iGaming diligence is structurally different from generic M&A. Player file integrity, regulatory standing, KPI definition discipline, and operator-side execution dependency shape transactions in ways that generic frameworks miss. The checklist below covers the dimensions that matter and the verification approach that produces clean transactions for both sides.
Why iGaming diligence is different from generic M&A
Three structural differences. First, iGaming operators carry regulatory exposure that other industries do not. Open regulator findings, licence-renewal uncertainty, and compliance posture issues can materially shift transaction economics in days. Generic M&A diligence does not account for this depth of regulatory specificity.
Second, iGaming KPIs are loosely defined across the industry. CAC, LTV, retention, NGR, GGR each have multiple operating definitions and operators frequently use different definitions internally than they report externally. Buyer diligence requires KPI rebuild from underlying data rather than acceptance of seller-reported numbers.
Third, iGaming operators have specific dependency structures (platform, payments, affiliate, CRM, content) where single-vendor dependencies create transaction risk that generic diligence does not catch. The vendor and platform mapping matters more in iGaming than in many adjacent industries.
Financial diligence: GGR, NGR, EBITDA, hold variance
GGR and NGR rebuild from transaction-level data. Buyer teams should rebuild GGR and NGR from underlying transaction-level data covering at least 24 months. The rebuild verifies definition consistency, reveals measurement gaps, and may produce different numbers than seller reporting.
EBITDA quality of earnings analysis. Adjustments for one-time items, working capital normalisations, capitalised expense reviews. Generic Q-of-E approaches with iGaming-specific overlay (game royalty timing, jackpot liability accruals, bonus expense classification).
Hold variance analysis. Sports betting hold variance can swing financial results materially. Buyer diligence should normalise hold variance over multi-year periods to assess underlying economic performance separately from variance noise.
Bonus expense classification. Some operators classify bonus expense as marketing rather than as NGR reduction. The classification choice materially affects reported margin. Buyer diligence should standardise the classification across the analysis period.
Working capital and float. Player liability balances, jackpot accrual, payment-processing float, regulatory reserve requirements. Operators with weak working capital discipline face liquidity risk during transition.
Regulatory diligence: licence stack and ongoing compliance
Licence inventory and standing. Complete inventory of active licences across jurisdictions, current standing with each regulator, renewal timelines, and any conditions attached to current licences. Active findings should be documented with current status.
Regulator correspondence review. All regulator correspondence over the prior 24 months minimum. Findings, queries, audits, and operator-side responses. Reviews should identify patterns that suggest compliance posture issues even without formal findings.
Change-of-control implications. Most regulators require notification or approval for change-of-control. The specific requirements vary by jurisdiction. Buyer diligence should map every required notification and the timeline implications.
AML and KYC framework. AML policy adequacy, MLRO independence, source-of-funds verification depth, transaction monitoring effectiveness. Sample testing of player files at the diligence stage reveals framework weaknesses that aggregate reports may obscure.
Responsible gambling framework. RG policies, intervention records, affordability check implementation, marketing compliance with RG rules. RG framework weaknesses produce regulatory exposure that buyers must price.
Player file integrity: KYC, source-of-funds, RG framework
KYC documentation completeness. Statistical sampling across the player base verifies KYC completeness at meaningful confidence levels. Operators with KYC gaps face regulatory exposure that buyers price at the worst-case scenario plus risk premium.
Source-of-funds documentation depth. For high-value players (typically top 5 to 10 percent), source-of-funds documentation should be complete and recent. Sampling should verify that documentation matches actual deposit patterns.
RG intervention records. For players where RG intervention should have occurred (deposit limit breaches, time-on-site warnings, problem gambling indicators), records should demonstrate that intervention happened. Gaps signal compliance weakness.
Self-exclusion and cooling-off integrity. CRUKS, GAMSTOP, OASIS, and equivalent self-exclusion integrations should be technically functional and operationally compliant. Specific test scenarios verify the integrations actually work.
Player liability reconciliation. Player liability balance should reconcile cleanly to underlying transaction history. Reconciliation gaps signal potential player file integrity issues.
KPI definition discipline: CAC, retention, LTV, day-30
CAC definition and rebuild. Buyer-side rebuild of fully-loaded CAC including media spend, affiliate cost (CPA plus revenue share converted), creative production, and brand investment amortised. Operator-reported CAC frequently understates true acquisition cost.
LTV definition and methodology. Specific cohort-based LTV calculation with documented assumptions, retention curve projection methodology, and discount rate assumptions. Operators with loose LTV methodology face buyer-side recalculation that almost always produces lower numbers.
Retention rate definitions. Day-30, day-90, day-365 retention rates with explicit definitions: deposit-based versus session-based, cohort start methodology, deposit threshold for inclusion. The definition affects the number materially.
Cohort consistency over time. KPIs reported on consistent cohort definitions across reporting periods. Operators that change cohort definitions silently produce KPI trends that do not reflect underlying performance.
Channel attribution. Specific attribution methodology, treatment of organic and direct traffic, brand-spend attribution to lower-funnel channels. Attribution choices affect reported channel ROI materially.
Vendor contracts and dependency mapping
Platform contracts. Platform agreement terms, change-of-control implications, exclusivity provisions, term renewal, fee structures. Single-platform dependency is the highest-leverage vendor risk for most operators.
Payment provider relationships. Active PSP relationships, banking depth of each, change-of-control triggers, fee structures, settlement timing. Concentration in single PSP creates transition risk.
Affiliate programme contracts. Top-10 affiliate concentration, contract terms, change-of-control implications, retention risk through transition. Operators with affiliate revenue concentration face transition-risk discount.
CRM platform contracts. Active CRM platform agreement, data ownership terms, transition cost if switching becomes necessary, integration depth. CRM platform transitions are operationally complex.
Game content provider contracts. Top game provider relationships, exclusivity arrangements, fee structures, content roadmap commitments. Game library quality is a competitive driver.
Cloud and infrastructure contracts. AWS, GCP, or equivalent infrastructure relationships, data residency commitments, multi-cloud posture, transition cost.
Technology stack: platform, integrations, IP ownership
Platform architecture review. Core platform technology (proprietary, white-label, hybrid), scalability characteristics, technical debt, integration complexity. Buyers should understand whether the platform is genuinely operator-owned or whether transition would require platform replacement.
IP ownership and licensing. Brand, trademark, and copyright ownership documentation. Software code ownership and any embedded third-party code with licensing implications. IP transfer mechanics for the transaction.
Data architecture and security. Data warehouse architecture, data residency, security posture, breach history, encryption standards, access control. Data security findings can produce material transaction risk.
Integration depth across the stack. Number of integrations, complexity, maintenance burden, technical debt. Operators with deep complex integrations face higher transition risk.
Team retention and key-person risk
Key-person identification. Specific individuals whose departure would materially affect operator performance. Founder-CEO, founder-CTO, and senior commercial leaders typically qualify. The diligence should identify who carries the operational knowledge.
Retention agreements. Existing retention or earn-out structures for key personnel. Buyer-side retention package design for the transaction. Specific provisions for the founder rollover or exit timeline.
Team composition and morale. Senior team tenure, recent departures, hiring trends, employee satisfaction signals. High recent senior turnover signals potential transition risk.
Compensation framework. Salary benchmarks against market, equity programme structure, bonus framework, post-transaction continuation. Buyer-side compensation continuity matters for retention.
Knowledge documentation. Documentation of operational processes, regulatory knowledge, customer relationships, vendor relationships. Operators where knowledge is concentrated in individuals rather than systems face higher transition risk.