
Compensation History and Equity Ownership Analysis: COCO assesses financial credibility:
- Reviews SEC proxy statement disclosures of named executive compensation at any public company they've led or been a named officer of
- Analyzes equity ownership patterns — percentage held at exit vs. claimed, dilution events, secondary sales before company distress
- Identifies whether the executive has historically aligned with investor interests (held equity through downturns) or extracted value ahead of investor liquidity
- Reviews any disclosed clawback provisions that were triggered and publicly disclosed
- Searches for patterns of executive compensation at companies that subsequently underperformed or failed
Culture and Leadership Style Intelligence: COCO synthesizes qualitative signals into structured assessments:
- Analyzes Glassdoor, Blind, and Indeed reviews from verified former employees during the executive's tenure, identifying recurring themes in leadership style criticisms
- Reviews court records from employment-related litigation (EEOC charges, wrongful termination suits, non-compete disputes) that reflect management culture
- Analyzes tone and content of the executive's public communications — earnings calls, conference presentations, interviews — for consistency with stated values and management philosophy
- Reviews former employee LinkedIn profiles to assess retention patterns, career trajectory post-departure, and departure clustering around specific events
- Identifies media coverage that reveals leadership under pressure — crisis responses, layoff communications, public disputes with board or investors

Results & Who Benefits

Measurable Results

Credential Verification Coverage: COCO covers 23 distinct credential and employment verification data sources vs. 3–4 for standard background check providers, increasing material misrepresentation detection rate from 18% to 74%
Performance Attribution Accuracy: Analyst time to build verifiable performance track record reduced from 12–16 hours per executive to 2–3 hours, while data source coverage increases by 6x
Reference Network Expansion: Average independent reference contacts identified (beyond executive-provided list) increases from 0 to 8–12 per executive, with back-channel contact rate of 60–70%
Legal History Completeness: Litigation and regulatory history search covering 14 jurisdictions completed in 4 hours vs. 3–5 days for manual multi-jurisdictional searches
Deal Outcome Correlation: Acquirers using systematic management verification report 41% fewer management-related integration failures within 24 months post-close

Who Benefits

Private Equity Deal Teams: Gain structured, evidence-based management assessment frameworks that replace anecdotal impression-based evaluation, reducing post-acquisition leadership failures that cost an average of $14M per incident in value destruction.
Board Members and Nomination Committees: Use COCO's verification output to fulfill fiduciary obligations in executive hiring and acquisition approval, with documented evidence supporting governance decisions.
M&A Legal Counsel: Obtain verified factual record of management representations that directly supports SPA reps and warranties review and informs indemnification scope for management-related claims.
Operating Partners and Portfolio Company CEOs: Use management benchmarking to evaluate incoming leadership against high-performance peer profiles, informing retention decisions and succession planning immediately post-acquisition.

💡 Practical Prompts

Prompt 1 — Executive Track Record Verification

You are a management due diligence specialist verifying the professional claims of an executive being evaluated in an M&A transaction. Systematically assess the verifiable record against stated credentials.

Executive name: [Full Name]
Current title at target company: [Title]
Claimed tenure at target: [Start date – present]

Prior roles claimed on CV/LinkedIn:
1. [Company Name] — [Title] — [Dates] — claimed achievement: [e.g., "grew revenue from $40M to $120M"]
2. [Company Name] — [Title] — [Dates] — claimed achievement: [e.g., "led $200M Series C and IPO preparation"]
3. [Company Name] — [Title] — [Dates] — claimed achievement: [describe]

Education claimed:
- [Degree] from [Institution] — [Year]
- [Certification/License] — [Issuing body]

Verification tasks:
1. Identify all public records that can confirm or contradict each claimed employment (SEC filings, press releases, corporate databases, news archives)
2. For each company role, find publicly available performance data during the stated tenure period and assess their contribution vs. market conditions
3. Check professional license status with relevant regulatory bodies
4. Search for any regulatory enforcement actions, civil litigation, or bankruptcy proceedings naming this individual
5. Identify 8–12 individuals who worked with this executive at prior companies (not on the provided reference list) using LinkedIn and public sources

Output: Credential verification matrix (claim / verification source / status: confirmed/unverified/contradicted) + performance attribution summary + legal history findings + independent reference contact list

Prompt 2 — Management Team Collective Assessment

You are conducting a management team due diligence assessment for a private equity acquisition. Evaluate the collective leadership capability and organizational risk of the target company's top team.

Target company: [Company Name]
Transaction type: [Buyout / Growth investment / Strategic acquisition]
Investment thesis: [Summarize in 2-3 sentences — what does the investor need this management team to execute?]

Management team roster:
- CEO: [Name] — [Brief background summary]
- CFO: [Name] — [Brief background summary]
- COO: [Name] — [Brief background summary]
- CTO/CIO: [Name] — [Brief background summary]
- [Additional C-suite]: [Name] — [Brief background summary]

Management retention agreements: [Summary of any stay bonuses, equity rollover, or contractual retention provisions]

Assessment required:
1. Evaluate whether the team's collective experience matches the operating demands of the investment thesis (e.g., if thesis requires international expansion, does anyone have that track record?)
2. Identify key person dependencies and assess what happens operationally if the CEO or top 2 executives depart within 12 months
3. Assess team cohesion — how long has this team worked together, and are there signs of internal conflict or competing factions?
4. Evaluate succession depth — are there credible internal candidates for each C-suite role?
5. Recommend specific retention, replacement, or augmentation actions for each role

Output: Team capability heat map vs. investment thesis requirements + key person risk matrix + retention recommendation per executive + organizational change roadmap for 100-day plan

Prompt 3 — Reference Interview Design

You are designing a structured reference interview process for management due diligence. Create targeted reference guides for the following executive.

Executive: [Name] — [Title]
Key claims to verify:
1. [Specific claim — e.g., "Built the enterprise sales team from 3 to 85 reps over 3 years"]
2. [Specific claim — e.g., "Led ERP implementation that reduced DSO from 68 to 34 days"]
3. [Specific claim — e.g., "Managed through Chapter 11 restructuring and returned company to profitability"]

Reference types to design guides for:
A. Former direct reports (2–3 levels below)
B. Former peer executives / functional counterparts
C. Former board members or investors
D. Major customers or suppliers who interacted with this executive

For each reference type, design:
- 5 open-ended, behaviorally anchored questions that probe the specific claims above
- 3 follow-up probes for each question that detect coached or evasive responses
- Red flag signals to listen for in reference responses
- Specific questions about circumstances of departure from each company

Output: Four structured reference interview guides (by reference type) + red flag signal decoder + back-channel outreach template for independent references not on the provided list

Prompt 4 — Regulatory and Legal History Deep Dive

You are a legal due diligence analyst conducting a regulatory and litigation history search on a senior executive. Compile a comprehensive legal exposure profile.

Executive: [Full legal name, including any known aliases or name changes]
Date of birth: [If available]
States of residence (current and historical): [List]
Companies led (with dates): [List all companies — public and private — where this person served as CEO, CFO, President, or board member]
Industries: [Financial services / Healthcare / Technology / Other — note if regulated industries]

Search scope required:
1. SEC EDGAR enforcement actions (litigation releases, admin proceedings, asset freezes)
2. FINRA BrokerCheck (broker registration, complaints, regulatory actions, arbitration awards)
3. Federal civil court (PACER) — cases naming this person as individual defendant
4. State court records in [list states] — focus on fraud, breach of fiduciary duty, and employment-related claims
5. Bankruptcy court — personal filings (Chapter 7/13) and corporate filings where they were officer/director (Chapter 7/11)
6. State AG enforcement databases — consumer protection, securities fraud, charitable fraud
7. Professional license databases: [specify — bar association, CPA board, medical board, etc.]

Output: Legal history timeline (chronological, all findings) + severity classification (material / moderate / minor / none found) + deal relevance assessment + recommended disclosure and indemnification provisions

Prompt 5 — Glassdoor and Culture Intelligence Analysis

You are analyzing employee review data and public culture signals to assess the leadership culture of a target company's management team in an M&A due diligence context.

Target company: [Company Name]
CEO under review: [Name]
Review period: [e.g., reviews from 2020–2024]
Glassdoor overall rating: [X/5]
CEO approval rating: [X%]
Total reviews available: [approximate count]

Employee review themes (paste or summarize representative reviews):
[Paste 10–20 representative reviews, or summarize key recurring themes]

Additional culture data available:
- Glassdoor "Pros" most mentioned: [list]
- Glassdoor "Cons" most mentioned: [list]
- eNPS trend: [improving / declining / stable]
- LinkedIn departure velocity: [estimated — what % of key roles turned over in last 24 months?]
- Any known EEOC charges or employment litigation: [Yes/No — describe if yes]

Analysis required:
1. Identify the top 3 recurring leadership criticisms and assess whether they represent manageable style issues or structural dysfunction
2. Determine whether negative review patterns correlate with specific events (leadership changes, layoffs, strategy pivots)
3. Assess whether culture signals are compatible with the acquirer's operating model and integration approach
4. Identify specific integration risks: Will the existing culture resist or accelerate integration?
5. Recommend specific cultural due diligence interviews to validate or refute the review pattern findings

Output: Culture risk assessment (High/Medium/Low with rationale) + top 5 culture-driven integration risks + recommended management interventions + integration communication strategy recommendations

31. AI Joint Venture Partner Due Diligence Engine

Vet your joint venture partner with the rigor of a merger — because a bad JV partner can cost you market access, IP, and reputation without the protections of full ownership.

Pain Point & How COCO Solves It

The Pain: JV Partner Diligence Is Treated as a Formality Rather Than a Risk Management Process

Joint ventures represent some of the highest-risk business arrangements in international commerce, yet partner due diligence for JV formation consistently receives less scrutiny than a standard M&A acquisition. This is paradoxical: in an acquisition, the buyer takes control and can immediately begin correcting problems. In a joint venture, both parties share control, making remediation exponentially harder. A partner with undisclosed corruption exposure, hidden financial distress, or misrepresented operational capabilities can compromise the entire venture — and under the FCPA and UK Bribery Act, the non-corrupt party can face joint liability for its partner's misconduct even if that misconduct was unknown at formation.

The financial consequences of inadequate JV partner vetting are well-documented. The World Bank estimates that 50–60% of JVs globally fail or are restructured within five years, with partner-related issues (misaligned capabilities, undisclosed conflicts, financial instability, and governance disputes) accounting for the majority of failures. In emerging markets — China, Southeast Asia, Latin America, Middle East — where JVs are often legally required for market entry, the partner selection problem is compounded by information opacity. Corporate ownership structures are deliberately layered, beneficial ownership is concealed, and local regulatory violations rarely appear in international databases. Western companies entering China JVs have discovered post-formation that their partners had undisclosed state-owned enterprise connections, Party committee embedded in governance, or secret intellectual property transfer obligations to government agencies.

Due diligence teams conducting JV partner assessments typically rely on the same playbook as domestic M&A: financial statement review, standard background checks, and management interviews. This approach is wholly inadequate for evaluating partner integrity, operational complementarity, and governance compatibility in a shared-control structure. The specific risks of JV arrangements — deadlock provisions, intellectual property protection, technology transfer obligations, exit mechanics, and partner conflict resolution — require a dedicated due diligence framework that most deal teams never apply.

How COCO Solves It

Partner Ownership Structure and Beneficial Ownership Mapping: COCO unravels complex partner corporate structures:
- Maps full entity ownership chain to ultimate beneficial owners using Orbis, OpenCorporates, and jurisdiction-specific corporate registries (SAMR in China, MCA in India, Companies House in UK)
- Identifies state-owned enterprise connections, government agency ownership stakes, and sovereign wealth fund participation that create regulatory notification obligations under CFIUS, FOCI, or EU FDI screening
- Detects nominee directors and nominee shareholders through registry pattern analysis and cross-reference with known nominee service providers
- Maps any cross-ownership between the proposed JV partner and the target's existing competitors, suppliers, or customers — identifying undisclosed conflicts of interest
- Identifies prior JV relationships of the partner with other international companies and researches publicly available outcomes of those partnerships
Anti-Corruption and FCPA/UKBA Compliance Assessment: COCO conducts structured anti-bribery due diligence:
- Reviews partner's government relationships using PEP screening, sanctions list checks (OFAC SDN, EU Consolidated List, UN Sanctions, HM Treasury), and government contracting databases
- Analyzes partner's customer concentration in government sectors and assesses whether revenue patterns suggest improper payments through margin analysis (unusually high government contract margins vs. private sector)
- Reviews partner's third-party distributor and agent network for payment pattern red flags — particularly high-commission agents in markets with elevated Transparency International CPI scores
- Assesses partner's documented anti-corruption compliance program against FCPA/UKBA adequate procedures standards: written policies, training records, third-party due diligence procedures, whistleblower channels
- Identifies any prior FCPA resolutions, UK SFO investigations, or foreign bribery prosecutions involving the partner or its affiliates using DOJ/SEC enforcement databases
Operational Capability and Complementarity Verification: COCO validates whether the partner can actually deliver its stated JV contributions:
- Verifies claimed production capacity, facility ownership, and equipment through local regulatory filings, environmental permits, and satellite imagery analysis for manufacturing-intensive JVs
- Assesses distribution network reach claims against independently verifiable market presence data — logistics permits, retail outlet contracts, customs import/export records
- Reviews patent and technology ownership claimed as JV contribution — verifies patents are currently in force, not licensed from third parties, and not subject to encumbrances
- Evaluates financial capacity to fund committed JV contributions using audited financial statements and independent credit assessments
- Benchmarks partner's claimed market share and customer relationships against independent market research and interviews with industry contacts
Governance Compatibility and Deadlock Risk Assessment: COCO evaluates structural fit for shared governance:
- Analyzes partner's historical JV governance patterns from prior partnership agreements (where publicly available) and case law from prior partnership disputes
- Identifies decision-making culture misalignment through management interview structure: consensus-based vs. hierarchical, speed of decision authority, risk tolerance in operational decisions
- Reviews any prior shareholder disputes, board deadlocks, or minority oppression claims involving the partner entity or its principals using court record searches
- Assesses exit mechanics compatibility — does the partner's expected hold period, liquidity needs, and return expectations align with the proposed JV term structure?
- Reviews applicable JV governance laws in the target jurisdiction (e.g., China Sino-foreign JV regulations, Gulf state ownership requirements, India JV shareholder agreement enforcement)
IP Protection and Technology Transfer Risk Assessment: COCO maps intellectual property exposure in JV structures:
- Identifies IP contributed to the JV by each party and assesses whether contribution agreements adequately segregate contributed IP from retained IP
- Reviews Chinese Technology Import and Export Regulations (TIER), Indian FDI technology transfer conditions, and jurisdiction-specific IP transfer approval requirements
- Assesses enforceability of IP confidentiality and non-compete provisions under the governing law of the JV jurisdiction — many emerging market courts provide weak IP enforcement
- Reviews partner's history of IP-related disputes, trade secret claims, and patent infringement actions to assess IP discipline culture
- Identifies whether the partner has pre-existing technology licensing agreements with parties that could claim rights over IP jointly developed in the JV
Exit and Dispute Resolution Pre-Assessment: COCO evaluates the unwinding scenario before the deal closes:
- Reviews proposed put/call option mechanics, ROFR provisions, and drag/tag rights for asymmetric exposure — particularly important where valuations will be determined by a third-party appraiser
- Assesses dispute resolution clause effectiveness in the proposed JV jurisdiction — arbitration seat selection, enforceability of foreign arbitral awards (New York Convention membership), interim relief availability
- Identifies local law restrictions on capital repatriation that could prevent effective JV exit (foreign exchange controls, thin capitalization rules, withholding tax on deemed distributions)
- Reviews partner's financial statements for existing pledge or encumbrance on the assets they are contributing to the JV — pledged assets cannot be effectively contributed
- Prepares JV failure scenario analysis: what happens to each party's assets, IP, customer relationships, and employees if the JV is dissolved in years 1, 3, and 5

Results & Who Benefits

Measurable Results

Partner Red Flag Detection: Structured COCO-assisted JV partner assessment detects material integrity or capability issues in 63% of cases before commitment vs. 22% detected through standard reference-based vetting
FCPA/Anti-Corruption Screening Coverage: Expands screening from 3 standard watchlists to 47 global sanctions, enforcement, and PEP databases, reducing post-formation FCPA enforcement exposure by an estimated 71%
Beneficial Ownership Mapping Time: Complete ownership chain mapping to UBO level completed in 4–6 hours vs. 5–10 business days for manual multi-registry searches
IP Risk Identification: JV IP exposure analysis coverage increased from a review of proposed contract terms only to a full IP registry cross-reference across USPTO, CNIPA, EPO, and WIPO databases
JV Failure Rate Impact: Organizations applying systematic JV partner diligence frameworks report 34% lower JV failure rates within 3 years compared to industry average

Who Benefits

Corporate Development Teams: Conduct JV partner assessments with the same rigor applied to M&A targets, reducing the information asymmetry that causes most JV failures without requiring specialized JV counsel on every deal.
International Trade Counsel and FCPA Practitioners: Obtain structured anti-corruption due diligence documentation that supports adequate procedures defense under FCPA and UK Bribery Act in the event the partner's conduct is later investigated.
Chief Compliance Officers: Build a reproducible, documented JV partner diligence process that satisfies board governance requirements and regulatory expectations for third-party risk management programs.
Private Equity and Venture Capital Firms: Apply consistent JV partner screening standards across portfolio companies pursuing strategic joint ventures, particularly in emerging markets where partner quality is the primary driver of outcome variance.

💡 Practical Prompts

Prompt 1 — JV Partner Integrity and Ownership Screening

You are conducting joint venture partner due diligence for a proposed JV formation. Conduct a comprehensive integrity and ownership assessment of the proposed partner.

JV structure: [Describe the proposed JV — 50/50 / 70/30 / other; what industry; what geography]
Our company: [Brief description of our business and what we are contributing to the JV]
Proposed partner: [Partner company name, domicile, and brief description]
Partner's stated JV contribution: [Capital / IP / Distribution network / Manufacturing capacity / Government relationships / Other]

Assessment required:
1. Map the partner's full beneficial ownership structure to ultimate individual owners — identify any state-owned enterprise connections, government official ownership, or sovereign wealth fund stakes
2. Screen all identified beneficial owners against OFAC SDN, EU Consolidated List, UN Sanctions, and PEP databases
3. Identify any prior JV or partnership relationships this partner has had with international companies — research outcomes of those partnerships
4. Search for any FCPA enforcement actions, foreign bribery prosecutions, or anti-corruption investigations involving the partner or its principals
5. Assess whether the partner's stated contributions (capital, IP, network) are verifiable from independent sources

Output: Ownership map to UBO level + sanctions screening summary + prior partnership track record + anti-corruption risk rating (High/Medium/Low) + contribution verification assessment

Prompt 2 — JV Governance Compatibility Assessment

You are a JV governance specialist assessing whether two companies can effectively share control of a joint venture. Evaluate governance compatibility and deadlock risk.

Party A (us): [Describe our company's governance culture, decision-making style, expected return timeline, and exit objectives]
Party B (proposed partner): [Describe partner's governance culture as understood from diligence, their expected hold period, and financial objectives]

Proposed JV governance structure:
- Board composition: [e.g., 2 seats each, with independent chairman]
- Reserved matters requiring unanimous consent: [list]
- Deadlock resolution mechanism: [describe — cooling off period, escalation, mediator, Russian roulette clause, etc.]
- Exit provisions: [ROFR, put/call, drag/tag — describe]
- Governing law and dispute resolution: [jurisdiction and arbitration clause]

Assessment required:
1. Identify the top 5 decisions most likely to generate deadlock given the parties' different objectives and governance cultures
2. Assess whether the proposed deadlock resolution mechanism will function in practice — particularly the Russian roulette / shoot-out clause valuation dynamics
3. Identify local law limitations on enforcing the proposed governance provisions in [JV jurisdiction]
4. Recommend governance structure modifications that reduce deadlock risk while preserving each party's legitimate protection interests
5. Assess exit mechanics for fairness under scenarios where valuation at exit is materially different from current valuation

Output: Deadlock risk matrix (top 10 decisions / likelihood of disagreement / governance mechanism available) + governance gap analysis + recommended structural modifications + exit scenario modeling

Prompt 3 — IP Protection Assessment for JV Formation

You are an intellectual property due diligence specialist evaluating IP risk in a proposed joint venture. Assess how each party's contributed IP is protected, and identify risks of IP leakage.

Our IP being contributed to JV: [Describe — patents, trade secrets, software, brand, know-how]
Partner's IP being contributed to JV: [Describe]
JV jurisdiction: [Country/state where JV will be organized and operate]
JV purpose: [What the JV will develop, manufacture, or commercialize]

IP risk assessment required:
1. Identify any jurisdiction-specific restrictions on IP contribution or technology transfer (Chinese TIER regulations, Indian FDI conditions, EU technology transfer block exemption)
2. Assess whether the proposed IP contribution agreement adequately defines the boundary between contributed IP (transferred to JV) and retained IP (licensed to JV) for our contributed IP
3. Evaluate enforceability of IP confidentiality, non-compete, and non-solicitation provisions in the JV jurisdiction
4. Assess risk of jointly developed IP becoming a point of post-JV dispute — who owns improvements, derivatives, and applications not contemplated at formation?
5. Identify specific IP leakage scenarios: employee poaching, sub-licensing to JV partner affiliates, government audit access, trade secret exposure in joint facilities

Output: IP risk matrix by asset type + jurisdiction-specific IP protection gaps + recommended IP protection clauses for the JV agreement + post-formation IP governance protocol

Prompt 4 — FCPA Anti-Corruption JV Partner Assessment

You are an FCPA compliance specialist conducting anti-corruption due diligence on a proposed joint venture partner in a high-risk jurisdiction. Assess FCPA exposure and anti-corruption compliance adequacy.

Our company: [US-listed / US-nexus company subject to FCPA]
Proposed JV partner: [Company name, jurisdiction, ownership]
JV jurisdiction: [Country — note Transparency International CPI score if known]
JV business activities: [Describe — will JV deal with government officials, obtain permits, sell to state-owned enterprises?]

Anti-corruption due diligence scope:
1. Assess partner's beneficial ownership for PEP connections — direct ownership by government officials or their immediate family members
2. Review partner's government revenue concentration — what % of revenue comes from government contracts or state-owned enterprise customers?
3. Assess partner's third-party agent and distributor network: how many agents, in which countries, and what is the commission structure?
4. Evaluate partner's documented anti-corruption compliance program against FCPA adequate procedures: policies, training, third-party DD, reporting channels, tone-from-top
5. Search DOJ/SEC FCPA enforcement releases, UK SFO enforcement announcements, and OECD Phase reports for country-level enforcement trends affecting this JV's operating environment
6. Draft FCPA risk rating and specific enhanced due diligence steps required before JV formation can proceed

Output: FCPA risk rating (Critical/High/Medium/Low) with rationale + compliance program gap assessment + required enhanced diligence steps + recommended anti-corruption provisions for JV agreement + ongoing monitoring protocol

Prompt 5 — JV Exit and Dissolution Pre-Assessment

You are stress-testing a proposed joint venture structure for exit and dissolution scenarios before the JV is formed. Identify structural weaknesses that would make unwinding the JV difficult or costly.

JV structure: [Describe the proposed JV — parties, jurisdiction, governance, industry]
Proposed exit mechanisms:
- ROFR: [Describe terms]
- Put option: [Describe trigger events and valuation methodology]
- Call option: [Describe trigger events and valuation methodology]
- Drag/tag rights: [Describe]
- Deadlock exit: [Describe resolution mechanism]

JV jurisdiction: [Country]
JV assets: [Describe key assets — IP, manufacturing facilities, customer contracts, government licenses, workforce]

Stress test scenarios:
1. SCENARIO: Our party wants to exit in Year 2 — the JV is underperforming and the partner disputes the valuation. How does the ROFR / put mechanism play out, and what leverage does each party have?
2. SCENARIO: The partner is acquired by a competitor of ours. What happens to our position in the JV? Does the change of control trigger exit rights?
3. SCENARIO: The JV runs out of cash and needs additional capital contribution. Partner refuses to contribute. What are our options?
4. SCENARIO: The JV must be dissolved due to regulatory order in the JV jurisdiction. How are assets — particularly IP and customer contracts — divided?
5. SCENARIO: Key government license or permit held by the JV cannot be transferred to either party on dissolution.

For each scenario: Assess whether the proposed JV agreement adequately addresses the scenario + identify gaps + recommend specific contract provisions to protect against worst-case outcomes

Output: Scenario-by-scenario risk assessment + contract gap matrix + recommended protective provisions + jurisdiction-specific exit law considerations

32. AI Government Contract & Debarment History Checker

Protect your acquisition from inherited federal exclusions — a single debarment finding post-close can disqualify your entire entity from all government contracting.

Pain Point & How COCO Solves It

The Pain: Government Contracting History Is a Specialized Diligence Domain That Generic Due Diligence Frameworks Ignore

Government contracting represents a specialized risk universe that most M&A due diligence frameworks address inadequately or not at all. For companies where federal, state, or foreign government contracts constitute 20% or more of revenue, the acquisition of a debarred entity or one with active exclusion proceedings is an existential deal risk — yet acquirers routinely fail to conduct contract-by-contract review, miss predecessor entity exclusions, and fail to evaluate assignability of government contracts. The SAM.gov Exclusion database lists over 130,000 currently excluded entities and individuals, and the FAR Part 9.4 debarment triggers include circumstances — criminal conviction, tax delinquency, willful misrepresentation — that are seldom disclosed voluntarily.

The contracting history risk extends beyond active debarments. A company in a government contract suspension proceeding — triggered by a grand jury subpoena, DOJ investigation, or contractor integrity referral from an Inspector General — is technically still eligible to receive new contracts, but the suspension converts to debarment in nearly 60% of contested cases. Post-acquisition discovery of an active suspension proceeding has terminated deals, required emergency government notification, and in several documented cases has resulted in the acquirer losing its own existing government contracts due to the affiliate debarment risk under FAR 9.406-1(c). Most deal teams simply run a standard SAM.gov database check and consider government contracting diligence complete.

The structural complexity of government contracting creates additional layers of risk that require specialized expertise. Federal contract assignability requires agency consent — most standard commercial contract assignment provisions do not survive federal procurement law. Task orders under Indefinite Delivery/Indefinite Quantity (IDIQ) contracts may not transfer with the base contract. Small business set-aside contracts are immediately void if the acquiring entity is not itself a qualifying small business. State and local government contracts carry different assignability rules and exclusion databases that are not captured in the federal SAM.gov system. International government contracts — NATO, UN, World Bank, regional development bank — have independent debarment registries that no single database covers.

How COCO Solves It

Multi-Database Exclusion and Debarment Screening: COCO conducts comprehensive exclusion searches across all relevant registries:
- Screens all target entities (current and historical names, DBAs, acquired entities) against SAM.gov/FAPIIS for active exclusions, proposed debarments, administrative agreements, and integrity records
- Searches state-level exclusion databases for all states where target operates: New York OGS exclusion list, California Department of General Services, Texas Comptroller debarment list, and 30+ additional state procurement exclusion registries
- Reviews World Bank Sanctions List, Inter-American Development Bank debarment list, Asian Development Bank sanctions list, and European Bank for Reconstruction and Development debarment registry for international contracting exposure
- Screens target principals (officers, directors, key personnel) individually against FAR 9.4-related exclusion records — individual exclusions affiliate to the acquiring entity under FAR 9.406-1(c)
- Reviews EPLS historical data and FAPIIS contractor performance records for documented past performance issues — terminations for default, significant quality deficiency findings, and cure notices
Contract Portfolio Assignability Analysis: COCO evaluates the transferability of the government contract revenue base:
- Reviews each federal prime contract against applicable FAR/DFARS provisions governing novation (FAR 42.12) — identifies contracts requiring agency consent and maps the novation approval timeline for each cognizant contracting officer
- Identifies IDIQ contracts and assesses whether existing task orders survive a novation — distinguishes between novation of the base contract (permitted) and automatic assignment of task orders (requires separate agency determination)
- Flags small business set-aside contracts that will be immediately void upon acquisition by a non-qualifying large business acquirer — quantifies the revenue at risk and identifies required agency notifications under FAR 19.301-2
- Reviews subcontract flow-down provisions in prime contracts that may require government consent to sub-tier assignment or impose performance obligations on successor entities
- Assesses classified contract access implications — security clearances require cognizant security agency notification and cannot be assumed by the acquirer entity without separate facility clearance action
Inspector General and Audit History Review: COCO surfaces regulatory performance scrutiny:
- Searches DOD Inspector General, HHS OIG, GSA OIG, and agency-specific IG published reports for any audit findings, referrals for suspension/debarment, or fraud investigation disclosures involving the target
- Reviews DCAA (Defense Contract Audit Agency) audit history — identifies open findings, questioned costs, unresolved indirect rate audits, and cost accounting standard non-compliance findings that create post-close liability
- Searches Congressional hearing transcripts and Government Accountability Office reports for named contractor criticism or program failure attributions
- Reviews False Claims Act (31 USC §3729) qui tam suit history using federal court PACER searches — qui tam suits involving government contractors can remain under seal for 1–3 years, creating hidden FCA exposure
- Identifies any active debarment referrals from contracting officers documented in FAPIIS Contractor Performance Assessment Reports (CPARs)
Procurement Fraud and Compliance History Assessment: COCO evaluates systemic compliance risk:
- Reviews DOJ Civil and Criminal Division press releases and federal court records for government procurement fraud cases: bid rigging, false claims, defective pricing, product substitution, and labor mischarging
- Searches SEC enforcement actions for revenue recognition issues on percentage-of-completion government contracts — often a precursor to False Claims Act liability
- Assesses target's compliance with cost accounting standards (CAS 9903), Truth in Negotiations Act (TINA) certified cost or pricing data obligations, and FAR 52.215-2 audit access clause compliance
- Reviews government cost-type contract billing practices for labor mischarging indicators: time-card review procedures, indirect rate control mechanisms, and allowable cost policy compliance
- Identifies any voluntary disclosure to agency IGs or DOJ under the DOJ's procurement fraud voluntary self-disclosure program that indicates management awareness of compliance failures
International Government Contracting and Export Control Integration: COCO maps cross-border government contracting risk:
- Reviews export license requirements for all government contracts involving defense articles, dual-use technology, or controlled software under EAR/ITAR — identifies contracts that cannot be novated without new export authorization
- Assesses Foreign Military Sales (FMS) and Direct Commercial Sale (DCS) contract portfolios for country-specific restrictions that survive acquisition
- Reviews ITAR registration status for manufacturer/exporter entities and assesses registration continuity requirements post-acquisition (ITAR §122.4 change of ownership disclosure requirement within 5 days)
- Identifies contracts with foreign government end-users that trigger OFAC, EAR, and State Department licensing obligations on the acquirer
- Reviews NATO support contracts and UN procurement contracts for contractor integrity requirements that apply to the acquiring entity
Post-Acquisition Compliance Remediation Roadmap: COCO structures the path to full compliance:
- Prioritizes pre-close agency notifications required by law: ITAR change of ownership (5 days), SBA change of ownership for 8(a) participants (immediate), security clearance DSS notification (30 days)
- Maps each identified compliance gap to the specific FAR/DFARS/agency supplement provision requiring remediation and the regulatory deadline for cure
- Designs government contracting compliance integration plan: ethics and compliance program harmonization, cost accounting system assessment, DCAA audit accommodation procedures
- Prepares government customer notification strategy — identifies which contracting officers need to be personally briefed on the transaction and what information must be disclosed proactively
- Drafts novation agreement execution schedule with agency-by-agency sequencing based on contract value, performance sensitivity, and anticipated agency processing time

Results & Who Benefits

Measurable Results

Exclusion Detection Completeness: Multi-registry screening covers 47 exclusion databases vs. SAM.gov alone (1 database), with material exclusion discovery rate 8x higher than single-database screening
Contract Novation Timeline Accuracy: Government contract assignability analysis completed in 3–4 hours vs. 2–3 weeks for manual contract-by-contract counsel review, with 94% accuracy on novation requirement identification
False Claims Act Exposure Quantification: Systematic FCA search protocol identifies qui tam exposure in an average of 11% of defense contractor acquisitions, with average exposure of $8.5M — exposure that would be entirely missed by standard diligence
ITAR Compliance Gap Identification: Change-of-ownership ITAR notification obligation missed in 67% of defense acquisitions without specialized screening; COCO-assisted review achieves 100% identification with pre-close notification timeline
Revenue Protection: Acquirers using comprehensive government contract diligence preserve an average of $23M in contract revenue that would have been at risk from missed novation requirements or set-aside violations

Who Benefits

Defense Industry M&A Teams: Systematically address the specialized compliance universe of federal defense contracting — ITAR, DFARS, DCAA, security clearances — without requiring a separate government contracting law firm review on every transaction.
Private Equity Firms Acquiring Government Services Companies: Identify debarment and compliance risk before commitment, enabling informed price adjustment or deal structure modifications that protect the investment thesis built on government contract revenue.
Government Contracts Counsel: Use COCO's multi-database screening and contract portfolio analysis as the foundation for legal opinion on assignability and compliance, focusing attorney time on high-risk findings rather than database mechanics.
Chief Compliance Officers of Acquiring Entities: Obtain a pre-close compliance gap inventory and post-close remediation roadmap that enables immediate integration planning and proactive agency communication — preventing inadvertent compliance violations during the integration window.

💡 Practical Prompts

Prompt 1 — Government Contract Portfolio Assignability Review

You are a government contracts attorney conducting acquisition diligence on a federal contractor. Review the following contract portfolio and assess novation requirements, assignability issues, and revenue at risk.

Target company: [Company Name]
DUNS/UEI: [if known]
SAM.gov registration status: [Active / Expired / Unknown]
Total government revenue: [$X annually] — [X% of total revenue]
Contract types in portfolio: [Cost-plus / Fixed-price / IDIQ / Time-and-materials / Other]

Contract portfolio (summarize or list):
[Paste contract list or summary: contract number, agency, type, value, expiration, small business set-aside designation if any]

Acquirer profile: [Large business / Small business — specify NAICS size standard qualification status]

Analysis required:
1. Identify all contracts requiring agency novation consent under FAR 42.12 — note cognizant contracting officer and anticipated approval timeline
2. Flag all small business set-aside contracts that will be voided by acquisition by a large business — quantify revenue at risk and required notification procedures
3. Identify IDIQ contracts and assess whether existing task orders are included in novation scope or require separate treatment
4. Flag any classified contracts and identify security clearance notification requirements
5. Estimate total revenue at risk from assignability issues and proposed mitigation approach for each

Output: Contract-by-contract assignability matrix + small business set-aside risk summary + novation approval timeline and sequencing plan + total revenue at risk quantification

Prompt 2 — SAM.gov and Multi-Registry Debarment Screening

You are conducting debarment and exclusion screening for an M&A transaction involving a government contractor. Conduct systematic multi-registry screening.

Entities to screen:
1. Current legal entity name: [Name] — EIN: [number] — CAGE code: [code]
2. Former names / DBAs: [List all historical names, trade names, doing-business-as names]
3. Acquired subsidiaries: [List any entities acquired in last 10 years]
4. Key principals to screen individually: [CEO name], [CFO name], [President name], [any other named officers]

Registry screening required:
1. SAM.gov Exclusions — active exclusions, proposed debarments, administrative agreements
2. FAPIIS — contractor integrity and performance information, including terminations for default and administrative actions
3. HHS OIG Exclusions List (LEIE) — if target operates in healthcare-adjacent government contracting
4. State exclusion registries for: [list states where target holds contracts]
5. World Bank / MDB sanctions lists — if any international development bank contracting

Screening results: [Paste any findings or indicate "no results" for each registry]

Analysis required:
1. Assess whether any positive hits represent the same entity as the target (name matching analysis)
2. For any confirmed exclusions: determine exclusion type, basis, period, and whether it has expired
3. Assess FAR 9.406-1(c) affiliation risk — do any individual exclusions affiliate to the corporate entity being acquired?
4. Identify whether any pending agency IG referrals or debarment proceedings are disclosed in FAPIIS
5. Recommend deal structure modifications if active exclusions are identified

Output: Screening results table by registry + affiliation risk assessment + exclusion impact analysis + deal structure recommendation if exclusions found

Prompt 3 — False Claims Act Exposure Assessment

You are a False Claims Act specialist conducting exposure assessment for an M&A transaction involving a government contractor. Identify FCA risk and quantify potential exposure.

Target company: [Company Name]
Government contract revenue: [$X] — [what % of total revenue]
Contract types: [Cost-type / Fixed-price / Grants — describe mix]
Known compliance issues: [Any disclosed billing disputes, audit findings, OIG investigations, or employee complaints]
Industry: [Defense / Healthcare / Information Technology / Other]

FCA exposure assessment:
1. Review DOJ Civil Division press releases and settlement announcements for prior FCA matters involving this company or its predecessors (search by company name and by principals)
2. Search federal court PACER for any FCA qui tam actions naming this company — note that qui tam suits may be under seal; identify any pending DOJ interventions from public dockets
3. Assess billing practices for FCA red flags by contract type:
   - Cost-type: time-card controls, indirect rate accuracy, allowable cost compliance
   - Fixed-price: product substitution risk, specification compliance attestations
   - Grants: use of funds restrictions, matching requirement compliance, progress report accuracy
4. Evaluate whether any disclosed warranty or quality escapes created false certification of conformance
5. Estimate FCA exposure range using reverse false claims and false certification theories if applicable

Output: FCA exposure probability assessment + exposure range estimate + specific contract areas requiring enhanced diligence + recommended SPA FCA indemnification provisions

Prompt 4 — ITAR/EAR Compliance Assessment for Defense Contractor Acquisition

You are an export control compliance specialist conducting ITAR/EAR diligence for the acquisition of a defense contractor. Assess export control compliance and change-of-ownership obligations.

Target company: [Company Name]
ITAR registration status: [Registered / Not registered — registration number if known]
Products/services: [Describe defense articles, dual-use technology, or controlled software]
Government contract types: [Foreign Military Sales / Direct Commercial Sales / domestic only]
End-user countries in contracts: [List countries where target has government end-users]
Known export control issues: [Any prior violations, voluntary self-disclosures, or DDTC/BIS enforcement actions]

ITAR/EAR compliance assessment:
1. Assess ITAR Part 122.4 change-of-ownership disclosure obligation — 5-day notification to DDTC required; identify responsible party and draft notification outline
2. Review any outstanding export license conditions that impose obligations on the registrant entity and assess how acquisition affects those conditions
3. Identify any unauthorized re-export or deemed export violations that should have been voluntarily disclosed and assess voluntary self-disclosure obligation
4. Review EAR Export Administration Regulations registration, license exceptions used, and any BIS Entity List screening gaps in the supply chain
5. Assess technology control plan (TCP) adequacy for protecting ITAR-controlled technical data from unauthorized foreign national access post-acquisition

Output: ITAR/EAR compliance gap assessment + change-of-ownership notification obligations with deadlines + voluntary disclosure assessment + TCP update requirements + integration compliance roadmap

Prompt 5 — State and Local Government Contract Portfolio Review

You are conducting state and local government contract diligence for an M&A transaction. Assess the target's state and local government contract portfolio for assignability and compliance issues.

Target company: [Company Name]
State and local government revenue: [$X annually] — [list top 5 government agency customers by revenue]
States with significant contract presence: [list states]
Contract types: [IT services / Construction / Healthcare services / Professional services / Other]
Known compliance issues: [Any state audit findings, debarment proceedings, or contract disputes]

Assessment required:
1. Review state procurement debarment databases for all states listed — note that state debarment databases are not consolidated and each must be checked separately
2. Assess contract assignability under state procurement law for each major state — many states require individual agency consent distinct from FAR novation requirements
3. Identify any municipal bond-financed projects where federal prevailing wage (Davis-Bacon) or state prevailing wage laws apply and assess compliance history
4. Review state False Claims Act exposure in states with independent FCA statutes (California, New York, Illinois, Texas, and 20+ others) — state FCA penalties can exceed federal penalties for state-funded contracts
5. Assess MBE/WBE/DBE set-aside contracts at state and local level — parallel analysis to federal small business concern for state preference programs

Output: State-by-state contract assignability assessment + state debarment screening results + state FCA exposure summary + set-aside program compliance risk + priority remediation actions

33. AI Cross-Jurisdictional Compliance Framework Mapper

When your acquisition spans three countries and four regulatory regimes, you need a compliance map before you can build a compliance plan.

Pain Point & How COCO Solves It

The Pain: Multi-Jurisdictional Compliance Is the Fastest-Growing Source of Post-Acquisition Surprises

Cross-border M&A has never been more complex from a regulatory compliance standpoint. A single acquisition of a company with operations in the United States, United Kingdom, Germany, and Singapore simultaneously triggers GDPR obligations in Germany (and by extension the EU), PDPA obligations in Singapore, UK GDPR post-Brexit, California CCPA/CPRA if any California residents are in the data inventory, and a dozen additional state-level privacy laws — each with different data subject rights, breach notification timelines, and enforcement regimes. The compliance team that adequately maps this framework before close can integrate effectively; the team that misses it discovers violations during the first post-close regulatory audit.

Privacy law is just the most visible dimension of cross-jurisdictional compliance complexity. A manufacturing acquisition spanning the US, Mexico, and Canada must navigate TSCA, REACH, and Canadian Environmental Protection Act chemical compliance simultaneously — and the chemical substances permitted in each jurisdiction differ materially. Financial services acquisitions across EU, UK, and US jurisdictions must contend with MiFID II, FCA regulatory rules, and SEC/FINRA requirements that are increasingly divergent post-Brexit. Employment law harmonization across multiple civil law (Continental Europe) and common law (UK, US, Australia) jurisdictions requires restructuring employment agreements, benefit structures, and termination procedures that are legally incompatible between jurisdictions. The compliance cost of getting cross-jurisdictional integration wrong routinely exceeds $50M for mid-size acquisitions.

Due diligence teams facing multi-jurisdictional acquisitions typically lack the geographic expertise to map compliance requirements beyond their home jurisdiction. A New York-based deal team will diligence US compliance thoroughly, outsource EU compliance to Brussels counsel, and hope that the two compliance summaries can be stitched together into a coherent picture — often without identifying the conflicts between jurisdictions (e.g., EU works council consultation requirements that prohibit certain US restructuring actions during integration). The result is a siloed compliance picture that identifies issues by jurisdiction but fails to identify cross-jurisdictional conflicts, integration sequencing constraints, and regulatory approval interdependencies.

How COCO Solves It

Comprehensive Compliance Universe Mapping: COCO identifies every applicable regulatory framework based on the target's operational footprint:
- Maps applicable regulatory domains by jurisdiction: data protection, employment/labor, environmental, financial services, competition/antitrust, consumer protection, product safety, and sector-specific regulation
- Identifies the specific statute, regulation, and supervisory authority for each compliance obligation across all 40+ jurisdictions where target operates
- Flags jurisdictions with extraterritorial application — GDPR's reach to non-EU processors of EU resident data, FCPA's application to non-US companies with US nexus, and OFAC's long-arm jurisdiction
- Distinguishes primary compliance obligations (direct licensee/registrant) from secondary compliance obligations (flow-down contractual requirements from customers or supply chain)
- Identifies pending regulatory changes in each jurisdiction with effective dates that will affect the post-acquisition compliance burden
Data Protection and Privacy Compliance Cross-Map: COCO navigates the global privacy regulatory patchwork:
- Maps all applicable privacy laws by jurisdiction: GDPR (EU 27 member states), UK GDPR, US state laws (CCPA/CPRA, VCDPA, CPA, CTDPA, and 15+ additional state laws), PIPL (China), PDPA (Singapore, Thailand), LGPD (Brazil), POPIA (South Africa)
- Identifies data transfers between jurisdictions and assesses the legal mechanism required for each: SCCs under GDPR, BCRs, adequacy decisions, consent-based mechanisms
- Maps data subject rights obligations by jurisdiction — right to deletion, right to portability, right to object, consent withdrawal — and identifies operational systems that must support each right
- Calculates maximum penalty exposure by jurisdiction under worst-case breach scenario: GDPR (4% of global turnover), CCPA ($7,500 per intentional violation), LGPD (2% of Brazilian revenue)
- Designs unified data protection compliance framework that satisfies the most restrictive jurisdiction while remaining operable across all jurisdictions
Employment and Labor Law Harmonization Analysis: COCO identifies cross-border employment compliance conflicts:
- Maps mandatory employee consultation obligations: EU Works Council requirements (European Works Council Directive), German Betriebsrat co-determination rights, French Comité Social et Économique — identifies which integration actions require consultation before implementation
- Identifies employment contracts that cannot be unilaterally modified under civil law employment protection: German KSchG, French Code du Travail, Italian Statuto dei Lavoratori, Spanish Estatuto de los Trabajadores
- Assesses mandatory severance and redundancy payment obligations by jurisdiction for anticipated integration workforce reductions — builds total workforce cost model for any planned restructuring
- Reviews non-compete and non-solicitation enforceability by jurisdiction: unenforceable in California, highly restricted in Germany and France, broadly enforceable in most US states
- Maps benefits harmonization requirements: pension plan consolidation (defined benefit legacy plans requiring actuarial assessment), health benefit design requirements under ACA and equivalent EU directives
Environmental and Product Safety Cross-Jurisdictional Assessment: COCO identifies product and site compliance conflicts:
- Maps chemical registration obligations: US TSCA inventory, EU REACH registration, Canada DSL, South Korea K-REACH, China MEP chemical inventory — identifies substances permitted in some but not all markets
- Assesses EU RoHS, WEEE, CE marking, and UKCA marking requirements for product compliance post-Brexit (UK no longer accepts CE marking for most product categories)
- Reviews environmental site remediation obligations by jurisdiction — particularly differences between US Superfund (strict liability, retroactive) vs. EU contaminated land directives (polluter pays, contemporaneous)
- Maps product liability regulatory regimes: EU Product Liability Directive reform (2024), US state tort law, and emerging markets product safety regulation
- Identifies product recall coordination requirements across jurisdictions for any product safety issues discovered in diligence
Financial Services Regulatory Licensing and Authorization Assessment: COCO maps the license portfolio for financial services acquisitions:
- Inventories all financial services licenses, authorizations, and registrations across all jurisdictions: banking licenses, investment advisor registrations, insurance licenses, payment institution authorizations
- Identifies change-of-control approval requirements for each license — typically requiring 60–180 days advance application to each regulator
- Assesses regulatory capital requirements that must be satisfied at each licensed entity post-acquisition — merger of entities may trigger minimum capital re-calculation
- Reviews passporting arrangements under EU financial services law that may be disrupted by change of ownership or group restructuring
- Identifies any regulatory enforcement actions, formal warnings, or elevated supervisory attention that could delay or condition change-of-control approval
Compliance Gap Prioritization and Integration Sequencing: COCO translates the compliance map into an actionable integration plan:
- Prioritizes compliance gaps by: (a) regulatory penalty severity, (b) likelihood of regulatory scrutiny, (c) operational disruption if gap is discovered post-close
- Identifies compliance obligations with pre-close deadlines: ITAR notification (5 days), GDPR change of controller notification, works council consultation (must be completed before restructuring implementation)
- Sequences compliance remediation actions against integration milestones — identifies which integration steps are legally blocked until compliance requirements are satisfied
- Designs compliance monitoring framework for the post-acquisition period: regulatory change tracking, license renewal calendar, audit and inspection readiness protocol
- Estimates total compliance remediation cost by jurisdiction and compliance domain — feeds into deal model and integration budget

Results & Who Benefits

Measurable Results

Compliance Universe Coverage: COCO-assisted mapping identifies an average of 340% more applicable compliance obligations than jurisdiction-by-jurisdiction counsel review alone, particularly for emerging market and extraterritorial applications
Works Council Consultation Compliance: EU works council consultation requirement missed in 78% of US-headquartered acquirers' integration plans; COCO-assisted review achieves 100% identification with pre-close timeline embedded in integration plan
Data Transfer Mechanism Identification: Cross-border data transfer legal mechanism gaps identified in an average of 4.7 data flows per target company, preventing GDPR enforcement actions averaging €2.8M per incident
Regulatory Change-of-Control Application Timeline: Advance identification of change-of-control license applications enables 60-day earlier filing, reducing deal close-to-full-operation delay by an average of 45 days for financial services transactions
Compliance Remediation Cost Accuracy: Pre-close compliance gap quantification achieves 85% accuracy on total remediation cost vs. post-close discovery, which typically uncovers 3.2x higher costs than pre-close estimates

Who Benefits

Chief Compliance Officers and General Counsel: Obtain a comprehensive, jurisdiction-resolved compliance map that enables confident integration planning rather than reactive compliance crisis management in the post-close period.
Integration Management Office Leaders: Receive a sequenced compliance integration plan that embeds regulatory deadlines into integration milestones — preventing integration actions that inadvertently trigger compliance violations.
M&A Partners at Law Firms: Use COCO's cross-jurisdictional compliance matrix as the foundation for multi-jurisdictional legal opinion coordination, reducing duplication across local counsel and identifying cross-jurisdictional conflicts that no single local counsel can see.
Private Equity Portco CFOs: Accurately model compliance remediation costs in the acquisition business plan, avoiding the cash flow surprise that post-close compliance discovery creates for portfolio company financial models.

💡 Practical Prompts

Prompt 1 — Compliance Universe Mapping

You are a cross-jurisdictional compliance specialist. Map the complete compliance universe for a proposed acquisition target based on its operational footprint.

Target company: [Company Name]
Industry: [Sector — be specific: e.g., fintech payments processor, medical device manufacturer, B2B SaaS company]
Operational presence (list all jurisdictions with employees, customers, or data):
- United States: [states with employees / customers]
- European Union: [member states]
- United Kingdom: [yes/no]
- Asia Pacific: [countries]
- Latin America: [countries]
- Middle East/Africa: [countries]

Business activities in each major region: [brief description — e.g., EU: sales office + data processing center; APAC: manufacturing + customer data stored]
Data types processed: [consumer PII / employee data / payment card data / health data / financial data]
Products sold: [physical products subject to product safety regulation / digital services / financial products]
Revenue from regulated industries: [government contracts / healthcare / financial services / other regulated sectors]

Deliverable: Complete compliance matrix organized by jurisdiction x regulatory domain (privacy / employment / environmental / financial services / product safety / competition / export controls). For each cell: applicable law, supervising authority, license/registration required (Y/N), change-of-control notification required, and penalty range for non-compliance.

Prompt 2 — EU Works Council Consultation Planning

You are a European labor law specialist planning EU works council consultation for a cross-border acquisition. Design the consultation process and integration sequencing requirements.

Transaction: [Describe the acquisition — acquirer, target, deal structure]
EU jurisdictions with employee presence: [list countries and approximate headcount in each]
EU legal entities involved: [list target entities operating in EU]
European Works Council: [Does the target have an EWC? If yes, describe its composition and agreement]
National works councils: [list countries where national works councils or employee representative bodies exist]

Integration plans affecting EU employees:
1. [Describe planned workforce reductions, if any — countries, numbers, timing]
2. [Describe planned organizational restructuring — entity mergers, site closures, relocation]
3. [Describe planned benefit harmonization changes]
4. [Describe planned employment contract changes]

Analysis required:
1. Map consultation obligations by jurisdiction — which actions require information only vs. consultation vs. co-determination (German Betriebsrat model)
2. Identify minimum consultation periods before implementation is legally permitted in each jurisdiction
3. Assess whether any planned integration actions are legally blocked pending works council consultation completion
4. Design consultation sequencing: what must be disclosed, to which body, in what sequence, and with what minimum notice period
5. Identify any information that constitutes confidential business information under EU Directive 2002/14/EC and may be withheld from consultation

Output: Works council consultation roadmap with jurisdiction-by-jurisdiction obligations + integration action sequencing calendar + legally blocked actions list + consultation document outlines

Prompt 3 — Global Privacy Compliance Gap Assessment

You are a global data privacy compliance specialist conducting cross-jurisdictional privacy due diligence. Assess compliance gaps and data transfer legality across all applicable privacy regimes.

Target company: [Company Name]
Data subjects by region:
- EU/EEA residents: [approximate number]
- UK residents: [approximate number]
- California residents: [approximate number]
- Other US state residents: [approximate number — note which states]
- China residents (PIPL): [approximate number]
- Brazil residents (LGPD): [approximate number]
- Other: [describe]

Data categories processed: [list — name, email, IP address, location, financial data, health data, biometric data, etc.]
Data flows (transfers between jurisdictions): [describe what data flows where — e.g., EU customer data processed on US servers]
Current privacy compliance program: [describe — privacy policy existence, DPA agreements in place, breach notification procedures, DPO designation]
Known privacy incidents: [any prior breaches, regulatory inquiries, data subject complaints]

Analysis required:
1. Assess GDPR compliance adequacy for EU resident data — legal basis for processing, DPIA requirement, DPO appointment, records of processing
2. Identify all international data transfers and assess legal transfer mechanism: SCCs (assess current version compliance), BCRs, adequacy decision coverage
3. Assess CCPA/CPRA compliance for California residents: consumer rights implementation, opt-out mechanism, service provider agreements
4. Assess PIPL compliance for Chinese resident data — data localization requirements, cross-border transfer assessment requirements
5. Identify maximum penalty exposure by jurisdiction and assess likely regulatory scrutiny intensity based on data category sensitivity

Output: Privacy compliance gap matrix by jurisdiction + international transfer mechanism assessment + breach notification obligation comparison + maximum penalty exposure quantification + priority remediation roadmap

Prompt 4 — Financial Services License Change-of-Control Assessment

You are a financial services regulatory specialist conducting change-of-control license assessment for a fintech / financial services acquisition. Map all licenses requiring pre-close regulatory approval.

Target company: [Company Name]
Financial services activities: [payments / lending / investment advisory / insurance / banking / other]
License inventory: [list all known licenses, registrations, and authorizations held by entity and its subsidiaries]
Jurisdictions of operation: [list all jurisdictions — US states, EU member states, UK, APAC, etc.]
Acquirer profile: [describe the acquirer — is acquirer already regulated in these jurisdictions?]
Transaction structure: [share purchase / asset purchase / merger — note if licensed entity is being acquired or only assets]

License change-of-control assessment:
1. Identify each license requiring change-of-control application or notification — specify the regulatory authority, application type, and statutory approval timeline
2. Distinguish between pre-close approval required (deal cannot close without it) vs. post-close notification required (notify within X days of close)
3. Identify regulatory capital implications: does the acquisition trigger a re-calculation of minimum capital requirements at any licensed entity?
4. Assess passporting implications in EU — does the change of ownership affect the home state supervisor and therefore all passported authorizations?
5. Identify any licenses that cannot be transferred and must be re-applied for by the acquirer entity (common in US state money transmitter licenses for asset purchases)

Output: License-by-license change-of-control requirement matrix + pre-close vs. post-close approval sequencing calendar + capital requirement impact assessment + license re-application list for asset purchase structures

Prompt 5 — Environmental Regulatory Compliance Cross-Map

You are an environmental compliance specialist conducting cross-jurisdictional environmental due diligence. Map applicable environmental regulatory obligations and compliance gaps.

Target company: [Company Name]
Manufacturing/operational sites: [list sites by country and activity — e.g., manufacturing plant in Germany, distribution center in Texas, R&D lab in Singapore]
Products: [describe — what chemicals, materials, or substances are used or incorporated in products]
Industry: [chemical / electronics / automotive / pharmaceutical / food / other]
Known environmental issues: [any disclosed site contamination, permit violations, regulatory notices, or environmental litigation]

Environmental compliance mapping required:
1. US environmental compliance: RCRA (hazardous waste), CERCLA (site liability), Clean Air Act permits, Clean Water Act NPDES permits, TSCA chemical inventory — assess compliance status for US sites
2. EU environmental compliance: REACH registration, RoHS/WEEE directives, Industrial Emissions Directive permits (for manufacturing sites), EU Taxonomy environmental sustainability criteria
3. UK environmental compliance post-Brexit: UKCA product marking, UK REACH (diverging from EU REACH), Environment Agency permits
4. Other jurisdictions: [assess based on operational presence — Chinese MEP permits, Singapore NEA requirements, etc.]
5. Cross-jurisdictional product compliance conflicts: identify any chemical substance that is restricted in one market but not others — assess product reformulation requirements and timeline

Output: Environmental compliance gap matrix by site and jurisdiction + product substance compliance cross-map + remediation site liability estimate + regulatory permit transfer requirements + cross-jurisdictional product compliance conflict list

34. AI Distressed Asset & Bankruptcy History Analyzer

Uncover the full liability footprint of a distressed acquisition before the gavel falls — because in bankruptcy, what you don't know absolutely can hurt you.

Pain Point & How COCO Solves It

The Pain: Distressed Asset Transactions Compress Diligence Timelines While Hiding Concentrated Liability

Distressed M&A transactions — whether 363 bankruptcy sales, loan-to-own strategies, out-of-court restructurings, or distressed debt acquisitions — present a paradox: the assets are available at deep discounts precisely because the risk profile is elevated, yet the compressed timelines, restricted data room access, and information asymmetry inherent in distressed situations make thorough due diligence extraordinarily difficult. Bankruptcy auctions may allow 10–21 days from data room opening to bid submission. Out-of-court distressed transactions often operate without a formal data room at all. Sellers and their advisors, operating under the stress of financial crisis, provide incomplete or deliberately misleading information about liability exposure.

The structural complexity of distressed acquisitions creates liability vectors that are largely absent from healthy-company M&A. In a 363 bankruptcy sale, the "free and clear" provision of Bankruptcy Code §363(f) theoretically extinguishes most successor liability claims — but the exceptions are substantial. Environmental cleanup obligations survive under CERCLA successor liability doctrine even after a 363 sale in many circuits. Union successor liability under the NLRA can survive asset purchases if the acquirer retains a majority of the workforce. Product liability claims for pre-sale conduct, particularly mass tort situations, frequently survive 363 orders because claimants may not have received adequate notice. Fraudulent conveyance claims can unwind a completed transaction if the sale price is later found to have been below fair market value. In the post-WeWork and Rite Aid bankruptcy environment, courts have increasingly scrutinized 363 sale process integrity.

Analysts conducting diligence on distressed assets face a fundamental challenge: the company's records are often a shambles. Accounting systems haven't been maintained. Personnel who understood the business have departed. Customer and vendor relationships are in flux. Environmental compliance lapsed during the financial crisis period. The distressed company may have layered on new secured debt using assets as collateral in ways that aren't obvious from the capital structure summary. A systematic approach to distressed asset diligence requires a dedicated analytical framework that goes far beyond the standard M&A checklist.

How COCO Solves It

Bankruptcy Proceeding Deep Dive and Liability Mapping: COCO analyzes the complete bankruptcy case record:
- Retrieves and analyzes all filed documents in the target's bankruptcy proceeding via PACER: schedules of assets and liabilities, statements of financial affairs, proof of claim register, and all contested matter dockets
- Identifies all filed proofs of claim by category (secured, priority, unsecured), creditor identity, and claimed amount — assesses which claims are likely to survive sale vs. be discharged
- Reviews all executory contracts and unexpired leases listed on Schedule G to identify which must be assumed or rejected in the 363 sale, and the associated cure costs
- Tracks all adversary proceedings and contested matters — preference actions, fraudulent transfer claims, and lien avoidance actions — that could affect the asset pool
- Monitors docket daily during the bid period for new filings that materially affect the asset or liability profile
Pre-Petition Liability Archaeology: COCO excavates legacy liabilities from before the bankruptcy filing:
- Reconstructs the liability timeline through 5–10 years of pre-petition financial statements, tax returns, and regulatory filings to identify obligations that may not appear in filed schedules
- Searches EPA Comprehensive Environmental Response, Compensation and Liability Information System (CERCLIS) and equivalent state environmental databases for undisclosed site contamination
- Reviews pre-petition litigation history using PACER and state court databases for mass tort, product liability, and class action exposure — particularly cases that may have been stayed by the automatic stay but not discharged
- Identifies WARN Act violations and Worker Adjustment and Retraining Notification obligations from pre-petition or bankruptcy-period layoffs — unaddressed WARN claims survive 363 sales as successor liability in some circuits
- Reviews PBGC Premium Filings and 5500 filings for pension plan funding deficiencies — ERISA multiemployer pension withdrawal liability can attach to acquirers of unionized workforces
Secured Debt and Lien Analysis: COCO maps the capital structure and lien priority:
- Retrieves all UCC-1 financing statements from all relevant jurisdictions (state of incorporation, state of operations) and maps collateral packages securing each creditor
- Identifies any lien avoidance actions pending that could affect the priority or validity of purportedly senior secured debt
- Assesses DIP (Debtor-in-Possession) financing terms — particularly DIP super-priority priming liens, roll-up provisions, and milestones that constrain the sale process
- Reviews pre-petition credit agreement amendments, including any disputed lien grants that are subject to preference period challenge
- Maps any subordination agreements between creditor classes that affect recovery waterfalls and asset sale proceeds distribution
Operational Continuity Risk During Distressed Integration: COCO assesses what survives and what doesn't:
- Evaluates customer contract retention: identifies which contracts have change-of-control provisions, assignment restrictions, or termination rights triggered by bankruptcy or sale
- Assesses vendor and supplier relationship stability: reviews payment history during the distressed period and identifies critical sole-source suppliers who may not extend trade credit to the acquirer
- Reviews intellectual property ownership — IP may have been pledged to lenders, licensed under terms affected by debtor's rejection power, or subject to pending infringement disputes
- Evaluates workforce retention risk: key talent departures during bankruptcy reduce operational value; assesses what retention agreements the estate has in place and whether acquirer can maintain them
- Reviews regulatory license and permit transferability — licenses issued to the debtor entity may not transfer with the sale absent regulatory approval
Post-Sale Successor Liability Risk Assessment: COCO identifies which liabilities survive a "free and clear" sale:
- Analyzes the circuit-specific treatment of CERCLA successor liability in 363 sales — critically important in circuits (like the Third Circuit) where environmental successor liability survives 363 orders
- Assesses NLRA successor liability exposure if acquirer retains a majority of the target's workforce — union contract obligations, pending NLRB charges, and unfair labor practice findings
- Reviews product liability mass tort exposure: identifies whether a channeling injunction or trust has been established for pre-petition product liability claims, or whether claims remain open against successor
- Assesses state tax successor liability statutes — many states impose bulk sale notice requirements and successor liability for state taxes even in bankruptcy sales
- Evaluates whether the 363 sale notice process was adequate to bind future claimants — particularly for latent injury claims (asbestos, toxic tort) where claimants are not ascertainable at time of sale
Distressed Asset Valuation Support and Bid Strategy: COCO provides analytical support for pricing and bid structure:
- Quantifies total liability exposure by category — disclosed claims, undisclosed estimated claims, successor liability risk, and environmental exposure — and risk-adjusts against 363 protection scope
- Models alternative bid structures: cash bid vs. credit bid by secured creditors, asset purchase vs. equity purchase, assumed liabilities vs. cash price trade-offs
- Benchmarks the distressed asset's financial profile against comparable distressed transaction multiples using bankruptcy case databases and distressed M&A comps
- Develops break-fee and bid protection analysis for stalking-horse bidder negotiations
- Models liquidation value as floor for 363 bid — ensures proposed acquisition bid clears the "best interests of creditors" test that courts apply

Results & Who Benefits

Measurable Results

Pre-Petition Liability Detection Rate: Systematic COCO-assisted distressed diligence identifies undisclosed pre-petition liabilities in 71% of cases — average undisclosed liability identified: $4.8M per transaction
CERCLA Successor Liability Identification: Environmental site review detects unreported CERCLA/CERCLIS liability entries in 34% of industrial distressed acquisitions — average exposure identified: $6.2M
Bankruptcy Docket Monitoring: Automated docket tracking surfaces material new filings within 2 hours vs. manual monitoring (typically 24–48 hours) — critical during compressed 363 sale timelines
Executory Contract Cure Cost Accuracy: Systematic Schedule G review identifies cure cost obligations with 89% accuracy, vs. 45% accuracy from informal diligence in compressed timelines
Bid Price Optimization: Distressed asset liability quantification enables bidders to price risk accurately — acquirers using systematic distressed diligence achieve 12% lower effective bid prices on average while winning competitively

Who Benefits

Distressed Debt and Special Situations Investors: Conduct comprehensive liability archaeology within the compressed timelines of bankruptcy auctions, enabling confident bid pricing without the "hope and pray" liability estimation that characterizes many distressed situations.
Turnaround and Restructuring Advisors: Use COCO's operational continuity analysis to design 100-day stabilization plans that address the specific customer, vendor, and workforce risks of the distressed target.
Bankruptcy Counsel and Litigation Finance Investors: Rapidly analyze complex bankruptcy case records to identify litigation value — preference claims, fraudulent transfer actions, and lien avoidance — in distressed investment opportunities.
Corporate Development Teams Pursuing Distressed Bolt-On Acquisitions: Apply systematic distressed diligence framework to opportunities that arise when competitors enter financial distress, capturing strategic assets at distressed valuations with manageable risk.

💡 Practical Prompts

Prompt 1 — Bankruptcy Case Record Analysis

You are a distressed M&A specialist analyzing a bankruptcy case in preparation for a 363 asset sale bid. Conduct a comprehensive analysis of the case record.

Debtor: [Company Name]
Bankruptcy court: [District — e.g., District of Delaware, SDNY]
Case number: [if known]
Chapter: [7 / 11 / Sub V]
Filing date: [Date]
Proposed 363 sale date: [Date]
Assets being acquired: [Describe the assets included in the 363 sale]

Key case documents available: [list what you have — schedules, SOFA, plan, disclosure statement, DIP order, sale motion, stalking horse APA]

Analysis required:
1. Summarize the debtor's disclosed assets and liabilities from Schedules A/B and D/E/F — identify any material mismatches with diligence findings
2. Review Statement of Financial Affairs for pre-petition litigation, legal proceedings, environmental compliance issues, and significant transfers in the 2 years before filing
3. Identify all proofs of claim filed by government agencies — EPA, DOL, IRS, state AG — and assess whether these survive the 363 sale
4. Map all executory contracts and unexpired leases on Schedule G — estimate cure costs for contracts acquirer would want to assume
5. Identify any pending adversary proceedings that could affect the asset pool or sale process validity

Output: Case summary + total liability exposure by category + schedule G cure cost estimate + successor liability risk assessment by claim type + key issues requiring resolution before bid submission

Prompt 2 — Pre-Petition Liability Discovery

You are conducting pre-petition liability archaeology for a distressed acquisition. Identify hidden liabilities that may not appear in the bankruptcy schedules.

Target company: [Company Name]
Industry: [Sector — especially note if manufacturing, chemical, healthcare, or other high-liability sectors]
Operational history: [Years in operation, prior ownership, known operational issues]
Available financial data: [List what pre-petition records are available — tax returns, audited financials, regulatory filings]

Pre-petition liability search:
1. ENVIRONMENTAL: Search EPA CERCLIS, state environmental agency databases, and environmental court records for any sites where this company is listed as a potentially responsible party (PRP). For manufacturing sites, assess whether soil/groundwater contamination creates CERCLA successor liability exposure.
2. PRODUCT LIABILITY: Identify any pending or dismissed product liability litigation — particularly any mass tort, class action, or MDL proceedings. Assess whether claims were stayed by automatic stay or whether latent injury claimants exist who have not yet filed.
3. PENSION/ERISA: Review Form 5500 filings for pension funding status and PBGC variable premium history. Identify multiemployer pension fund participation and assess withdrawal liability exposure.
4. TAX: Identify any outstanding IRS or state tax authority claims not reflected in bankruptcy schedules. Assess trust fund tax (payroll tax withholding) exposure — trust fund claims are personal liability of responsible persons, not dischargeable.
5. REGULATORY: Identify any regulatory violation notices, consent orders, or settlement agreements from pre-petition period that create ongoing remediation obligations.

Output: Pre-petition liability inventory by category + exposure quantification range + assessment of 363 "free and clear" protection applicability to each category + due diligence priority ranking

Prompt 3 — 363 Successor Liability Risk Assessment

You are a bankruptcy law specialist assessing successor liability exposure for a proposed 363 asset acquisition. Analyze which liabilities survive the "free and clear" sale order.

Transaction: [Describe the 363 sale — what assets, what court, what jurisdiction]
Acquirer: [Describe acquirer — corporate structure, industry, regulatory status]
Known liabilities of the debtor: [Summarize key liability categories — environmental, product liability, union, tax, regulatory]
Proposed APA structure: [Asset purchase / include which liabilities / exclude which liabilities]
Proposed sale protections: [Successor liability carve-outs, channeling injunctions, indemnification from estate]

Successor liability analysis by category:

ENVIRONMENTAL: In this circuit ([circuit name]), does CERCLA successor liability survive a 363 "free and clear" sale? Cite applicable precedent (Ohio v. Kovacs, Ninth Circuit vs. Third Circuit split). What environmental claims survive, and what do courts require for CERCLA liability to be extinguished?

LABOR/UNION: If acquirer retains more than [X]% of debtor's unionized workforce, what NLRA successor liability obligations attach? Does the debtor's CBA survive, or does acquirer have duty to bargain only? Status of any pending NLRB charges?

PRODUCT LIABILITY: Were adequate notice procedures followed to bind future product liability claimants? What is the circuit rule on 363 discharge of mass tort claims from latent injury claimants? Is there a need for a channeling injunction or trust?

TAX: Which state bulk sale notification statutes apply? Does [state] impose successor liability for sales tax, unemployment tax, or workers' comp assessments despite 363 order?

Output: Successor liability risk matrix by claim type + circuit-specific legal analysis + proposed APA protective provisions + recommended remediation actions before bid submission

Prompt 4 — Distressed Asset Operational Continuity Assessment

You are assessing operational continuity risk for the acquisition of a distressed company. Evaluate whether the business can be stabilized post-acquisition.

Target company: [Company Name]
Industry and business model: [describe]
Financial distress period: [How long has the company been in distress — how many months of liquidity runway at filing?]
Key operational risks identified:

CUSTOMERS: [List top 5 customers and their current status — have any terminated contracts? Filed claims in bankruptcy? Shifted orders to competitors?]
VENDORS: [List critical suppliers — are they on COD? Have they refused to ship? Are there sole-source dependencies?]
WORKFORCE: [What is current headcount vs. 12 months ago? Have key technical or management personnel departed? Are there WARN Act obligations from pre-petition layoffs?]
TECHNOLOGY: [Is the IT infrastructure maintained? Are software licenses current? Are there SaaS subscriptions that are in arrears?]
REGULATORY: [Are all operating licenses and permits current? Have any lapsed during the distress period?]

Operational continuity assessment:
1. Identify the 3 most critical operational risks that could prevent business continuity on Day 1 post-acquisition
2. Assess customer retention probability — which customers are likely to stay and which are likely to churn regardless of acquisition?
3. Design a vendor stabilization plan for critical suppliers who require COD or pre-payment assurance
4. Estimate cash requirement for Day 1 operational stabilization (working capital injection, cure costs, WARN Act, critical vendor agreements)
5. Identify any regulatory permits requiring re-application that could delay operational restart

Output: Day 1 operational readiness assessment + cash requirement model for stabilization + customer retention probability matrix + critical vendor stabilization plan + regulatory restart timeline

Prompt 5 — Distressed Bid Pricing and Structure Analysis

You are advising a buyer on bid strategy for a 363 bankruptcy auction. Analyze the bid structure options and recommend an optimal approach.

Target assets: [Describe the assets being auctioned — business units, real property, IP, customer lists, equipment]
Stalking-horse APA terms: [Describe stalking-horse bid — purchase price, assumed liabilities, breakup fee, matching rights]
Auction format: [Overbid increment, bid procedures, number of qualified bidders]
Acquirer's strategic objective: [Why does this buyer want these assets? What is the standalone value to acquirer?]

Liability analysis summary:
- Disclosed claims in schedules: [$X]
- Environmental exposure estimate: [$X — note 363 protection applicability]
- Successor liability residual risk: [$X — by category]
- Cure costs for assumed contracts: [$X]
- WARN Act exposure: [$X]
- Working capital deficit / stabilization cash needed: [$X]

Bid structure analysis:
1. Cash bid analysis: Starting from strategic value to acquirer, subtract all identified liability exposures (risk-adjusted) and operational stabilization costs to derive maximum supportable bid price
2. Credit bid option: If acquirer holds secured debt in the capital structure, analyze credit bid rights, valuation risk, and whether credit bid is preferable to cash bid
3. Assumed liability trade-offs: Model the value of assuming specific liabilities (e.g., cure costs for valuable contracts) vs. the cash price equivalent
4. Break-up fee sensitivity: If pursuing stalking-horse designation, model the cost of likely overbids against the information value and process control benefits of stalking-horse status
5. Liquidation floor validation: Confirm that proposed bid exceeds the liquidation value of individual assets — required for "best interests of creditors" standard

Output: Maximum supportable bid recommendation with supporting model + bid structure recommendation (cash vs. credit vs. hybrid) + assumed liability optimization + stalking-horse strategy recommendation

35. AI Due Diligence Final Report Compiler & Summarizer

Transform thousands of pages of workstream findings into a board-ready investment thesis validation document in hours, not weeks.

Pain Point & How COCO Solves It

The Pain: The Final Due Diligence Report Is the Most Important Deliverable That Receives the Least Systematic Attention

The final due diligence report is the culminating product of weeks of intensive multi-workstream investigation — the document on which investment committees, boards of directors, and transaction counsel rely to approve the most consequential decisions their organizations make. Yet the assembly of this document is typically an afterthought: a junior associate compiles workstream summaries submitted by functional leads, a partner edits for length, and the result is a lengthy, inconsistently formatted document that buries critical findings in appendices, fails to synthesize cross-workstream implications, and presents risks without adequate prioritization. Deal teams that conduct excellent workstream-level diligence frequently produce final reports that fail to communicate their findings effectively.

The structural problem is that individual workstream leads — financial, legal, operational, IT, commercial — are domain experts who write for their functional peers, not for investment committee generalists. A cybersecurity finding written by an IT due diligence specialist will correctly identify a SOC 2 Type II certification gap, but will not connect that finding to the revenue implications of a potential regulatory breach under GDPR, the D&O liability exposure created by inadequate board reporting, and the integration cost of implementing the remediation program. Cross-workstream synthesis — identifying how findings in one domain amplify or mitigate findings in another — is the highest-value output of due diligence and the least systematically produced. At most firms, this synthesis happens in conversation during partner meetings, is never written down, and is lost before the investment committee presentation.

Report assembly mechanics compound the problem. A typical deal generates 3,000–8,000 pages of data room documents, workstream notes, expert reports, management presentation materials, and legal memoranda. Distilling this into a 50–100 page investible report requires reading and synthesizing everything that happened across all workstreams — a task that falls on the most senior (and most expensive) deal team members at the exact moment when deal execution demands are also highest. The final sprint to assemble the diligence report consistently produces the most errors: misattributed statistics, inconsistent deal metrics across sections, findings that are mentioned in workstream summaries but not elevated to the risk section, and key deal considerations that never make it into the executive summary.

How COCO Solves It

Multi-Workstream Findings Aggregation and Normalization: COCO ingests all diligence outputs and creates a unified findings database:
- Ingests financial model workpapers, legal memoranda, commercial diligence reports, IT assessments, HR reviews, and management presentations from all functional workstreams
- Normalizes findings across different formats, reporting conventions, and terminology used by different workstream leads — resolves inconsistencies in how the same metrics are presented across sections
- Extracts all identified risks from each workstream and builds a unified risk register with consistent taxonomy: finding description, workstream source, financial impact quantification, probability assessment, and deal relevance
- Identifies contradictions and inconsistencies between workstreams — where financial findings conflict with commercial findings or legal risk assessment contradicts operational assessment
- Builds a comprehensive fact base with version control — ensuring that all statistics cited across the final report are sourced from the same document version and consistently defined
Cross-Workstream Synthesis and Amplification Analysis: COCO identifies compound risks that no single workstream can see:
- Maps how identified risks interact across domains — a customer concentration risk in commercial diligence combined with IT infrastructure dependency on the top customer's proprietary EDI system creates a compound risk that neither workstream individually quantifies
- Builds risk amplification chains: "Finding A in workstream X makes Finding B in workstream Y worse by [quantified mechanism]" — presented as an integrated risk narrative rather than parallel workstream summaries
- Identifies risk offsets: where a finding in one workstream partially mitigates a concern in another — e.g., strong management depth partially offsets key person dependency risk identified in HR diligence
- Maps all findings to deal model sensitivities — shows investment committee which identified risks, if materialized, would move the model outside investment return parameters
- Identifies the three to five findings that represent the most critical read-through to deal pricing, structure, and conditions precedent
Executive Summary and Investment Thesis Validation: COCO produces board-ready summary materials:
- Drafts an executive summary structured around investment thesis validation — for each pillar of the investment thesis, presents the confirming evidence and the contradicting evidence from diligence
- Writes the "key deal considerations" section that distills the entire diligence process into the 5–7 most important insights that the investment committee must understand and accept to proceed
- Produces a risk-adjusted deal metric summary: headline deal metrics (EV/EBITDA, EV/Revenue) adjusted for identified liabilities, normalized earnings, and contingent considerations
- Drafts deal structure and pricing recommendation section with specific rationale grounded in diligence findings — recommended price adjustment, indemnification, escrow, or deal condition for each material finding
- Produces the management representation analysis: which management representations have been confirmed, which are unverifiable, and which have been contradicted by diligence
Risk Register Prioritization and Materiality Assessment: COCO applies structured risk prioritization:
- Scores all identified risks on three dimensions: financial impact (quantified in dollar terms), probability of occurrence (High/Medium/Low based on evidence quality), and detectability post-close
- Generates a risk heat map visualization — categorizes findings into Red (deal-critical), Amber (price/structure consideration), and Green (acceptable with monitoring)
- Writes deal-critical risk narratives for Red findings: what the finding is, what evidence supports it, what the financial impact is, and what deal structure mechanism is recommended to address it
- Produces "known unknowns" registry — areas where diligence was limited by data access and additional investigation is recommended before close
- Separates confirmed findings (supported by documentation) from management representations only (unverified claims) throughout the risk register
Representations and Warranties Summary and Coverage Map: COCO aligns diligence findings with SPA protections:
- Reviews the representations and warranties section of the draft SPA and maps each representation to the diligence findings that test its accuracy
- Identifies representations that are not supported by diligence evidence and flags them for enhanced warranty coverage or specific indemnification
- Produces the R&W insurance underwriter package — organizes diligence findings in the format required by R&W insurance underwriters for policy binding, with specific findings mapped to relevant reps
- Generates indemnification schedule support: for each identified issue that will be addressed by a specific indemnity, provides the supporting evidence, exposure quantification, and proposed cap and basket
- Drafts disclosure schedule review notes — identifies where management's proposed disclosure schedule disclosures are inadequate, overly broad, or in conflict with diligence findings
Final Report Production and Quality Assurance: COCO assembles the final deliverable with editorial discipline:
- Enforces consistent terminology, metric definitions, and financial figures across all sections — eliminates the most common error in due diligence reports (inconsistent numbers across sections from different workstream submissions)
- Generates a complete table of contents, cross-reference index, and appendix organization that enables investment committee members to navigate directly to supporting detail
- Produces an assumptions and limitations section that documents diligence scope, restricted access areas, and reliance on management representations — creating an appropriate legal record of diligence process
- Applies automated citation linking — every factual assertion in the report is traceable to a source document, creating an auditable diligence record for post-close disputes
- Generates an executive-facing one-page deal summary and a detailed working-level report from the same underlying finding database, calibrated for different audiences

Results & Who Benefits

Measurable Results

Report Assembly Time: Final diligence report assembly reduced from 3–5 weeks (partner-intensive) to 5–7 business days using COCO-assisted compilation, enabling faster committee presentations without sacrificing analytical depth
Cross-Workstream Finding Integration Rate: Manual report assembly integrates cross-workstream findings in 23% of applicable cases; COCO-assisted synthesis achieves 91% cross-workstream integration, surfacing an average of 4.2 compound risk insights per deal that would otherwise be missed
Consistency Error Rate: Metric inconsistency errors across report sections reduced from an average of 14 per report (manual compilation) to fewer than 2 per report (COCO-assisted compilation with consistency checking)
Investment Committee Preparation Time: Partner time spent preparing for investment committee review reduced by 60%, as report structure and supporting evidence mapping are pre-organized
Post-Close Finding Correlation: Acquirers using COCO-assembled final reports with comprehensive cross-workstream synthesis experience 44% fewer post-close surprises — findings that "appeared in diligence but weren't elevated" — within 18 months of close

Who Benefits

Deal Partners and Managing Directors: Produce final reports that accurately reflect the quality of workstream diligence without dedicating disproportionate senior time to assembly mechanics — maintaining deal pace while preserving analytical rigor.
Investment Committees and Boards of Directors: Receive executive summaries that present findings in a format optimized for decision-making — investment thesis validation, risk prioritization, and deal structure recommendations — rather than workstream-organized data dumps.
M&A Legal Counsel and SPA Negotiators: Use COCO's diligence-to-SPA mapping to directly inform specific indemnification provisions, disclosure schedule review, and R&W insurance package preparation.
Portfolio Monitoring Teams and Post-Close Integration Leaders: Inherit a complete, searchable diligence record with findings mapped to integration workstreams — enabling accountability for risk mitigation during the integration period and continuity of institutional knowledge as deal team members rotate off.

💡 Practical Prompts

Prompt 1 — Investment Thesis Validation Summary

You are compiling the executive summary of a due diligence final report. Draft an investment thesis validation summary that presents confirming and contradicting evidence for each pillar of the investment thesis.

Target company: [Company Name]
Acquirer / investor: [Name and type — strategic acquirer / PE firm / corporate VC]
Transaction: [Deal description — acquisition of 100% of shares / majority stake / asset purchase]
Purchase price: [$X] at [EV/EBITDA multiple] based on [LTM/NTM EBITDA of $X]
Investment thesis (as stated by deal team at process initiation):
1. [Thesis pillar 1 — e.g., "Market leader in a structurally growing segment with 35% market share and defensible IP"]
2. [Thesis pillar 2 — e.g., "Management team with proven track record of scaling SaaS businesses from $50M to $200M ARR"]
3. [Thesis pillar 3 — e.g., "Operational improvement opportunity: EBITDA margin expansion from 18% to 28% through SG&A rationalization"]
4. [Thesis pillar 4 — e.g., "International expansion optionality in DACH and Benelux"]

Diligence findings summary (paste workstream summaries):
[Paste commercial / financial / legal / operational findings]

For each thesis pillar:
- CONFIRMED evidence from diligence: [specific findings that support the pillar]
- CONTRADICTED or QUALIFIED evidence: [specific findings that weaken or complicate the pillar]
- NET ASSESSMENT: Thesis pillar confirmed / partially confirmed with caveats / requires structural protection

Output: Investment thesis validation table (pillar / confirming evidence / contradicting evidence / net assessment / deal implication) + overall investment thesis assessment (Strong / Conditional / Requires Renegotiation) + key deal considerations section listing the 5 most important insights from diligence

Prompt 2 — Risk Register Compilation and Prioritization

You are building the risk register for a due diligence final report. Compile all workstream findings into a prioritized risk matrix.

Target company: [Company Name]
Diligence workstream findings (paste all):

FINANCIAL FINDINGS:
[Paste financial due diligence key findings]

LEGAL FINDINGS:
[Paste legal due diligence key findings]

COMMERCIAL / MARKET FINDINGS:
[Paste commercial due diligence key findings]

OPERATIONAL / IT FINDINGS:
[Paste operational and technology due diligence key findings]

HR / MANAGEMENT FINDINGS:
[Paste HR and management due diligence key findings]

ESG / ENVIRONMENTAL FINDINGS:
[Paste ESG / environmental key findings]

Risk register compilation instructions:
1. Extract every identified risk from all workstream findings above — create a complete finding inventory
2. For each finding, assess: financial impact range ($), probability (H/M/L), and detectability post-close (High/Low)
3. Score each finding: Risk Priority = Impact x Probability (1-9 scale)
4. Categorize: RED (Priority 7-9 / deal-critical), AMBER (Priority 4-6 / price or structure consideration), GREEN (Priority 1-3 / acceptable with monitoring)
5. Identify cross-workstream compound risks — where findings in two workstreams together create risk greater than either alone

Output: Prioritized risk register table (finding / workstream / financial impact / probability / priority score / category / recommended deal mechanism) + top 10 RED/AMBER risks narrative + cross-workstream compound risk section + known unknowns registry

Prompt 3 — Deal Structure and Price Recommendation

You are drafting the deal structure and pricing recommendation section of a due diligence final report. Translate diligence findings into specific deal mechanics.

Target company: [Company Name]
Agreed price: [$X EV] / [$X equity value]
Deal structure as negotiated: [Cash / stock / earnout / seller note — describe current term sheet or LOI terms]

Key diligence findings requiring deal structural response:

RED FINDINGS (deal-critical):
1. [Finding — e.g., "Undisclosed EPA Superfund PRP status with estimated remediation cost of $8-15M"]
2. [Finding — e.g., "Customer concentration: top 3 customers = 67% of revenue; all contracts expire within 18 months"]
3. [Finding — e.g., "Management team: CEO and CTO have non-compete agreements expiring 6 months post-close"]

AMBER FINDINGS (price/structure consideration):
1. [Finding — describe]
2. [Finding — describe]
3. [Finding — describe]

GREEN FINDINGS (monitoring only):
[Brief list]

R&W insurance availability: [Is R&W insurance being pursued? Policy limit? Retention amount?]

For each RED and AMBER finding, recommend:
A. Specific indemnification provision (cap, basket, survival period, carve-in/carve-out from R&W policy)
B. Escrow / holdback recommendation (amount, duration, release conditions)
C. Purchase price adjustment (if finding justifies price reduction — quantify)
D. Condition precedent or closing condition (if finding must be resolved before close)
E. Post-close covenant or operating restriction (if ongoing monitoring or remediation required)

Output: Finding-by-finding deal structure recommendation table + total escrow/holdback sizing + net purchase price adjustment summary + conditions precedent list + R&W insurance coordination notes

Prompt 4 — Representations & Warranties Coverage Mapping

You are mapping due diligence findings to the representations and warranties section of the SPA to identify coverage gaps and inform specific indemnification provisions.

Target company: [Company Name]
Transaction document: [SPA / APA / Merger Agreement]

SPA representations and warranties (paste or summarize the key reps):
[Paste reps and warranties section or key provisions]

Diligence findings that test each representation:
[Paste diligence findings organized by subject matter]

R&W insurance policy: [Coverage: $X excess $Y retention / Not being pursued]

Mapping analysis:
For each material representation:
1. SUPPORTED: Diligence evidence confirms the representation is accurate — cite specific supporting evidence
2. UNVERIFIED: Representation makes a factual claim that could not be independently verified in diligence — flag for enhanced warranty coverage
3. CONTRADICTED: Diligence evidence contradicts or qualifies the representation — recommend specific indemnification or price adjustment

Additional analysis:
4. Identify representations not covered by R&W insurance (intentional fraud carve-outs, known issues, specific indemnity items)
5. Review seller's proposed disclosure schedule — identify disclosures that are inadequate, overly broad, or missing
6. Identify any representations that should be added to the SPA based on material risks identified in diligence that are not currently covered

Output: Rep-by-rep coverage assessment table + R&W insurance carve-out list + specific indemnity candidate list + disclosure schedule deficiency notes + recommended additional representations

Prompt 5 — Final Report Quality Check and Consistency Audit

You are conducting a final quality assurance review of a due diligence report before it is distributed to the investment committee. Identify inconsistencies, gaps, and editorial issues.

Report sections to review: [List sections provided — Executive Summary / Financial / Legal / Commercial / Operational / Risk Register / Deal Structure Recommendation]

Report content: [Paste the full draft report or key sections]

Quality assurance checks:

CONSISTENCY:
1. Identify all numerical metrics (revenue, EBITDA, margins, multiples, employee count) cited across different sections — flag any instances where the same metric is cited differently
2. Identify any terminology inconsistencies (e.g., "EBITDA" vs. "Adjusted EBITDA" used interchangeably without definition)
3. Confirm that the deal metrics in the executive summary match the deal metrics in the financial section

COMPLETENESS:
4. Identify any risk mentioned in a workstream section that does not appear in the Risk Register
5. Identify any Risk Register finding that is not addressed (even if dismissed) in the deal structure recommendation section
6. Confirm that all "known unknowns" flagged by workstream leads are captured in a limitations section

EDITORIAL:
7. Identify any section that makes a claim without supporting evidence citation
8. Flag any contradictions between sections (e.g., commercial section says customer relationships are strong; legal section discloses a pending customer dispute)
9. Identify executive summary claims that overstate or understate the workstream findings they purport to summarize

Output: Consistency error log (metric / section A value / section B value / recommendation) + completeness gap list + editorial issue list + priority corrections required before distribution

Due Diligence Analyst ​

1. AI Subsidiary & Affiliated Entity Mapper ​

2. AI Beneficial Owner Identification Engine ​

3. AI Sanctions & PEP Screening Orchestrator ​

4. AI Litigation Record Search & Timeline Builder ​

5. AI Business Registration Verification Assistant ​

6. AI Corporate History Timeline Reconstructor ​

7. AI Director & Officer Background Check Engine ​

8. AI IP Portfolio Integrity Analyzer ​

9. AI Tax Compliance Gap Detector ​

10. AI Financial Health & Solvency Assessor ​

11. AI Related Party Transaction Risk Analyzer ​

12. AI Anti-Bribery & FCPA Compliance Checker ​

13. AI Shell Company Detection & Risk Scorer ​

14. AI Data Room Organization & Gap Identifier ​

15. AI Cross-Border M&A Regulatory Risk Mapper ​

16. AI Supplier Integrity & Third-Party Risk Profiler ​

17. AI Investment Target Red Flag Screener ​

18. AI VIE Structure Unwinding & Risk Analyzer ​

19. AI Adverse Media & Reputational Risk Monitor ​

20. AI Environmental Liability & ESG Risk Scanner ​

21. AI Key Person Dependency Risk Assessor ​

22. AI Regulatory License & Permit Verification Engine ​

23. AI Debt & Lien Encumbrance Search Aggregator ​

24. AI Customer Concentration Risk Analyzer ​

25. AI Cybersecurity Posture Due Diligence Reviewer ​

26. AI Employment & Labor Law Compliance Auditor ​

27. AI Real Property & Asset Title Verification Tool ​

28. AI Post-Merger Integration Risk Pre-Assessment ​

29. AI Insurance Coverage Gap & Claims History Reviewer ​

30. AI Management Team Credibility & Track Record Verifier ​

31. AI Joint Venture Partner Due Diligence Engine ​

32. AI Government Contract & Debarment History Checker ​

33. AI Cross-Jurisdictional Compliance Framework Mapper ​

34. AI Distressed Asset & Bankruptcy History Analyzer ​

35. AI Due Diligence Final Report Compiler & Summarizer ​

Due Diligence Analyst

1. AI Subsidiary & Affiliated Entity Mapper

2. AI Beneficial Owner Identification Engine

3. AI Sanctions & PEP Screening Orchestrator

4. AI Litigation Record Search & Timeline Builder

5. AI Business Registration Verification Assistant

6. AI Corporate History Timeline Reconstructor

7. AI Director & Officer Background Check Engine

8. AI IP Portfolio Integrity Analyzer

9. AI Tax Compliance Gap Detector

10. AI Financial Health & Solvency Assessor

11. AI Related Party Transaction Risk Analyzer

12. AI Anti-Bribery & FCPA Compliance Checker

13. AI Shell Company Detection & Risk Scorer

14. AI Data Room Organization & Gap Identifier

15. AI Cross-Border M&A Regulatory Risk Mapper

16. AI Supplier Integrity & Third-Party Risk Profiler

17. AI Investment Target Red Flag Screener

18. AI VIE Structure Unwinding & Risk Analyzer

19. AI Adverse Media & Reputational Risk Monitor

20. AI Environmental Liability & ESG Risk Scanner

21. AI Key Person Dependency Risk Assessor

22. AI Regulatory License & Permit Verification Engine

23. AI Debt & Lien Encumbrance Search Aggregator

24. AI Customer Concentration Risk Analyzer

25. AI Cybersecurity Posture Due Diligence Reviewer

26. AI Employment & Labor Law Compliance Auditor

27. AI Real Property & Asset Title Verification Tool

28. AI Post-Merger Integration Risk Pre-Assessment

29. AI Insurance Coverage Gap & Claims History Reviewer

30. AI Management Team Credibility & Track Record Verifier

31. AI Joint Venture Partner Due Diligence Engine

32. AI Government Contract & Debarment History Checker

33. AI Cross-Jurisdictional Compliance Framework Mapper

34. AI Distressed Asset & Bankruptcy History Analyzer

35. AI Due Diligence Final Report Compiler & Summarizer