Tax & Compliance8 min readMay 14, 2026

Tax Risk Management in Exits: What Investors Check During Due Diligence

Unremediated sales tax exposure is one of the top three reasons SaaS acquisitions receive valuation haircuts in 2026. This guide maps exactly what investors look for and how to fix exposure before the process begins.

Introduction

You've built a great product, found a buyer, and entered due diligence. Then the tax review starts. In 2026, tax due diligence for SaaS companies has become significantly more sophisticated — and more likely to surface issues that affect deal value.

Understanding what investors and acquirers check — and fixing it before they look — is one of the highest-leverage pre-exit activities a founder can undertake.

Why Tax Risk Has Increased in 2026

Three factors have elevated tax risk as a deal issue:

1. Automated state audits: Revenue departments now use AI-powered tools to cross-reference payment processor data with nexus registrations, flagging non-compliant companies automatically

2. Post-Wayfair enforcement maturity: States that passed economic nexus laws in 2018–2020 have now completed their first full enforcement cycles and are aggressively pursuing back-tax collections

3. Heightened buyer awareness: Tax exposure has been the cause of enough failed or damaged deals that every serious M&A attorney now includes a full nexus analysis as a standard diligence item

The Due Diligence Checklist

During 2026 funding rounds and acquisitions, investors and their advisors scrutinize the following:

Nexus History

Has the company monitored thresholds since day one?

Investors will pull your billing data and run a retroactive nexus analysis — typically going back 4 years. They will identify every state where you crossed a threshold and compare it against your registration history.

What they want to see: A documented nexus monitoring process, even if informal, showing you tracked state-by-state revenue against thresholds.

Red flag: No nexus history at all — suggesting the issue was never considered.

Exemption Certificate Policy

Are signed exemption certificates on file for every tax-free B2B transaction?

Many SaaS companies accept verbal or email claims of tax-exempt status from customers. In a sales tax audit, only a signed, state-specific exemption certificate is accepted as proof.

What they want to see: A documented process for collecting certificates at contract signing, with a complete file of certificates for all exempt customers.

Red flag: "Our customers told us they were exempt" — with no certificates on file.

Classification Accuracy

Was the product correctly classified as SaaS (service) or downloaded software in every state?

If your product classification changed over time — for example, you added a desktop app in 2024 — investors will want to see that you updated your tax treatment accordingly.

What they want to see: A written tax classification memo, updated whenever the product delivery model changed.

Red flag: No documented classification position, or a classification that conflicts with how the product actually works.

Filing Completeness

Are returns filed and paid in all states where you have nexus?

What they want to see: Complete filing history with zero outstanding assessments.

Red flag: States where you have nexus but no registration or filing history.

Quantifying the Exposure

Investors will model your tax exposure as follows:

Total Exposure = s = 1 \sum n (R_{s} \times t_{s} \times P)

Where:

$R_{s}$ = revenue in state $s$ during the open audit period
$t_{s}$ = applicable tax rate in state $s$
$P$ = penalty and interest multiplier (typically 1.3–1.5x for 3–4 years of non-compliance)

A company with $5M in unregistered Texas sales over 4 years faces approximately:

$5, 000, 000 \times 8.25% \times 1.4 = $577, 500 total liability

This amount is typically deducted from the purchase price or held in escrow.

The VDA Solution

If you discover significant exposure during pre-exit preparation, the standard 2026 solution is a Voluntary Disclosure Agreement (VDA).

What a VDA Does

Limits the look-back period (typically to 3–4 years, vs. unlimited for non-voluntary disclosures)
Waives or significantly reduces penalties
Provides a clear, documented path to compliance
Results in a "clean" compliance status that satisfies due diligence

VDA Timing

File VDAs before you enter a formal sale process. Once a buyer's advisor has identified the exposure, the VDA benefit is reduced — buyers will still discount for the liability even if you're in the process of resolving it.

The optimal timeline: 12–18 months before a planned exit, file VDAs in all states with unregistered exposure.

VDA Cost vs. Non-VDA Cost

Scenario	Typical Cost
VDA (penalties waived, limited look-back)	Tax owed only
State-initiated audit (full look-back + penalties)	Tax owed × 1.4–1.8x
Deal haircut from unresolved exposure	Tax owed × 2–3x (buyer risk premium)

VDAs are almost always the lowest-cost path.

The Pre-Exit Tax Checklist

Begin this process at least 12 months before a planned exit:

Commission a nexus analysis for all 50 states + DC for the past 4 years
Identify all states where thresholds were crossed but registration did not occur
File VDAs in all unregistered nexus states
Collect missing exemption certificates from all tax-exempt customers
Document your product classification position in a written tax memo
Ensure all registered states have complete, filed returns with no outstanding balances
Prepare a "Tax Compliance Summary" document for the data room

Use ProfitMetric's Tax & Compliance Nexus Checker to generate your nexus analysis as the first step in this process.

PreviousHow 2026 Privacy Laws Impact Your Ability to Calculate Sales Tax NextCalculating TCO for AI Agents in 2026

Command Palette