Best Company Secretary Firm in India | Bhavya Sharma & Associates

Call Us: +91-9217282889
Best CS Firm in Delhi | Best CS Firm in Bangalore | Best CS Firm in Mumbai | Best Company Secretary firm in Delhi | Best Company Secretary firm in Bangalore | Best Company Secretary firm in Mumbai
Menu

VC Due Diligence Red Flags: The 47 CS Issues That Kill Indian Startup Fundraises (2026 Guide)

DUE DILIGENCE & FUNDRAISING COMPLIANCE

VC Due Diligence Red Flags: 47 Company Secretarial Issues That Delay or Derail Indian Startup Fundraises (2026 Guide)

A practitioner checklist by CS Bhavya Sharma — company secretarial issues commonly found during Indian startup fundraise diligence, what each signals to investors, and how to address them before your data room opens.

14 Min ReadUpdated March 2026Series A / Due Diligence
0
CS red flags catalogued in this guide
0
Compliance categories covered
0
Day pre-fundraise fix timeline
CS Bhavya Sharma

CS Bhavya Sharma, FCS

Founder & Company Secretary, Bhavya Sharma & Associates | Delhi-NCR

Having handled company secretarial work for early-stage and growth-stage Indian startups across Delhi-NCR and beyond, I have reviewed data rooms where a single missing board resolution caused weeks of fundraising delay. This guide consolidates the most common compliance gaps we encounter — and how founders can address them proactively.

1. Why CS Red Flags Stall Indian Startup Fundraises

Across our engagements with early-stage and growth-stage Indian startups, a consistent pattern emerges: founders who have built strong products are frequently caught off guard in the data room by company secretarial issues that had been accumulating quietly for months or years.

These are not obscure regulatory traps. They are well-defined compliance requirements under the Companies Act 2013, FEMA Regulations, and SEBI guidelines — requirements that a proactive company secretary should be managing as a matter of routine. When they are not addressed, the consequences during a fundraise range from week-long delays to valuation reductions to, in the most serious cases, deals being withdrawn by investors.

How investors approach this: Institutional investors and their legal counsel do not penalise founders for red flags that are disclosed proactively and have a clear resolution plan. What creates a trust deficit is red flags that are discovered during diligence rather than disclosed upfront — particularly those that suggest the company's governance has not been taken seriously. A missing board resolution from 2022 is not just a paperwork gap; in a 2026 diligence, it raises questions about every other board action taken around the same time.

This guide catalogues 47 company secretarial red flags organised across five categories, drawn from our experience with Indian startup compliance. Each entry includes the legal basis, what it signals to an investor, and a practical fix. If you are planning a fundraise in the next six months, a structured review against this list is a useful starting point.

What investors typically examine

ROC filings, MCA master data, shareholder register, ESOP policy and grant register, board minutes, founders agreement, fully diluted cap table, FEMA filings, and valuation reports.

What commonly triggers diligence issues

Unfiled statutory forms, cap table mismatches vs ROC records, undocumented equity events, FEMA reporting gaps, and missing or outdated shareholder and founders agreements.

Category 1 — Cap Table & Ownership

2. Cap Table & Ownership Red Flags

The cap table is the first document every investor examines. Discrepancies between your internal cap table and official ROC filings are the single most common and most damaging category of red flag in Indian startup diligence.

  • 1Cap table does not match ROC filings HIGHInvestors compare your Google Sheet/Excel cap table against your MCA master data and annual returns. Any difference in shareholder names, share counts, or share class signals either negligence or intent to deceive. Fix: Immediate rectification filing + updated share register.
  • 2Shares issued without board resolution HIGHEvery allotment — founder shares, angel round, SAFE conversion — requires a board resolution passed before the allotment date. Retroactive resolutions are legally fragile and spotted immediately. Fix: Legal opinion on backdating risk + prospective ratification where possible.
  • 3Missing Form PAS-3 for allotments HIGHReturn of allotment (PAS-3) must be filed within 30 days of each allotment. Unfiled PAS-3s mean your shares are not legally recognised. This is fatal in a due diligence. Fix: File with late fee + adjudication under MCA compounding.
  • 4Convertible notes not reflected in fully diluted cap table MEDIUMSAFEs, iSAFEs, CCPS, and convertible notes must appear in the fully diluted cap table. Investors modelling their entry price need to see conversion scenarios. Fix: Engage CS to rebuild the fully diluted model and validate against all term sheets.
  • 5Advisor equity issued without formal agreement MEDIUMAdvisor equity with no vesting schedule, no grant letter, and no documented contribution creates open-ended dilution that founders cannot clearly explain to investors. Fix: Execute properly dated advisor agreements with defined vesting schedules and contribution milestones. For unvested equity where no agreement exists, consider a buy-back or surrender of unvested shares with appropriate board approval and legal advice.
  • 6Founder share vesting not documented HIGHMost institutional investors require founder vesting to protect against a co-founder departure pre-Series A. If vesting is not documented in the founders agreement and ROC records, investors impose it via the term sheet at unfavourable rates. Fix: Amend founders agreement with vesting schedule before diligence opens.
  • 7Sweat equity issued without shareholder approval HIGHSweat equity under Section 54 of the Companies Act requires a special resolution. Equity issued to founders in lieu of salary without this resolution is legally void. Fix: Compounding with MCA + ratification via EGM.
  • 8Transfer of shares not reported to ROC MEDIUMEvery secondary share transfer between founders or early investors must be reflected in the share transfer register and updated in annual filings. Unrecorded transfers create phantom shareholders in the ROC database.
  • 9Incorrect face value on share certificates LOWShare certificates with wrong face value (₹1 vs ₹10) create reconciliation errors during valuation and pre-money cap table modelling. Fix: Issue corrected duplicate certificates with board resolution.
  • 10No right of first refusal (ROFR) clause documented MEDIUMInvestors routinely expect ROFR on secondary transfers. Absence of ROFR in the shareholders agreement is a negotiating red flag, not a legal defect, but it signals governance inexperience.
  • 11Pre-emptive rights not exercised or waived in writing MEDIUMWhen new shares are issued, existing shareholders with pre-emptive rights must formally waive them in writing. Oral waivers are unenforceable and create disputing shareholders at Series A.
  • 12Nominee director shares not disclosed LOWShares held in a nominee director's name without documented beneficial ownership disclosure create complications in investor due diligence on ultimate beneficial ownership (UBO).
Category 2 — ROC & MCA Filings

3. ROC & MCA Filing Red Flags

The MCA master data is publicly accessible. Every investor's legal team checks it within the first 24 hours of receiving your term sheet acceptance. Gaps here are discovered immediately — there is no hiding ROC compliance failures.

  • 13Annual return (MGT-7) not filed for one or more years HIGHAn unfiled annual return puts your company in default under the Companies Act. Investors see this as a sign the company is not being professionally managed. Fix: File all pending returns with late fees immediately.
  • 14Financial statements (AOC-4) not filed HIGHUnfiled financials mean your audited accounts are not in the public domain. Foreign investors cannot complete their KYC and AML checks without these. Fix: File immediately. If books are unaudited, engage CA urgently.
  • 15Registered office address not updated on MCA MEDIUMIf your company has moved offices without filing INC-22 or INC-22A, your registered office on MCA is wrong. Investors serving legal notices to the wrong address creates enormous risk at closing.
  • 16Director KYC (DIR-3 KYC) lapsed for one or more directors MEDIUMLapsed director KYC flags directors as inactive in the DIN database. Investors' legal teams flag this as a governance gap. Fix: File DIR-3 KYC annually for all directors.
  • 17DIN deactivated for a director who signed board resolutions HIGHIf a director's DIN was deactivated at the time they signed board resolutions or filed forms, those actions are legally questionable. Fix: Reactivate DIN + obtain legal opinion on impacted resolutions.
  • 18Incorrect authorised share capital on MCA vs internal records HIGHYour authorised capital must be equal to or greater than paid-up capital. If you issued more shares than your authorised capital allows, you are in violation of the Companies Act. Fix: EGM to increase authorised capital + SH-7 filing.
  • 19Missing Form MGT-14 for special resolutions MEDIUMEvery special resolution — ESOP adoption, alteration of MoA, conversion of share classes — requires MGT-14 filing within 30 days. Unfiled MGT-14s mean the special resolution has no legal standing.
  • 20No secretarial audit for applicable companies MEDIUMCertain companies (by paid-up capital or turnover) are mandated to conduct a secretarial audit. If your company has crossed these thresholds without conducting one, investors will flag this.
  • 21Company name reservation for a similar entity LOWInvestors sometimes discover MCA records of a sister entity or previous incorporation attempt with a similar name, raising questions about corporate structure complexity.
  • 22Delayed filing of charges with ROC MEDIUMIf your company has taken a secured loan and the charge has not been registered with ROC (CHG-1), the lender's interest is unprotected and the company is in default. This is a significant red flag for incoming equity investors.
A note on ROC compliance: ROC filings operate on fixed statutory deadlines. Most deficiencies in this category are not the result of deliberate non-compliance — they accumulate when a company grows faster than its compliance infrastructure keeps up. The important thing is that they can be systematically identified and rectified. A structured annual compliance review is the most effective way to ensure nothing falls through the cracks ahead of a fundraise.
Category 3 — ESOP Documentation

4. ESOP Documentation Red Flags

ESOP issues are the most emotionally charged red flags in a fundraise. They affect your team's trust and your valuation simultaneously. Every institutional investor will request your ESOP policy, grant register, and vesting schedules. Here is what they look for.

  • 23ESOP scheme not approved by special resolution HIGHSection 62(1)(b) of the Companies Act requires a special resolution (passed via postal ballot for most private companies) before any ESOP scheme is operative. Grants made before this resolution are legally void. Fix: Ratify via EGM + MGT-14 filing, and obtain legal opinion on affected grants.
  • 24No registered valuer report for ESOP exercise price determination HIGHFor private limited companies, the fair market value used to determine the ESOP exercise price should be certified by a registered valuer under the Companies Act 2013 (registered with the IBBI — Insolvency and Bankruptcy Board of India). Note: Rule 11UA of the Income Tax Rules applies separately for tax computation purposes at the time of exercise. Having neither a Companies Act valuation nor an IT-compliant FMV determination is a compounded red flag — investors will question the basis of every historical grant. Fix: Engage an IBBI-registered valuer to retrospectively document FMV at the time of each grant.
  • 25Grant letters not signed by employees HIGHAn ESOP grant letter is the individual employment contract for equity. Unsigned grant letters mean the employee has no documented entitlement. This creates liability at exit when employees claim larger grants. Fix: Collect countersigned grant letters from all current grantees.
  • 26ESOP pool larger than authorised share capital allows HIGHYour ESOP pool is reserved equity. If the fully diluted ESOP pool, when exercised, would exceed your authorised share capital, the exercise is legally impossible. Fix: Increase authorised capital to accommodate full exercise.
  • 27Vesting schedule not compliant with 1-year cliff minimum MEDIUMIndian regulations require a minimum vesting period of one year. ESOP schemes with immediate vesting or a cliff of less than 12 months are non-compliant under Companies (Share Capital and Debentures) Rules, 2014.
  • 28Departed employee options not lapsed per ESOP policy MEDIUMWhen employees leave, unvested options must lapse and return to the ESOP pool. If your records show departed employees as grantees, your cap table is inflated. Fix: Issue lapse notices and update the ESOP register.
  • 29SH-6 register not maintained MEDIUMEvery company with an ESOP scheme must maintain a statutory SH-6 register. Investors' legal teams request this as a standard document. Missing SH-6 is a compliance gap under the Companies Act.
  • 30ESOPs granted to individuals ineligible under the company's ESOP policy or applicable rules HIGHUnder Rule 12 of the Companies (Share Capital and Debentures) Rules 2014, certain categories of persons — including a director who either by himself or through relatives holds more than 10% of the outstanding equity shares of the company — are ineligible to receive ESOPs in a private limited company. Additionally, if the company's own board-approved ESOP policy specifies eligibility criteria (which it must, as a statutory requirement), grants made to individuals outside those criteria are void. Investors review grant letters against the ESOP policy to confirm every grantee was eligible at the time of grant. Fix: Review all historical grants against the eligibility provisions of both the statutory rules and the company's ESOP policy; obtain a legal opinion on any questionable grants.
Category 4 — FEMA & FDI Compliance

5. FEMA & FDI Compliance Red Flags

For startups that have taken foreign investment — from YC, US angels, Singapore family offices, or any non-resident investor — FEMA compliance is non-negotiable. The RBI has increased enforcement of FEMA violations. Foreign investors conduct FEMA due diligence as a precondition to wiring money.

Critical: FEMA violations cannot simply be "fixed." They require compounding with the RBI, which takes 3–6 months and involves public disclosure. A FEMA violation discovered in diligence can kill a deal that was otherwise fully agreed.
  • 31FC-GPR not filed within 30 days of foreign investment HIGHForm FC-GPR must be filed with the RBI (via the Authorised Dealer bank) within 30 days of receiving foreign investment and issuing shares. Unfiled FC-GPRs are FEMA violations. Fix: File late FC-GPR and commence compounding application.
  • 32Shares issued to foreign investor before receiving remittance HIGHUnder FEMA, shares can only be issued after the remittance has been received in India. Pre-allotment on a handshake — common with informal angel investors — is a violation.
  • 33Pricing not at or above fair market value for FDI HIGHForeign investment must be at or above the fair market value of shares as determined by a SEBI-registered Category I Merchant Banker or registered valuer. Discount issuances to foreign investors are FEMA-non-compliant.
  • 34Annual return on Foreign Liabilities and Assets (FLA) not filed MEDIUMThe FLA return must be filed annually with the RBI by 15 July. Startups with foreign investment who have not filed FLA returns for one or more years are technically in FEMA default. Fix: File outstanding FLA returns immediately with cover letter to RBI.
  • 35Foreign investment received in sectors under restricted FDI route HIGHCertain sectors (e-commerce, media, pharma) have FDI restrictions. If your startup received automatic-route foreign investment in a sector requiring government approval, the investment is illegal without RBI/FIPB ratification.
  • 36CCPS structure not compliant with FEMA pricing guidelines HIGHThe iSAFE/CCPS instrument is valid only when the pricing and conversion terms comply with FEMA Regulations 2017. Conversion clauses that create implied valuation discounts below FMV are FEMA violations.
  • 37No track record of FC-TRS filings for secondary transfers MEDIUMWhen shares transfer from a resident to a non-resident (or vice versa), FC-TRS must be filed. Secondary sales to foreign angels without FC-TRS are FEMA violations.
  • 38Entity structure includes a Delaware/Singapore flip with incomplete FEMA paperwork HIGHStartups that have flipped to a foreign holding structure must have documented the flip via the ODI (Overseas Direct Investment) route. An undocumented flip means the Indian entity's equity structure is legally uncertain.
Category 5 — Board Governance

6. Board Governance Red Flags

Board governance red flags are the subtlest category but carry the most reputational weight. They signal to investors whether a founding team runs a company or just a product. Every board decision requires documented evidence.

  • 39Board meetings not held at legally required intervals MEDIUMThe Companies Act requires a minimum of 4 board meetings per year, with no gap of more than 120 days between consecutive meetings. Startups that cannot produce minutes for all required meetings raise serious governance concerns.
  • 40Minutes books not maintained or unsigned HIGHBoard minutes must be recorded, circulated within 30 days, and signed by the Chairman at the next meeting. Unsigned or undated minutes have no legal standing and make every board decision challengeable.
  • 41No quorum recorded for critical resolutions HIGHResolutions passed without quorum (minimum 2 directors for most private companies) are void. Investors' legal teams check quorum compliance for every material resolution — share allotment, related party transactions, key hire approvals.
  • 42Related party transactions not approved by board HIGHLoans to founders, payments to founder-controlled entities, or contracts with related parties require prior board approval under Section 188. Unapproved RPTs are a red flag for investor protection violations.
  • 43Director appointment not filed with ROC (Form DIR-12) MEDIUMEvery director appointment must be filed with the ROC within 30 days. Investors frequently find independent directors or investor nominees appointed informally without DIR-12 filing, creating uncertainty about the board's legal composition.
  • 44No conflict of interest disclosure by directors LOWDirectors with interests in competing entities or vendors must disclose these under Section 184. Absence of such disclosures is a corporate governance red flag for institutional investors with fiduciary obligations.
  • 45Founders agreement not executed or outdated HIGHA founders agreement covering equity split, vesting, IP assignment, and non-compete is expected by every institutional investor. Absence of a founders agreement — or one drafted pre-incorporation that was never updated — signals founder relationship risk.
  • 46IP not formally assigned to the company HIGHIntellectual property developed by founders or employees before or during early employment must be formally assigned to the company via IP assignment agreements. Without these, the company does not own its own technology — this is a deal-breaker.
  • 47No statutory registers maintained (Register of Members, Directors, Charges) MEDIUMThe Companies Act mandates maintenance of specific statutory registers at the registered office. Investors request these as standard. Absence signals that the company is being run informally, not institutionally.

7. The BSA Pre-Fundraise Audit: 30-Day Fix Plan

The good news: 90% of red flags listed above are fully rectifiable before diligence begins. The key is timing. A pre-fundraise CS audit should happen at minimum 3 months before you send your first investor deck — and ideally at the start of every financial year.

Here is how BSA structures a 30-day pre-fundraise audit for Indian startups:

Week 1 — Audit & Triage

Full review of ROC filings, cap table, ESOP register, shareholder agreements, board minutes, and FEMA filings. Every gap is catalogued with severity and fix timeline.

Week 2 — Priority Fixes

File all pending ROC forms. Obtain missing board resolutions (where legally permissible). Reconcile cap table vs MCA data. Issue ESOP lapse notices for departed employees.

Week 3 — Documentation

Execute or update founders agreement. Collect unsigned grant letters. Obtain 11UA valuation certificates. Draft and file MGT-14 for any pending special resolutions.

Week 4 — Data Room Prep

Organise all documents in investor-ready data room format. Prepare a legal summary memo. Brief founders on red flags that cannot be fully resolved, with appropriate disclosures.

Our approach to pre-fundraise audits: The goal of a pre-fundraise CS audit is not to produce a clean certificate — it is to give founders a clear, honest picture of their compliance position before investors see it, with enough time to address what can be addressed and properly disclose what cannot. Red flags that are disclosed proactively with a resolution plan are treated very differently by investors than red flags that surface during diligence without warning.

Bhavya Sharma & Associates focuses on founder-facing company secretarial work — incorporation, fundraising compliance, ESOP structuring, FEMA filings, and ongoing statutory compliance for startups. If you would like to discuss a pre-fundraise review for your company, you are welcome to reach out.

8. Frequently Asked Questions

The most common red flags we find during Indian startup pre-fundraise audits are: mismatched cap tables versus ROC filings, missing board resolutions for share allotments, incomplete ESOP documentation (especially unsigned grant letters), undisclosed FEMA violations from foreign angel investments, and founders agreements that are either missing or were drafted at incorporation and never updated to reflect current equity and vesting reality.
A startup with well-maintained CS documentation can typically complete legal due diligence in 3–4 weeks. When significant gaps are found — particularly in cap table records, ROC filings, or ESOP documentation — diligence timelines extend considerably, sometimes to 8–12 weeks, as counsel works through rectification. Protracted diligence also increases deal uncertainty for both parties. The most effective mitigation is a pre-fundraise review conducted before the investor process begins, so that issues are known and addressed in advance rather than discovered mid-process.
Yes — and this is exactly what a pre-fundraise audit is for. Most CS red flags including missing board resolutions, ROC filing gaps, ESOP policy errors, and cap table mismatches are rectifiable before any investor sees your data room. FEMA violations are the exception: these require RBI compounding (3–6 months) and should be addressed at least 9 months before a planned fundraise. BSA recommends a CS audit at the beginning of the financial year you plan to raise.
A pre-fundraise CS audit is a structured review of your company's secretarial records, ROC filings, cap table, ESOP documentation, board resolutions, and regulatory compliance conducted by a company secretary before you approach investors. It identifies and fixes red flags before investors find them. BSA's pre-fundraise audit is customised to your company's stage and complexity. Contact us for a fixed-fee engagement proposal — most seed-stage audits are completed within 30 days.
Yes — every institutional investor, from seed angels to Series A VCs to international funds, will review ROC filings, board minutes, shareholder agreements, ESOP policies, and cap table documentation as a standard part of their legal due diligence. Foreign investors additionally verify FEMA and FDI compliance. The MCA master data is publicly accessible, meaning investors can check your filing history before you even share a data room link. There is no grey area here: CS records are examined in every formal fundraise.
A cap table is your internal working document showing all equity holders, share classes, and fully diluted ownership percentages. The share register (Register of Members) is a statutory document maintained under the Companies Act that records all shareholder details officially. The share register must be updated after every allotment and transfer. During due diligence, investors compare both — discrepancies between them are a major red flag regardless of which document is "correct."
If FEMA violations are discovered during diligence, the investor's legal team will typically issue a representation and warranty requirement or a price adjustment demand, or in serious cases withdraw from the transaction. The startup must then file a compounding application with the RBI, which requires public disclosure and payment of a compounding fee. The process takes 3–6 months. FEMA violations are the most damaging red flag category precisely because they cannot be quickly resolved — prevention (proper filing at the time of investment) is the only real solution.
Form FC-GPR (Foreign Currency — General Permission Route) is the RBI form that must be filed through your Authorised Dealer (AD) bank within 30 days of receiving foreign investment and issuing shares. It is the primary reporting mechanism for FDI compliance in India. Every startup that has received funding from a non-resident investor — including YC, US angels, and Singapore-based funds — must have FC-GPR filings on record for each investment round.
A founders agreement is not mandated by statute, but it is mandatory in practice for any startup seeking institutional funding. Every VC term sheet assumes the existence of a founders agreement covering equity split, vesting schedule, IP assignment, non-compete, and decision-making authority. Absence of a founders agreement — especially for a multi-founder startup — is treated as a governance red flag and a co-founder relationship risk by investors. BSA drafts founders agreements as a standard service for all new company incorporations.
Under Section 204 of the Companies Act, a secretarial audit is mandatory for listed companies, companies with paid-up capital of ₹50 crore or more, or companies with a turnover of ₹250 crore or more. However, even if your startup does not cross these thresholds, a voluntary secretarial audit (or pre-fundraise CS audit conducted by BSA) is strongly recommended before any fundraise. It gives investors confidence in your governance and identifies red flags proactively.

Prepare Your CS Records Before Investors Review Them

A pre-fundraise CS review gives you a clear picture of your compliance position — what is in order, what needs attention, and what requires disclosure — before your data room opens. Addressing issues on your own timeline is significantly easier than resolving them under diligence pressure.

Bhavya Sharma & Associates assists founders with pre-fundraise compliance reviews, ESOP structuring, FEMA filings, ROC compliance, and end-to-end company secretarial work for startups across India.

This guide is for general awareness only and does not constitute legal advice. The applicable law and regulatory requirements can vary by company structure, stage, and specific facts. Please consult a qualified company secretary or legal professional for advice specific to your situation.

Get in touch with BSA →
Tagged , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

×
Need Expert Guidance for Your Startup?
Speak with our advisors for corporate, tax, and compliance support. Tell us what you need and our team will get back to you shortly.
Talk to us!
Let’s Connect
close slider

    Request a Call back Now

    Please fill out the following information and we'll be in touch with you shortly.