Learn how to create a due diligence checklist using AI, turning a 6-hour checklist building into 45-minute strategic sessions. This practical guide reveals the layered prompting method that impressed senior partners and transformed how lawyers approach transaction planning.
Table of Contents
Introduction
Three weeks after Neha’s “cleaner and more comprehensive than the Big Four checklist” comment, my phone buzzed.
“That checklist you built for the SaaS deal,” came the voice of Rajesh, our senior partner. “Walk me through how you actually did it.“
I was not surprised. Word travels fast in law firms, especially when something works.
The Series C due diligence had closed without any major surprises, and more importantly, we were able to catch that IP assignment gap early enough to fix it before it became a deal-breaker.
But this is what caught me off guard.
Rajesh had been practicing M&A law for fifteen years.
He had seen every template, every Big Four checklist, every “industry standard” approach. Why was he asking a three-year associate to show him the ropes?
“Because,” he said when I asked, “I spent four hours last week building a checklist for a fintech deal, and it still felt incomplete. You did something in 40 minutes that impressed everyone in that room.“
Fair point.
“Alright,” I said, sharing my screen. “Let me show you exactly how I did it—and more importantly, how you can do it better.“
What happened next was not just a tutorial.
It was watching an experienced lawyer discover that AI was not going to replace his expertise—it was going to make him unstoppable.
The setup: why lawyers struggle with AI
“Show me what you did,” Rajesh said, settling into the chair across from my desk.
I pulled up Claude. “Before we start, tell me about your last checklist. What was frustrating about it?“
He laughed. “Everything. I spent forever trying to remember what I had missed in previous deals. Kept switching between old files, industry templates, and my own notes. By the time I finished, I was not sure if I had covered everything or just covered the same things three times.“
After hearing what he said, I told him. “This is where AI comes in handy. You do not need to remember everything.“
The key to using AI is to be specific. You must know
- what you want
- why you want it
- who you are dealing with, and
- what matters most to your client.
“Let me show you the wrong way first,” I said, typing into Claude:
“Create a due diligence checklist for an M&A transaction.” Click here to see the conversation with Claude and here to see the checklist.
The response was exactly what you would expect from a generic prompt.
A long items checklist covering everything from “Articles of incorporation and bylaws” to “Environmental compliance and assessments.” It read like a law school textbook—comprehensive but completely useless for decision-making. No prioritisation, no context, no sense of what actually matters for this specific deal.
“Now watch this,” I said, clearing the prompt and starting over.
“I am acting as counsel to a private equity fund acquiring a 60% stake in an Indian fintech company that processes payments for e-commerce platforms. The target company has NBFC license, processes Rs 500 crore monthly, and has 150 employees across Mumbai and Bangalore. Create a due diligence checklist that prioritises regulatory compliance, data security, and operational scalability.“
Click here to see the conversation with Claude and here to see the checklist.
Rajesh’s eyebrows shot up as Claude’s response populated the screen.
This time, Claude delivered something completely different.
Instead of generic corporate governance, we got “NBFC Certificate of Registration – validity, conditions, and compliance status” and “Payment Aggregator License status (if applicable under new RBI guidelines).”
Instead of vague security requirements, we saw “PCI DSS Level 1 Compliance – QSA reports and remediation status” and “Data localisation compliance – storage of payment data within India.”
“Holy shit,” Rajesh said, scrolling through the response. “This actually tells me what I need to verify.”
“That is the difference,” I explained. “Context turns Claude from a template generator into a thinking partner.“
Author’s Note: Your results will look different (and that’s perfectly normal)
If you try these exact prompts, don’t expect identical responses. AI models generate different outputs each time—even with the same input. You might get different examples, alternative structures, or varied priorities. This isn’t a bug, it’s a feature. What matters isn’t matching my examples exactly. It’s understanding the principles: be specific, provide context, iterate through layers, and customise for your client’s needs. Your “different” response might actually be better suited to your specific situation. So, if your fintech checklist focuses on different regulatory areas or suggests alternative priorities—good! That’s the system working as intended.
The method: building checklists that actually work
Rajesh leaned forward.
“Okay, I am convinced. But how do you structure this? Do you just dump everything into one massive prompt?“
“God, no.” I laughed, remembering my early mistakes. “I tried that once. Asked Claude to create a comprehensive checklist for a pharma acquisition covering legal, financial, regulatory, IP, environmental, and HR issues all at once.“
“What happened?“
“Chaos.”
“A 200-item list with massive overlap, no prioritisation, and half the items were either too vague or completely irrelevant. It was like asking someone to describe every tree in a forest instead of helping you navigate through it.“
The breakthrough came when I realised Claude works best in layers.
Think of it like cross-examination—you do not ask everything at once.
You build your case piece by piece.
“Here is my process,” I said, pulling up the fintech example again. “Five distinct conversations, each with a clear purpose.“
Layer 1: – The foundation
“Start with corporate and structural issues. This is where experienced lawyers have the biggest advantage—you know what matters.“
I typed: “Focus only on corporate structure and governance issues for the fintech acquisition. The target company raised Series A two years ago and is planning Series B. What corporate due diligence items should I prioritise?“
Click here to see the conversation with Claude and here to see the checklist.
Claude’s response was surgical: “Series A investment documents – SHA, SSA, AoA amendments,” “Anti-dilution provisions triggered in Series A and ongoing protection,” and “Pre-emptive rights of existing shareholders for Series B.”
“Look at this,” I pointed to the screen. “It is not asking for generic incorporation docs. It understands this company raised Series A and is planning Series B. It knows exactly what complications to look for.“
Layer 2: – The regulatory deep dive
“This is where you leverage Claude’s ability to cross-reference multiple regulatory frameworks.”
New prompt: “Now focus solely on regulatory compliance for an NBFC-licensed payment aggregator processing Rs 500 crore monthly. Include RBI guidelines, PMLA requirements, and any recent regulatory changes.“
Click here to see the conversation with Claude and here to see the checklist.
Claude delivered exactly what we needed: “NBFC Annual Returns (Form NBS-1, NBS-2, NBS-3) for past 3 years,” “Payment Aggregator License status (if applicable under new RBI guidelines),” and “Enhanced KYC requirements implementation for merchant onboarding.”
“I have been practicing fintech law for three years,” Rajesh said, “and I missed half of those requirements in my last checklist.“
Layer 3: The Operational Reality Check
“This is where you get into the business of the business.”
Prompt: “For the same fintech company, create due diligence items focused on operational scalability and technology infrastructure. Consider that they’re processing high-volume transactions and planning to scale to Rs 2000 crore monthly.“
Click here to see the conversation with Claude and here to see the checklist.
The response was immediately actionable:
- Current processing volumes vs. system capacity,
- Auto-scaling capabilities and stress testing results, and
- Technology debt assessment and modernisation roadmap.
It understood we were not just checking if systems work—we needed to know if they could handle 4x growth without breaking.
“Now it’s not just legal,” I explained. “It’s strategic. These are the operational issues that could kill the deal even if all the legal boxes are checked.“
Layer 4: The Risk Assessment
“Here is where your experience becomes invaluable,” I told Rajesh. “Claude can identify risks, but you need to weigh them.”
I continued: “Identify the top 10 deal-breaker risks for this fintech acquisition, considering the current regulatory environment and recent RBI enforcement actions.“
Click here to see the conversation with Claude and here to see the checklist.
Claude identified the real deal-killers:
- Missing Payment Aggregator-Physical (PA-P) Authorisation with the critical May 31, 2025 deadline,
- Capital Adequacy Ratio (CAR) Non-Compliance that could trigger immediate business restrictions, and
- “FIU-IND Registration Non-Compliance” that recently cost Binance Rs 18.82 crore in penalties.
These were not theoretical risks—they were specific regulatory traps that could kill the deal.
“But here is the thing,” I said, pointing at the screen. “Claude flagged merchant concentration risk, but it doesn’t know that this particular client already has that covered through their business model. That’s where you come in.“
Layer 5: The Client Filter
“Final layer—make it client-ready.”
Last prompt: “Reorganise these due diligence items by priority for a private equity investor focused on regulatory stability and scalability potential. Separate into ‘deal-breaker,’ ‘significant concern,’ and ‘standard verification’ categories.“
Click here to see the conversation with Claude and here to see the checklist.
Claude restructured everything. Deal-breakers at the top (license compliance, data security), significant concerns in the middle (operational scalability, key personnel), standard items at the bottom.
“Now you have a tool, not just a list,” I explained.
Rajesh was quiet for a moment, scrolling through the organised checklist. “This would have taken me six hours to build from scratch. How long did this take?“
“About forty-five minutes. But here is the important part—those forty-five minutes were focused thinking time. Not copying from old files or trying to remember what I forgot last time.“
The mistakes: what not to trust Claude with
“Alright, I am sold,” Rajesh said.
“But what are the traps? Where does this go wrong?“
Smart question. I had learned this the hard way.
“Four big ones,” I said, pulling up examples from my early disasters.
Trap 1: geographic confusion
“Claude sometimes mixes jurisdictions.
Last month, it suggested SEC filing requirements for an Indian company and SEBI requirements for a US subsidiary.
Always double-check jurisdictional logic.“
Trap 2: Scale Blindness
“It does not always adjust for company size.
I once got a checklist that included compliance requirements for 500+ employee companies when we were looking at a 25-person startup.
The regulatory burden would have been completely wrong.“
Trap 3: Template Thinking
“Claude loves comprehensive lists.
But comprehensive is not always useful.
Sometimes you need a focused 20-item checklist, not an exhaustive 100-item one. You have to tell it what level of detail you actually need.“
I showed him an example where I had asked for a “complete” IP due diligence checklist and got 47 items, including trademark searches in countries the client would never operate in.
“The fix is simple,” I explained.
“Always include constraints in your prompts. ‘Top 15 priority items,’ or ‘focus on issues relevant to a $10M transaction,’ or ‘suitable for a 2-week due diligence timeline.‘”
Trap 4: The replication expectation
“Here’s something that trips up first-time users,” I told Rajesh. “They try my exact prompts, get different results, and think they’re doing it wrong.”
“But AI responses vary every time—even with identical inputs. You might get different examples, alternative structures, or varied focus areas. That’s not a failure; it’s how these systems work.”
“The value is in the method: specific context, layered prompting, client-focused iteration. Your ‘different’ results might actually be better suited to your specific situation than my examples.”
The practice run: Rajesh takes the wheel
“Let me try this myself,” Rajesh said, cracking his knuckles.
“I have got a live deal. Healthcare IT company, B2B SaaS model, selling to hospitals and clinics. Indian company, but they have got some US clients.“
Perfect.
Real stakes, real timeline pressure.
I watched him open a fresh Claude session. His first instinct was old-school: “Create a due diligence checklist for healthcare IT acquisition.“
Click here to see the conversation with Claude and here to see the checklist.
“Stop,” I said. “What did we just learn?“
He paused, deleted the prompt, and started over. “Right. Context first.”
“I am advising on the acquisition of an Indian healthcare IT company that provides SaaS solutions to 200+ hospitals and clinics. The company has both Indian and US clients, processes patient data, and generates Rs 80 crore ARR. The acquirer is a larger healthcare services company looking to expand their technology offerings. Create a checklist focusing on regulatory compliance and data security issues.“
Click here to see the conversation with Claude and here to see the checklist.
Much better.
The difference was immediate.
Instead of generic compliance items, Claude generated
- Business Associate Agreements (BAAs) with all US healthcare clients,
- DPDP compliance readiness assessment and implementation status, and
- Telemedicine Practice Guidelines 2020 compliance.
It understood this was not just any SaaS company—it was processing patient health data across two regulatory jurisdictions.
“Holy shit,” Rajesh muttered, then looked up.
“Sorry. But this is exactly what I was struggling with yesterday. I knew HIPAA was relevant, but could not remember all the specific requirements for SaaS providers.“
“This is interesting,” Rajesh said, scrolling through Claude’s healthcare checklist. “Some of these items are different from what you showed me in the fintech example—even the structure is organised differently.”
“Exactly,” I replied.
“That’s one thing people do not realise about AI. Every conversation is unique. If ten lawyers used my exact prompts, they would get ten different checklists. Same principles, different execution.”
“Is that a problem?”
“It’s actually a strength. Your checklist might flag issues mine missed, or organise priorities in a way that better fits your thinking. The goal is not to replicate my results—it’s to leverage the method for your specific needs.”
He understood and got hooked to the result he got from his second prompt.
I watched him iterate through the layers:
- Regulatory layer: Healthcare licenses, software medical device regulations, and telemedicine compliance.
- Technology layer: Cloud infrastructure, data encryption, backup protocols, third-party integrations with EMR systems.
- Commercial layer: Customer contracts, SLA terms, data processing agreements, liability caps for healthcare clients.
- Operational layer: Clinical workflow integration, user training protocols, support escalation for critical healthcare systems.
“This is dangerous,” he said after twenty minutes.
“Why?“
“Because now I am going to want to do this for every deal.“
The format: making it work with your current systems
“Okay, last piece,” I said.
“You have got great content, but how do you actually use this? Most firms have their own DD tracking systems.“
This was crucial.
The best checklist in the world is useless if it does not integrate with how lawyers actually work.
“Show Claude your preferred format upfront,” I demonstrated. “Don’t make it guess.”
I added to Rajesh’s healthcare prompt: “Format the output as a table with columns for: Item Description, Document Required, Responsible Party (Legal/Finance/Tech), Priority Level (High/Medium/Low), and Status. Export as markdown for easy copy-paste into Excel.“
Click here to see the conversation with Claude and here to see the checklist.
Claude restructured everything perfectly. Neat tables, clear categories, ready to drop into any project management system.
“But here is the pro tip,” I said, “also ask for a summary version.“
Follow-up prompt: “Now create a 5-slide executive summary highlighting the top risk areas and critical documents needed for management presentation.“
Click here to see the conversation with Claude and here to see the checklist.
Boom.
A client-ready summary that you could present to the deal team without any additional work.
“The goal is not to replace your process,” I explained. “It is to make your process faster and more thorough.“
Rajesh nodded, already copying the formatted checklist into his firm’s deal tracker. “I can see this saving hours on every transaction. Not just the initial checklist, but the client communications, the team coordination, everything.“
He paused. “Why aren’t more lawyers doing this?“
The reality check: why this is not magic
Good question. I had been wondering the same thing since my first success with the Series C deal.
“Three reasons,” I said.
“First, most lawyers try it once, get a generic result, and give up. They do not realise it is about the conversation, not the first prompt.“
“Second, there is the expertise trap.
Senior lawyers think they do not need help with checklists because they have done hundreds of deals. But that is exactly why this works so well—it amplifies what you already know instead of teaching you something new.“
“Third,” I continued, “lawyers are terrified of missing something. They would rather spend six hours building a checklist they trust than forty-five minutes building one they need to verify.“
But here is what I have learned after six months of using this approach: the verification step is where the real value lies. When Claude gives you a comprehensive checklist, you’re not starting from scratch—you’re editing, prioritising, and customising. That’s a completely different cognitive process, and it’s faster and more thorough.
“Plus,” I added, “you catch things you wouldn’t have thought of. That IP assignment gap in Neha’s deal? I might have missed that in a traditional checklist build. Claude flagged it because it understands the connection between ESOP grants and IP assignment requirements.”
The bigger picture: what this means for legal practice
Rajesh leaned back in his chair, looking at his completed healthcare IT checklist. “This changes how I think about preparation time.“
He was right.
This is not just about faster checklists—it’s about redirecting lawyer time from administrative tasks to strategic thinking.
“Before this,” he said, “I would spend the first day of any due diligence project just trying to remember what I needed to cover. Now I can spend that time thinking about what matters most for this specific deal.“
That is the shift.
Instead of rebuilding the wheel every time, you are customising a high-quality starting point. Instead of hoping you did not forget something important, you are focusing on deal-specific risks and client priorities.
“But you still need to know what you’re doing,” I emphasised.
“Claude cannot tell you that a particular regulatory requirement does not apply to your client’s specific situation, or that the client’s risk tolerance means you should focus on operational issues over compliance details. That’s where experience matters.“
“It is not replacing lawyer judgment,” Rajesh said. “It is making lawyer judgment more effective.“
Exactly.
The next step: building your own system
“Alright,” Rajesh said, closing his laptop. “I am convinced. But how do I actually implement this? Do I need to restructure how our team works?“
“Start small,” I advised. “Pick your next deal and use this approach for just one section—maybe regulatory compliance or IP issues. See how it feels. Get comfortable with the iterative prompting.“
“Then expand. Once you have got a system that works for you, you can train your team. But don’t try to change everything at once.“
I also suggested he build a prompt library. “Keep track of the prompts that work well for different deal types. You’ll start to see patterns—certain phrases that consistently get better results, certain structures that Claude responds to well.“
“Most importantly,” I said, “remember that this is a tool, not a replacement. Your expertise is what makes the output valuable. Claude gives you comprehensive coverage, but you provide the wisdom about what actually matters.“
Three months later, Rajesh texted me: “Just closed the healthcare IT deal. Your checklist approach caught a data localisation issue that could have been a nightmare post-closing. The client wants to know if we can do this for all their deals.“
That is when you know it’s working. Not when the AI is impressive, but when the results are better than what you could have achieved alone.
The future of legal practice is not about lawyers versus AI. It’s about lawyers with AI versus lawyers without it. And honestly, it’s not much of a contest.
Allow notifications
